The figure shows two independent network based VPNs interconnecting Agency sites with various forms of dial, broadband, and dedicated access to the contractor's network.

The service responds dynamically to threats and takes proactive and corrective actions to secure the network.

These measures include, for example, automatically terminating affected connections, blocking traffic from the originating host, and disconnecting ports.

IDPS supports a range of technical capabilities that are available in commercial offerings.

These include design and implementation services to allow the Agency and the contractor to discuss matters such as system recommendations, a baseline assessment, rules, signature sets, configurations, and escalation procedures.

The Networx contracts require a basic level of security management for its contractors that ensures compliance with Federal Government generally accepted security principles and practices, or better.

The contracts employ adequate and reasonable means to ensure and protect the integrity, confidentiality, and availability of Networx services, Operational Support Systems ( Agency networks, like their commercial counterparts, continue to be challenged with increasing security risks.

The service detects precursor activities such as unauthorized network probes, sweeps, and scans.

In addition, IDPS performs signature-based detection and analyze system activity for known attacks such as, but not limited to, buffer overflows, brute force, Denial of Service (DOS), and reconnaissance efforts.

IDPS serves as a component of the Agency's security infrastructure by providing an extra layer of protection for its internal networks.

The service enables the monitoring and identification of potential security threats, and helps reduce network service disruptions caused by malicious attacks.

Virtual paths called 'tunnels' are established within the network.