Table of Contents
Advertisement
Chapter 14 Intrusion Detection and Prevention (IDP) Screens
• Use the Update screen
new signature downloads.
• Use the Backup & Restore screen
with your custom configured settings, restore previously saved IDP signatures (with your
custom configured settings) or revert to the original ZSRT-defined signature Active, Log,
Alert and/or Action settings.
14.1.2 What You Need To Know About the ZyWALL IDP
Network Intrusions
The ZyWALL Internet Security Appliance is designed to protect against network-based
intrusions. Network-based intrusions have the goal of bringing down a network or networks by
attacking computer(s), switch(es), router(s) or modem(s). If a LAN switch is compromised for
example, then the whole LAN is compromised (see
"network-based intrusions" are SQL slammer, Blaster, Nimda, MyDoom etc.
IDP and Interfaces
As packets appear at an interface they are passed to the IDP detection engine, which
determines whether they are malicious or not. If a malicious packet is detected, an action is
taken. The remaining packets that make up that particular TCP session are also discarded.
You can change the default actions in the Signature and Anomaly screens
page 281
traffic coming from either WAN interface to the LAN.
Figure 165 Applying IDP to Interfaces
See
Section 14.2 on page 279
interfaces.
278
(Section 14.5 on page
and
Figure 172 on page
290). In the following figure the ZyWALL is set to check
for more information on how to apply IDP to ZyWALL
291) to immediately download or schedule
(Section 14.6 on page
293) to back up IDP signatures
Figure 164 on page
ZyWALL 5/35/70 Series User's Guide
277). Typical
(Figure 14.3 on
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
