ZyXEL Communications ZyWall USG 2000 User Manual page 510
Unified security gateway
Hide thumbs
Also See for ZyWall USG 2000:
- User manual (1114 pages) ,
- Manual (964 pages) ,
- Support notes (227 pages)
Table of Contents
Advertisement
Chapter 31 IDP
The following table describes the fields in this screen.
Table 153 Anti-X > IDP > Custom Signatures > Add/Edit
LABEL
Name
Signature ID
Information
Severity
Platform
Service
Policy Type
Frequency
Threshold
Header Options
Network Protocol
Type Of
Service
Identification
510
DESCRIPTION
Type the name of your custom signature. You may use 1-31
alphanumeric characters, underscores(
character cannot be a number. This value is case-sensitive.
Duplicate names can exist but it is advisable to use unique signature
names that give some hint as to intent of the signature and the type
of attack it is supposed to prevent. Refer to (but do not copy) the
packet inspection signature names for hints on creating a naming
convention.
A signature ID is automatically created when you click the Add icon
to create a new signature. You can edit the ID to create a new one (in
the 9000000 to 9999999 range), but you cannot use one that already
exists. You may want to do that if you want to order custom
signatures by SID.
Use the following fields to set general information about the
signature as denoted below.
The severity level denotes how serious the intrusion is. Categorize
the seriousness of the intrusion here. See
a reference.
Some intrusions target specific operating systems only. Select the
operating systems that the intrusion targets, that is, the operating
systems you want to protect from this intrusion. SGI refers to Silicon
Graphics Incorporated, who manufactures multi-user Unix
workstations that run the IRIX operating system (SGI's version of
UNIX). A router is an example of a network device.
Select the IDP service group that the intrusion exploits or targets.
See
Table 149 on page 500
custom signature then appears in that group in the IDP > Profile >
Group View screen.
Categorize the type of intrusion here. See
a reference.
Recurring packets of the same type may indicate an attack. Use the
following field to indicate how many packets per how many seconds
constitute an intrusion
Select Threshold and then type how many packets (that meet the
criteria in this signature) per how many seconds constitute an
intrusion.
Configure signatures for IP version 4.
Type of service in an IP header is used to specify levels of speed and/
or reliability. Some intrusions use an invalid Type Of Service
number. Select the check box, then select Equal or Not-Equal and
then type in a number.
The identification field in a datagram uniquely identifies the
datagram. If a datagram is fragmented, it contains a value that
identifies the datagram to which the fragment belongs. Some
intrusions use an invalid Identification number. Select the check
box and then type in the invalid number that the intrusion uses.
), or dashes (-), but the first
_
Table 147 on page 497
for a list of IDP service groups. The
Table 148 on page 499
ZyWALL USG 2000 User's Guide
as
as
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall USG 2000
Related Products for ZyXEL Communications ZyWall USG 2000
- ZyXEL Communications ZYWALL USG 20W
- ZyXEL Communications USG210
- ZyXEL Communications ZyWall USG20W-VPN
- ZyXEL Communications ZyWall USG20-VPN
- ZyXEL Communications ZYWALL USG 300
- ZyXEL Communications USG-50 - V2.21 ED 1
- ZyXEL Communications USG-100@USG-200 - V2.20 ED 2
- ZyXEL Communications USG-300 - V2.20 ED 2