Relationship between intrusion detection services and defensive filters

Communication Server's intrusion detection services (IDS) support enables you to detect scans of your TCP/IP stack and possible attacks. It also provides traffic regulation for TCP connections and UDP sockets. One action that can be taken when a scan or attack is detected, or traffic regulation is enforced, is to generate a message to report the event.

An external security information and event manager that is configured to receive messages from the TCP/IP stack's IDS function can analyze the messages and correlate the information with other information that it has received. Communication Server's IDS messages can be one of a number of inputs that an external security information and event manager uses to make the decision to add a defensive filter to the stack. If the external security information and event manager detects an attack, it can add defensive filters to the stack to block the attack. Defensive filter support can be enabled without enabling Communication Server's IDS support.

For more information about IDS support, see Intrusion detection services.