ZyXEL Communications USG FLEX H Series User Manual page 305

The following table describes the fields in this screen.
Table 152 Security Service > IPS
LABEL
General Settings
Enable
Statistics
Scan Mode
Prevention
Detection
Query Signatures
Name
Signature ID
Advanced Settings
Severity
Classification Type
Platform
Service
Action
Activation
Log
Query Result
Chapter 20 IPS
DESCRIPTION
Select this check box to activate the IPS feature which detects and prevents malicious
or suspicious packets and responds instantaneously.
Enable to have the Zyxel Device collect IPS statistics. All of the statistics are erased if you
restart the Zyxel Device or click Flush Data in Security Statistics > IPS.
Select this to have the Zyxel Device perform a user-specified action when a stream of
data matches a malicious signature.
Select this to have the Zyxel Device only create a log message when a stream of data
matches a malicious signature.
Type the name or part of the name of the signature(s) you want to find.
Type the ID or part of the ID of the signature(s) you want to find.
Search for signatures by severity level(s). Hold down the [Ctrl] key if you want to make
multiple selections.
These are the severities as defined in the Zyxel Device. The number in brackets is the
number you use if using commands.
Severe (16): These denote attacks that try to run arbitrary code or gain system privileges.
High (8): These denote known serious vulnerabilities or attacks that are probably not
false alarms.
Medium (4): These denote medium threats, access control attacks or attacks that could
be false alarms.
Low (2): These denote mild threats or attacks that could be false alarms.
Very-Low (1): These denote possible attacks caused by traffic such as Ping, trace route,
ICMP queries etc.
Search for signatures by attack type(s) (see
known as policy types in the group view screen. Hold down the [Ctrl] key if you want to
make multiple selections.
Search for signatures created to prevent intrusions targeting specific operating
system(s). Hold down the [Ctrl] key if you want to make multiple selections.
Search for signatures by IPS service group(s). See
details. Hold down the [Ctrl] key if you want to make multiple selections.
Search for signatures by the response the Zyxel Device takes when a packet matches a
signature.Hold down the [Ctrl] key if you want to make multiple selections.
Search for activated and/or inactivated signatures here.
Search for signatures by log option here.
The results are displayed in a table showing the Status, SID, Name, Severity,
Classification, Platform, Service, Log, and Action criteria as selected in the search. Click
the SID column header to sort search results by signature ID.
USG FLEX H Series User's Guide
305
Table 153 on page 307). Attack types are
Table 153 on page 307 for group