Table of Contents
Advertisement
•
Click OK
If logging of intrusion attempts is desired, this can be configured by clicking in the Rule Actions
tab when creating an IDP rule and enabling logging. The Severity should be set to All in order to
match all SMTP attacks.
In summary, the following will occur: If traffic from the external network to the mail server occurs,
IDP will be activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature
group, the connection will be dropped, thus protecting the mail server.
Using Individual Signatures
The preceding example uses an entire IDP group name when enabling IDP. However, it is
possible to instead specify a single signature or a list of signatures for an IDP rule. Individual
signatures are identified by their unique number ID and multiple signatures are specified as a
comma separated list of these IDs.
For example, to specify signatures with the ID 68343, the CLI in the above example would
become:
gw-world:/IDPMailSrvRule> add IDPRuleAction
To specify a list which also includes signatures 68345 and 68349:
gw-world:/IDPMailSrvRule> add IDPRuleAction
Individual signatures are entered in a similar way when using the Web Interface.
IDP Traffic Shaping
IDP offers an excellent means of identifying different types of traffic flow through NetDefendOS
and the applications responsible for them. This ability is combined with the traffic management
features of NetDefendOS to provide IDP Traffic Shaping which can place bandwidth and priority
restrictions on the specific flows identified.
The IDP traffic shaping feature is discussed in depth in Section 10.2, "IDP Traffic Shaping".
6.6.8. SMTP Log Receiver for IDP Events
In order to receive notifications via email of IDP events, a SMTP Log receiver can be configured.
This email will contain a summary of IDP events that have occurred in a user-configurable period
of time.
When an IDP event occurs, the NetDefendOS will wait for Hold Time seconds before sending the
notification email. However, the email will only be sent if the number of events occurred in this
period of time is equal to, or bigger than the Log Threshold. When this email has been sent,
NetDefendOS will wait for Minimum Repeat Time seconds before sending a new email.
The IP Address of SMTP Log Receivers is Required
Action=Protect
Signatures=68343
Action=Protect
Signatures=68343,68345,68349
562
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
