Table of Contents
Advertisement
The following table describes the fields in this screen.
Table 217 Configuration > Security Service > IDP
LABEL
General Settings
Enable
Query Signatures
Name
Signature ID
Search all custom
signatures
Severity
Classification Type
Platform
Service
Action
Activation
Log
Query Result
Custom Signature Rules
Add
Edit
Remove
Export
Chapter 30 IDP
DESCRIPTION
Select this check box to activate the IDP feature which detects and prevents malicious
or suspicious packets and responds instantaneously.
Type the name or part of the name of the signature(s) you want to find.
Type the ID or part of the ID of the signature(s) you want to find.
Select this check box to include signatures you created or imported in the Custom
Signatures screen in the search. You can search for specific signatures by name or ID. If
the name and ID fields are left blank, then all signatures are searched according to the
criteria you select.
Search for signatures by severity level(s). Hold down the [Ctrl] key if you want to make
multiple selections.
These are the severities as defined in the Zyxel Device. The number in brackets is the
number you use if using commands.
Severe (5): These denote attacks that try to run arbitrary code or gain system privileges.
High (4): These denote known serious vulnerabilities or attacks that are probably not
false alarms.
Medium (3): These denote medium threats, access control attacks or attacks that could
be false alarms.
Low (2): These denote mild threats or attacks that could be false alarms.
Very-Low (1): These denote possible attacks caused by traffic such as Ping, trace route,
ICMP queries etc.
Search for signatures by attack type(s) (see
known as policy types in the group view screen. Hold down the [Ctrl] key if you want to
make multiple selections.
Search for signatures created to prevent intrusions targeting specific operating
system(s). Hold down the [Ctrl] key if you want to make multiple selections.
Search for signatures by IDP service group(s). See
details. Hold down the [Ctrl] key if you want to make multiple selections.
Search for signatures by the response the Zyxel Device takes when a packet matches a
signature.Hold down the [Ctrl] key if you want to make multiple selections.
Search for activated and/or inactivated signatures here.
Search for signatures by log option here.
The results are displayed in a table showing the SID, Name, Severity, Classification Type,
Platform, Service, Log, and Action criteria as selected in the search. Click the SID column
header to sort search results by signature ID.
Use this part of the screen to create, edit, delete or export (save to your computer)
custom signatures.
Click this to create a new entry.
Select an entry and click this to be able to modify it.
Select an entry and click this to delete it.
To save an entry or entries as a file on your computer, select them and click Export. Click
Save in the file download dialog box and then select a location and name for the file.
Custom signatures must end with the 'rules' file name extension, for example,
MySig.rules.
ZyWALL ATP Series User's Guide
539
Table 218 on page
540). Attack types are
Table 218 on page 540
for group
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall ATP series
Related Products for ZyXEL Communications ZyWall ATP series
- ZyXEL Communications ZyWALL USG Series
- ZyXEL Communications ZyWALL 310
- ZyXEL Communications ZyWALL 310 Series
- ZyXEL Communications ZyWall ZLD Series
- ZyXEL Communications ZLD
- ZyXEL Communications ZyWALL ATP Series
- ZyXEL Communications ZyWALL 10
- ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0