Intrusion Severity; Signature Actions; Table 79 Security > Idp > Signature: Intrusion Severity - ZyXEL Communications ZYWALL 35 User Manual

Table 78 SECURITY > IDP > Signature: Attack Types (continued)
TYPE
P2P
IM
Virus/Worm
Porn
Web Attack
SPAM
Other

13.3.2 Intrusion Severity

Intrusions are assigned a severity level based on the following table. The intrusion severity
level then determines the default signature action.
Table 79 SECURITY > IDP > Signature: Intrusion Severity
SEVERITY
Severe
High
Medium
Low
Very Low

13.3.3 Signature Actions

You can enable/disable individual signatures. You can log and/or have an alert sent when
traffic meets a signature criteria. You can also change the default action to be taken when a
packet or stream matches a signature. The following figure and table describes these actions.
Note that in addition to these actions, a log may be generated or an alert sent, if those check
boxes are selected and the signature is enabled.
ZyWALL 5/35/70 Series User's Guide
DESCRIPTION
Peer-to-peer (P2P) is where computing devices link directly to each other and can
directly initiate communication with each other; they do not need an intermediary.
A device can be both the client and the server. In the ZyWALL, P2P refers to peer-
to-peer applications such as eMule, eDonkey, BitTorrent, iMesh etc.
IM (Instant Messaging) refers to chat applications. Chat is real-time
communication between two or more users via networks-connected computers.
After you enter a chat (or chat room), any member can type a message that will
appear on the monitors of all the other participants.
A computer virus is a small program designed to corrupt and/or alter the operation
of other legitimate programs. A worm is a program that is designed to copy itself
from one computer to another on a network. A worm's uncontrolled replication
consumes system resources thus slowing or stopping other tasks.
The IDP VirusWorm category refers to network-based viruses and worms. The
Anti-Virus (AV) screen refers to file-based viruses and worms. Refer to the anti-
virus chapter for additional information on file-based anti-virus scanning in the
ZyWALL.
The ZyWALL can block web sites if their URLs contain certain pornographic
words. It cannot block web pages containing those words if the associated URL
does not.
Web attack signatures refer to attacks on web servers such as IIS (Internet
Information Services).
Spam is unsolicited "junk" e-mail sent to large numbers of people to promote
products or services. Refer to the anti-spam chapter for more detailed information.
This category refers to signatures for attacks that do not fall into the previously
mentioned categories.
DESCRIPTION
These are intrusions that try to run arbitrary code or gain system privileges.
These are known serious vulnerabilities or intrusions that are probably not false
alarms.
These are medium threats, access control intrusions or intrusions that could be false
alarms.
These are mild threats or intrusions that could be false alarms.
These are possible intrusions caused by traffic such as Ping, trace route, ICMP
queries etc.
Chapter 13 Configuring IDP
283