Security and IPS
LucidView specialises in behaviour based Intrusion Prevention System (IPS) combined with Intrusion Detection System. Our Secure Internet Module is a formidable security tool designed with malicious malware and ransomeware attacks in mind. This Module examines all traffic connections entering and leaving your network and identifies anything that is anomalous. Once identified, the anomalous connection is killed off, preventing hackers from gaining push or pull remote access to your network.
build your enforcer
Activating the IPS on the LucidView App
This video demonstrates how, using the LucidView App and ISP or the customer can quickly protect themselves from intruders.
Behaviour based IDS & IPS with LucidView
LucidView specialises in behaviour based intrusion detection and prevention. Our IPS module examines all traffic connections, at how the traffic behaves on your network, identifying and eliminating any anomalies. Each and every connection that comes into or leaves your Network is analysed and categorised.
Behaviour based IPS is proactive. The Enforcer examines traffic patterns, looking for anything out of the ordinary. Any traffic and/or connections behaving oddly are immediately added to the “Security Risk” category and blocked.
Activating your IPS using the Portal
This video demonstrates how to activate the IPS feature through the LucidView portal as well as the importance of pulling a security report to ensure that you white list any IP addresses that are important to the running of your network.
Pull and Push Remote Protection
Pull Remote Protection – These are attempted attacks into your network by a remote hacker trying to gain access to your network, The LucidView Enforcer identifies these connections and eliminates them before they are able to infect the network or give a remote hacker control over the network.
Push Remote Protection – This refers to remote hackers that gain access via users from within the network, this can happen via a VPN, apps like WhatsApp, Telegram and even email. The user inadvertently allow the hacker to push a remote connection into your network. The LucidView Enfrorcer identifies these push remote connections and eliminates them.
The IPS module takes a variety of factors into consideration when protecting your network from unauthorised remote access, known malware and other security risks. Any good IPS solution is going to have false positives from time to time. Services such as VOIP servers and VPNs that have no DNS entries may be flagged as a security risk. These IP addresses can be added to whitelists in your LucidView MikroTik Portal so that they be ignored by the IPS module.
Example of Identifying Security Risk
The charts in this example provide an illustration of how the LucidView Enforcer examines and an analyses each connection coming into and leaving your network.
Using our own A.I. we have created the LucidView Enforcer. The Enforcer effectively assesses, in real time, when a connection is behaving “suspiciously”. If it is, the Enforcer automatically puts into the IPS Module. Thereby, blocking it and eliminating the threat to your network.
The LucidView IPS module identifies suspicious connections and immediately kills them off upon identification. Offering an extremely effective Intrusion Detection (IDS) and proactive Intrusion Prevention (IPS) for all customers.
How the IPS Security Module works
This is a detailed presentation of LucidView’s behaviour based IPS Security solution presented at the MikroTik Users Conference in February 2020.