Adp; Chapter 31 Adp; Overview; Adp And Idp Comparison - ZyXEL Communications ZyWALL USG 300 User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 300:
- User manual (1156 pages) ,
- Quick start manual (128 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
C
H A P T E R
31.1 Overview
This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and
applying an ADP profile to a traffic direction. ADP protects against anomalies based on
violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as
port scans.
31.1.1 ADP and IDP Comparison
1 ADP anomaly detection is in general effective against abnormal behavior while IDP
packet inspection signatures are in general effective for known attacks (see
on page 463
2 ADP traffic and anomaly rules are updated when you upload new firmware. This is
different from the IDP packet inspection signatures and the system protect signatures
you download from myZyXEL.com.
31.1.2 What You Can Do Using the ADP Screens
• Use Anti-X > ADP > General
off and apply anomaly profiles to traffic directions.
• Use Anti-X > ADP > Profile
existing profile or delete an existing profile.
31.1.3 What You Need To Know About ADP
Traffic Anomalies
Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or
network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be
updated when you upload new firmware.
Protocol Anomalies
Protocol anomalies are packets that do not comply with the relevant RFC (Request For
Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP
Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new
firmware.
ZyWALL USG 300 User's Guide
for information on packet inspection).
(Section 31.2 on page
(Section 31.3 on page
31
ADP
Chapter 30
494) to turn anomaly detection on or
496) to add a new profile, edit an
493
Advertisement
Table of Contents
Troubleshooting
