The IPDS (Intrusion Prevention and Detection System) module system works like a Threat intelligence configured inside the load balancer, this threat intelligent is composed of a database of threats updated daily and saved in a package called “skudonet-ipds”, this package works as a database or data source for the SKUDONET IPDS security module.
The IPDS module adds advanced security features to your load balancer to protect your applications. These features include blacklists/whitelists, DoS protection, RBL and WAF/WAAP rules.
These rules are applied to packets as they first enter the load balancer, which helps to improve performance. The following flowchart shows how this process works:
Once we have explained how the IPDS module works let’s show how to download and maintain the security system up-to-date, in the following lines, we will show how the SKUDONET IPDS scheduler can be configured to download the IPDS database.
Status: Indicates the status of the IPDS package, represented by a colored indicator:
- Installed status: The IPDS package is installed and updated.
- Not installed status: The IPDS package is not installed, a Scheduler configuration should be required.
Rules Date: The date on which the currently installed IPDS rules were created.
Scheduled: The scheduled field indicates what time the ipds-package updates and by what frequency.
Mode: Indicates how often the update will occur or whether to disable the schedule. The available modes are:
- Disabled: Turns off the scheduled update, if it is already scheduled.
- Daily: Schedules the update to run every day. Enables the Frequency field to specify the number of hours between package updates.
- Weekly: Schedules the update to run once a week. Enables the Day of the Week field to specify on which day of the week to schedule the update. This could range from a Monday to a Sunday.
- Monthly: Schedules the update to run once a month. Enables the Day of the Month field to specify on which day of the month to schedule the update. (1 to 31)
Time: You can choose to update your packages at a specific time or to update specific packages, but only if the Mode is not Disabled and the Frequency, Day of the week, or the Day of the month field is not empty.
Frequency: The frequency of package updates depends on the mode selected. In daily mode, the frequency is specified in hours. In weekly mode, the day of the week is specified. In monthly mode, the day of the month is specified.
See how the frequency changes with its corresponding mode:
| Daily | Frequency |
| Weekly | Day of the week |
| Monthly | Day of the month |
When you have finished setting up the scheduler, click the Apply button to keep your changes, new list of elements will appear in the IPDS sections Blacklist, Dos, RBL and WAF.
In addition to the rules included in the skudonet-ipds package the users can create their own rules or use external rules. SKUDONET team recommends checking OWASP rules for modsecurity or blocklist projects like firehol. SKUDONET IPDS module has been developed with the idea of using our own data source, pointing to 3rd party data sources or open-source data sources. You can find on the Internet many open source projects for blocklists, RBLs or WAF rules, but we will always recommend using the included rules by the SKUDONET team in the skudonet-ipds package updated daily.
Next Article: IPDS | Blacklists
