Chapter 20 IPS
USG FLEX H Series User’s Guide
305
The following table describes the fields in this screen.
Table 152 Security Service > IPS
LABEL DESCRIPTION
General Settings
Enable Select this check box to activate the IPS feature which detects and prevents malicious
or suspicious packets and responds instantaneously.
Statistics Enable to have the Zyxel Device collect IPS statistics. All of the statistics are erased if you
restart the Zyxel Device or click Flush Data in Security Statistics > IPS.
Scan Mode
Prevention Select this to have the Zyxel Device perform a user-specified action when a stream of
data matches a malicious signature.
Detection Select this to have the Zyxel Device only create a log message when a stream of data
matches a malicious signature.
Query Signatures
Name Type the name or part of the name of the signature(s) you want to find.
Signature ID Type the ID or part of the ID of the signature(s) you want to find.
Advanced Settings
Severity Search for signatures by severity level(s). Hold down the [Ctrl] key if you want to make
multiple selections.
These are the severities as defined in the Zyxel Device. The number in brackets is the
number you use if using commands.
Severe (16): These denote attacks that try to run arbitrary code or gain system privileges.
High (8): These denote known serious vulnerabilities or attacks that are probably not
false alarms.
Medium (4): These denote medium threats, access control attacks or attacks that could
be false alarms.
Low (2): These denote mild threats or attacks that could be false alarms.
Very-Low (1): These denote possible attacks caused by traffic such as Ping, trace route,
ICMP queries etc.
Classification Type Search for signatures by attack type(s) (see Table 153 on page 307). Attack types are
known as policy types in the group view screen. Hold down the [Ctrl] key if you want to
make multiple selections.
Platform Search for signatures created to prevent intrusions targeting specific operating
system(s). Hold down the [Ctrl] key if you want to make multiple selections.
Service Search for signatures by IPS service group(s). See Table 153 on page 307 for group
details. Hold down the [Ctrl] key if you want to make multiple selections.
Action Search for signatures by the response the Zyxel Device takes when a packet matches a
signature.Hold down the [Ctrl] key if you want to make multiple selections.
Activation Search for activated and/or inactivated signatures here.
Log Search for signatures by log option here.
Query Result The results are displayed in a table showing the Status, SID, Name, Severity,
Classification, Platform, Service, Log, and Action criteria as selected in the search. Click
the SID column header to sort search results by signature ID.
To Next Page
Loading...
