Idp; Chapter 31 Idp; Overview; What You Can Do Using The Idp Screens - ZyXEL Communications ZyWall USG 2000 User Manual

C
H A P T E R

31.1 Overview

This chapter introduces packet inspection IDP (Intrusion, Detection and
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom
signatures and updating signatures. An IDP system can detect malicious or
suspicious packets and respond instantaneously. IDP on the ZyWALL protects
against network-based intrusions.

31.1.1 What You Can Do Using the IDP Screens

• Use the Anti-X > IDP > General screen
IDP on or off, bind IDP profiles to traffic directions, and view registration and
signature information. Click the Add or Edit icon in this screen to bind an IDP
profile to a traffic direction.
• Use the Anti-X > IDP > Profile screen
new profile, edit an existing profile or delete an existing profile.
• Use the Anti-X > IDP > Custom Signature screens
506) to create a new signature, edit an existing signature, delete existing
signatures or save signatures to your computer.

31.1.2 What You Need To Know About IDP

Packet Inspection Signatures
A signature identifies a malicious or suspicious packet and specifies an action to
be taken. You can change the action in the profile screens. Packet inspection
signatures examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created
for known attacks while anomaly detection looks for abnormal behavior (see
Chapter 32 on page
Zone
A zone is a combination of ZyWALL interfaces and VPN connections used for
configuring security. See the zone chapter for details on zones and the interfaces
chapter for details on interfaces.
ZyWALL USG 2000 User's Guide
(Section 31.3 on page
521).
31
(Section 31.2 on page 489) to turn
492) to add a
(Section 31.8 on page

IDP

487