Adp; Overview; Adp And Idp Comparison; What You Can Do Using The Adp Screens - ZyXEL Communications ZyWALL USG 100 Series User Manual

C
H A P T E R

31.1 Overview

This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and
applying an ADP profile to a traffic direction. ADP protects against anomalies based on
violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as
port scans.

31.1.1 ADP and IDP Comparison

1 ADP anomaly detection is in general effective against abnormal behavior while IDP
packet inspection signatures are in general effective for known attacks (see
on page 493
2 ADP traffic and anomaly rules are updated when you upload new firmware. This is
different from the IDP packet inspection signatures and the system protect signatures
you download from myZyXEL.com.

31.1.2 What You Can Do Using the ADP Screens

• Use Anti-X > ADP > General
off and apply anomaly profiles to traffic directions.
• Use Anti-X > ADP > Profile
existing profile or delete an existing profile.

31.1.3 What You Need To Know About ADP

Traffic Anomalies
Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or
network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be updated
when you upload new firmware.
Protocol Anomalies
Protocol anomalies are packets that do not comply with the relevant RFC (Request For
Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP
Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new
firmware.
ZyWALL USG 100/200 Series User's Guide
for information on packet inspection).
(Section 31.2 on page
(Section 31.3 on page
31

ADP

Chapter 30
522) to turn anomaly detection on or
524) to add a new profile, edit an
521