Chapter 21 Idp; Overview; What You Can Do In This Chapter; What You Need To Know - ZyXEL Communications NXC5200 User Manual

C
H A P T E R

21.1 Overview

This chapter introduces packet inspection IDP (Intrusion Detection and
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures
and updating signatures. An IDP system can detect malicious or suspicious
packets and respond instantaneously. IDP on the NXC protects against network-
based intrusions.

21.1.1 What You Can Do in this Chapter

• The General screen
profiles to traffic directions, and displays registration and signature information.
• The Profile screen
existing profile or deletes an existing profile.
• The Custom Signature screens
signature, edit an existing signature, delete existing signatures or save
signatures to your computer.

21.1.2 What You Need To Know

The following terms and concepts may help as you read this chapter.
Packet Inspection Signatures
A signature identifies a malicious or suspicious packet and specifies an action to be
taken. You can change the action in the profile screens. Packet inspection
signatures examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created
for known attacks while anomaly detection looks for abnormal behavior.
Zone
A zone is a combination of NXC interfaces used for configuring security. See the
zone chapter for details on zones and the interfaces chapter for details on
interfaces.
NXC5200 User's Guide
(Section 21.2 on page
(Section 21.3 on page 307) adds a new profile, edits an
(Section 21.7 on page
21
304) turns IDP on or off, binds IDP
321) create a new
IDP
303