Setting Up Idp - D-Link NetDefendOS User Manual

Network security firewall

Hide thumbs Also See for NetDefendOS:

Table of Contents

application, for example MSSQL. The Sub-Category may not be necessary if the Type and

Category are sufficient to specify the group, for example APP_ITUNES.

Listing of IDP Groups

A listing of IDP groupings can be found in Appendix B, IDP Signature Groups. The listing shows

group names consisting of the Category followed by the Sub-Category, since the Type could be

any of IDS, IPS or POLICY.

Processing Multiple Actions

For any IDP rule, it is possible to specify multiple actions and an action type such as Protect can

be repeated. Each action will then have one or more signatures or groups associated with it.

When signature matching occurs it is done in a top-down fashion, with matching for the

signatures for the first action specified being done first.

IDP Signature Wildcarding

When selecting IDP signature groups, it is possible to use wildcarding to select more than one

group. The "?" character can be used to wildcard for a single character in a group name.

Alternatively, the "*" character can be used to wildcard for any set of characters of any length in a

6.6.7. Setting Up IDP

The steps for setting up IDP are as follows:

Create an IDP Rule object which identifies the traffic to be processed.

Add one or more IDP RUle Action objects to the rule which specify:

The IDP signatures to be used when scanning the traffic targeted by the rule.

The action to take when a signature triggers.

IDP Blacklisting

The Protect option includes the option that the particular host or network that triggers the IDP

Rule can be added to a Blacklist of offending traffic sources. This means that all subsequent traffic

Caution: Use the minimum IDP signatures necessary

Do not use the entire signature database and avoid using signatures and signature

groups unnecessarily. Instead, use only those signatures or groups applicable to the type

of traffic being protected.

For example, using only the IDP groups IDS_WEB*, IPS_WEB*, IDS_HTTP* and

IPS_HTTP* would be appropriate for protecting an HTTP server.

IDP traffic scanning creates an additional load on the hardware that, in most cases,

should not noticeably degrade performance. Using too many signatures during

scanning can make the load on the hardware unnecessarily high, adversely affecting

Chapter 6: Security Mechanisms

Show Quick Links

Table of Contents