ZyWALL 5/35/70 Series User’s Guide
277
CHAPTER 14
Intrusion Detection and
Prevention (IDP) Screens
14.1 Overview
An IDP system can detect malicious or suspicious packets and respond instantaneously. It can
detect anomalies based on violations of protocol standards (RFCs – Requests for Comments)
or traffic flows and abnormal flows such as port scans.
The following figure represents a typical business network consisting of a LAN, a DMZ
(DeMilitarized Zone) containing the company web, FTP, mail servers etc., a firewall and/or
NAT router connected to a broadband modem (M) for Internet access.
Figure 164 Network Intrusions
14.1.1 What You Can Do Using the IDP Screens
• Use the General screen (Section 14.2 on page 279) to enable IDP on the ZyWALL and
choose what traffic flows the ZyWALL checks for intrusions.
• Use the Signatures screens (Section 14.3 on page 281) to configure the ZyWALL’s
signatures. The rules that define how to identify and respond to intrusions are called
signatures.
• Use the Anomaly screen (Section 14.4 on page 289) to configure the ADP (Anomaly
Detection and Prevention) settings
To Next Page
Loading...
