Policy Types - ZyXEL Communications ZYWALL USG 2000 Manual

Table 147 Anti-X > IDP > Profile > Group View (continued)
LABEL
Cancel
Save

30.6.1 Policy Types

This section describes IDP policy types, also known as attack types, as categorized
in the ZyWALL. You may refer to these types when categorizing your own custom
rules.
Table 148 Policy Types
POLICY TYPE
P2P
IM
SPAM
DoS/DDoS
Scan
ZyWALL USG 2000 User's Guide
DESCRIPTION
Click Cancel to return to the profile summary page without saving any
changes.
If you want to configure more than one screen for an IDP profile, click
Save to save the configuration to the ZyWALL, but remain in the same
page. You may then go to another profile screen (tab) in order to complete
the profile. Click OK in the final profile screen to complete the profile.
DESCRIPTION
Peer-to-peer (P2P) is where computing devices link directly to each
other and can directly initiate communication with each other; they
do not need an intermediary. A device can be both the client and the
server. In the ZyWALL, P2P refers to peer-to-peer applications such
as e-Mule, e-Donkey, BitTorrent, iMesh, etc.
IM (Instant Messenger) refers to chat applications. Chat is real-time,
text-based communication between two or more users via networks-
connected computers. After you enter a chat (or chat room), any
room member can type a message that will appear on the monitors of
all the other participants.
Spam is unsolicited "junk" e-mail sent to large numbers of people to
promote products or services.
The goal of Denial of Service (DoS) attacks is not to steal
information, but to disable a device or network on the Internet.
A Distributed Denial of Service (DDoS) attack is one in which multiple
compromised systems attack a single target, thereby causing denial
of service for users of the targeted system.
A scan describes the action of searching a network for an exposed
service. An attack may then occur once a vulnerability has been
found. Scans occur on several network levels.
A network scan occurs at layer-3. For example, an attacker looks for
network devices such as a router or server running in an IP network.
A scan on a protocol is commonly referred to as a layer-4 scan. For
example, once an attacker has found a live end system, he looks for
open ports.
A scan on a service is commonly referred to a layer-7 scan. For
example, once an attacker has found an open port, say port 80 on a
server, he determines that it is a HTTP service run by some web
server application. He then uses a web vulnerability scanner (for
example, Nikto) to look for documented vulnerabilities.
Chapter 30 IDP
501