ZyWALL USG Series User’s Guide
714
CHAPTER 38
IDP
38.1 Overview
This chapter introduces packet inspection IDP (Intrusion, Detection and Prevention), IDP profiles, binding
an IDP profile to a traffic flow, custom signatures and updating signatures. An IDP system can detect
malicious or suspicious packets and respond instantaneously. IDP on the Zyxel Device protects against
network-based intrusions.
38.1.1 What You Can Do in this Chapter
• Use the UTM Profile > IDP > Profile screen (Section 38.2 on page 715) to view registration and signature
information. Click the Add icon to create a new profile from a base IDP profile. Select an existing
profile and click the Edit icon to change the profile, or click the Remove icon to delete it.
• Use the UTM Profile > IDP > Custom Signature screens (Section 38.3 on page 726) to create a new
custom signature, edit an existing signature, delete existing signatures or save signatures to your
computer.
38.1.2 What You Need To Know
Packet Inspection Signatures
A signature is a pattern of malicious or suspicious packet activity. You can specify an action to be taken
if the system matches a stream of data to a malicious signature. You can change the action in the
profile screens. Packet inspection examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created for known attacks
while anomaly detection looks for abnormal behavior.
Applying Your IDP Configuration
Changes to the Zyxel Device’s IDP settings affect new sessions, but not the sessions that already existed
before you applied the changed settings.
38.1.3 Before You Begin
• Register for a trial IDP subscription in the Registration screen. This gives you access to free signature
updates. This is important as new signatures are created as new attacks evolve. When the trial
subscription expires, purchase and enter a license key using the same screens to continue the
subscription.
To Next Page
Loading...
