C
H A P T E R
Prevention (IDP) Screens
14.1 Overview
An IDP system can detect malicious or suspicious packets and respond instantaneously. It can
detect anomalies based on violations of protocol standards (RFCs – Requests for Comments)
or traffic flows and abnormal flows such as port scans.
The following figure represents a typical business network consisting of a LAN, a DMZ
(DeMilitarized Zone) containing the company web, FTP, mail servers etc., a firewall and/or
NAT router connected to a broadband modem (M) for Internet access.
Figure 164 Network Intrusions
14.1.1 What You Can Do Using the IDP Screens
• Use the General screen
choose what traffic flows the ZyWALL checks for intrusions.
• Use the Signatures screens
signatures. The rules that define how to identify and respond to intrusions are called
signatures.
• Use the Anomaly screen
Detection and Prevention) settings
ZyWALL 5/35/70 Series User's Guide
Intrusion Detection and
(Section 14.2 on page
(Section 14.3 on page
(Section 14.4 on page
14
279) to enable IDP on the ZyWALL and
281) to configure the ZyWALL's
289) to configure the ADP (Anomaly
277