Idp; Chapter 30 Idp; Overview; What You Can Do In This Chapter - ZyXEL Communications ZyWall ATP series User Manual

30.1 Overview

This chapter introduces packet inspection IDP (Intrusion, Detection and Prevention), custom signatures,
and updating signatures. An IDP system can detect malicious or suspicious packets and respond
instantaneously. IDP on the Zyxel Device protects against network-based intrusions.

30.1.1 What You Can Do in this Chapter

• Use the Security Service > IDP screen
information.
• Use the Security Service > IDP > Custom Signature > Add screens
a new custom signature, edit an existing signature, delete existing signatures or save signatures to
your computer.

30.1.2 What You Need To Know

Packet Inspection Signatures
A signature identifies a malicious or suspicious packet and specifies an action to be taken. You can
change the action in the profile screens. Packet inspection signatures examine OSI (Open System
Interconnection) layer-4 to layer-7 packet contents for malicious data. Generally, packet inspection
signatures are created for known attacks while anomaly detection looks for abnormal behavior.
Applying Your IDP Configuration
Changes to the Zyxel Device's IDP settings affect new sessions (not the sessions that already existed
before you applied the changed settings).

30.1.3 Before You Begin

• Register for a trial IDP subscription in the Registration screen. This gives you access to free signature
updates. This is important as new signatures are created as new attacks evolve. When the trial
subscription expires, purchase and enter a license key using the same screens to continue the
subscription.

30.2 The IDP Screen

An IDP profile is a set of packet inspection signatures.
(Section 30.2 on page
ZyWALL ATP Series User's Guide
537
C
H A P T E R
537) to view registration and signature
(Section 30.3 on page
30

IDP

543) to create