D-Link NetDefendOS User Manual page 561

Specify the Rule Action:
gw-world:/> cc IDPRule IDPMailSrvRule
gw-world:/IDPMailSrvRule> add IDPRuleAction
Web Interface
Create an IDP Rule:
This IDP rule is called IDPMailSrvRule, and applies to the SMTP service. Source Interface and Source
Network define where traffic is coming from, in this example, the external network. The
Destination Interface and Destination Network define where traffic is directed to, in this case the
mail server. Destination Network should therefore be set to the object defining the mail server.
1. Go to: Policies > Intrusion Prevention > IDP Rules > Add > IDP Rule
2. Now enter:
• Name: IDPMailSrvRule
• Service: smtp
• Also inspect dropped packets: In case all traffic matching this rule should be scanned
(this also means traffic that the main rule set would drop), the Protect against
insertion/evasion attacks checkbox should be checked, which is the case in this
example.
• Source Interface: wan
• Source Network: wannet
• Destination Interface: dmz
• Destination Network: ip_mailserver
• Click OK
Specify the Action:
An action now needs to be defined for the rule which specifies what signatures the IDP should
use when scanning data triggering rule and what NetDefendOS should do when a possible
intrusion is detected. In this example, intrusion attempts will cause the connection to be
dropped so the Action property is set to Protect.
The Signatures option is set to IPS_MAIL_SMTP in order to use signatures that describe attacks
from the external network that are based on the SMTP protocol.
1. Select the Rule Action for the IDP rule
2. Now enter:
• Action: Protect
• Signatures: IPS_MAIL_SMTP
Name=IDPMailSrvRule
Action=Protect
Signatures=IPS_MAIL_SMTP
561
Chapter 6: Security Mechanisms