Intrusion Severity; Signature Actions - ZyXEL Communications Vantage CNM 2.3 User Manual

Chapter 6 Device Security Settings
Table 62 Device Operation > Device Configuration > Security > IDP > Signature >
Attack Types (continued)
TYPE
IM
VirusWorm
Porn
WebAttacks
SPAM

6.9.2 Intrusion Severity

Intrusions are assigned a severity level based on the following table. The intrusion
severity level then determines the default signature action.
Table 63 Device Operation > Device Configuration > Security > IDP > Signature >
Intrusion Severity
SEVERITY
Severe
High
Medium
Low
Very Low

6.9.3 Signature Actions

You can enable/disable individual signatures. You can log and/or have an alert
sent when traffic meets a signature criteria. You can also change the default action
178
DESCRIPTION
IM (Instant Messaging) refers to chat applications. Chat is real-time
communication between two or more users via networks-connected
computers. After you enter a chat (or chat room), any member can type
a message that will appear on the monitors of all the other participants.
A computer virus is a small program designed to corrupt and/or alter
the operation of other legitimate programs. A worm is a program that is
designed to copy itself from one computer to another on a network. A
worm's uncontrolled replication consumes system resources thus
slowing or stopping other tasks.
The IDP VirusWorm category refers to network-based viruses and
worms. The Anti-Virus (AV) screen refers to file-based viruses and
worms. Refer to the anti-virus chapter for additional information on file-
based anti-virus scanning in the device.
The device can block web sites if their URLs contain certain
pornographic words. It cannot block web pages containing those words
if the associated URL does not.
Web attack signatures refer to attacks on web servers such as IIS
(Internet Information Services).
Spam is unsolicited "junk" e-mail sent to large numbers of people to
promote products or services. Refer to the anti-spam chapter for more
detailed information.
DESCRIPTION
These are intrusions that try to run arbitrary code or gain system
privileges.
These are known serious vulnerabilities or intrusions that are probably not
false alarms.
These are medium threats, access control intrusions or intrusions that
could be false alarms.
These are mild threats or intrusions that could be false alarms.
These are possible intrusions caused by traffic such as Ping, trace route,
ICMP queries etc.
Vantage CNM User's Guide