6.5.8. SMTP Log Receiver for IDP
Events
If logging of intrusion attempts is desired, this can be configured in the Log Settings tab.
Create IDP Action:
When this IDP Rule has been created, an action must also be created, specifying what signatures the IDP should
use when scanning data matching the IDP Rule, and what NetDefendOS should do in case an intrusion is
discovered. Intrusion attempts should cause the connection to be dropped, so Action is set to Protect. Severity is
set to Attack, in order to match all SMTP attacks. Signatures is set to IPS_MAIL_SMTP in order to use
signatures that describe attacks from the external network, dealing with the SMTP protocol.
1.
Go to IDP > IDP Rules > IDPMailSrvRule > Add > IDP Rule Action
2.
Now enter:
•
Action: Protect
•
Severity: All
•
Signatures: IPS_MAIL_SMTP
•
Click OK
In summary, the following will occur: If traffic from the external network to the mail server occurs, IDP will be
activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature group, the connection will be
dropped, thus protecting the mail server.
275
Chapter 6. Security Mechanisms