62 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
In order for a specific signature to detect an attack and to block it, it must have
block response enabled. To simplify the deployment of the
products in real-life environments, the IBM Security X-Force team specifies
default block responses for those signatures in each X-Press Update (XPU)
where they recommend blocking to be enabled. Administrators can then decide
whether they want to trust the X-Force default block responses. For more
information about this option, see Chapter 4, “IBM Security Network IPS solution
design and management” on page 103.
By using the X-Force Virtual Patch menu option, an administrator can change
this setting, as shown in Figure 2-16.
Figure 2-16 X-Force Virtual Patch policy editor
Individual block responses for specific signatures can still be modified by using
the policy editor in the
Security Events menu option as explained in 2.4,
“Enforcing intrusion prevention policies” on page 64.
2.3.3 Advanced IPS
With the Advanced IPS options on the IBM Security Network IPS appliance, you
can configure settings that tune IPS settings specifically to meet the security
requirements of your organization. The configuration options are available for
protection domains, security events, user-defined events, open signatures, and
connection events. They also enable the setting of global and local tuning