Chapter 14 Intrusion Detection and Prevention (IDP) Screens
ZyWALL 5/35/70 Series User’s Guide
278
• Use the Update screen (Section 14.5 on page 291) to immediately download or schedule
new signature downloads.
• Use the Backup & Restore screen (Section 14.6 on page 293) to back up IDP signatures
with your custom configured settings, restore previously saved IDP signatures (with your
custom configured settings) or revert to the original ZSRT-defined signature Active, Log,
Alert and/or Action settings.
14.1.2 What You Need To Know About the ZyWALL IDP
Network Intrusions
The ZyWALL Internet Security Appliance is designed to protect against network-based
intrusions. Network-based intrusions have the goal of bringing down a network or networks by
attacking computer(s), switch(es), router(s) or modem(s). If a LAN switch is compromised for
example, then the whole LAN is compromised (see Figure 164 on page 277). Typical
“network-based intrusions” are SQL slammer, Blaster, Nimda, MyDoom etc.
IDP and Interfaces
As packets appear at an interface they are passed to the IDP detection engine, which
determines whether they are malicious or not. If a malicious packet is detected, an action is
taken. The remaining packets that make up that particular TCP session are also discarded.
You can change the default actions in the Signature and Anomaly screens (Figure 14.3 on
page 281 and Figure 172 on page 290). In the following figure the ZyWALL is set to check
traffic coming from either WAN interface to the LAN.
Figure 165 Applying IDP to Interfaces
See Section 14.2 on page 279 for more information on how to apply IDP to ZyWALL
interfaces.
To Next Page
Loading...
