Idp Technical Reference; Figure 403 Custom Signature Log - ZyXEL Communications ZyWALL USG 100 Series User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 100 Series:
- Quick start manual (128 pages) ,
- Release note (19 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Figure 403 Custom Signature Log
30.9 IDP Technical Reference
This section contains some background information on IDP.
Host Intrusions
The goal of host-based intrusions is to infiltrate files on an individual computer or server in
with the goal of accessing confidential information or destroying information on a computer.
You must install a host IDP directly on the system being protected. It works closely with the
operating system, monitoring and intercepting system calls to the kernel or APIs in order to
prevent attacks as well as log them.
Disadvantages of host IDPs are that you have to install them on each device (that you want to
protect) in your network and due to the necessarily tight integration with the host operating
system, future operating system upgrades could cause problems.
Network Intrusions
Network-based intrusions have the goal of bringing down a network or networks by attacking
computer(s), switch(es), router(s) or modem(s). If a LAN switch is compromised for example,
then the whole LAN is compromised. Host-based intrusions may be used to cause network-
based intrusions when the goal of the host virus is to propagate attacks on the network, or
attack computer/server operating system vulnerabilities with the goal of bringing down the
computer/server. Typical "network-based intrusions" are SQL slammer, Blaster, Nimda
MyDoom etc.
Snort Signatures
You may want to refer to open source Snort signatures when creating custom ZyWALL ones.
Most Snort rules are written in a single line. Snort rules are divided into two logical sections,
the rule header and the rule options as shown in the following example:
alert tcp any any -> 192.168.1.0/24 111 (content:"|00 01 a5|";
msg:"mountd access";)
The text up to the first parenthesis is the rule header and the section enclosed in parenthesis
contains the rule options. The words before the colons in the rule options section are the option
keywords. The rule header contains the rule's:
• Action
• Protocol
ZyWALL USG 100/200 Series User's Guide
Chapter 30 IDP
519
- Quick Links:
- Getting Started
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
