D-Link DFL-1660 User Manual page 280
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (595 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
6.5.6. IDP Signature Groups
IDP Signature Groups fall into a three level hierarchical structure. The top level of this hierarchy is
the signature Type, the second level the Category and the third level the Sub-Category. The
signature group called POLICY_DB_MSSQL illustrates this principle where Policy is the Type,
DB is the Category and MSSQL is the Sub-Category. These 3 signature components are explained
below:
1. Signature Group Type
The group type is one of the values IDS, IPS or Policy. These types are explained above.
2. Signature Group Category
This second level of naming describes the type of application or protocol. Examples are:
•
BACKUP
•
DB
•
DNS
•
FTP
•
HTTP
3. Signature Group Sub-Category
The third level of naming further specifies the target of the group and often specifies the application,
for example MSSQL. The Sub-Category may not be necessary if the Type and Category are
sufficient to specify the group, for example APP_ITUNES.
Listing of IDP Groups
A listing of IDP groupings can be found in Appendix B, IDP Signature Groups. The listing shows
group names consisting of the Category followed by the Sub-Category, since the Type could be any
of IDS, IPS or POLICY.
Processing Multiple Actions
For any IDP rule, it is possible to specify multiple actions and an action type such as Protect can be
repeated. Each action will then have one or more signatures or groups associated with it. When
signature matching occurs it is done in a top-down fashion, with matching for the signatures for the
first action specified being done first.
IDP Signature Wildcarding
When selecting IDP signature groups, it is possible to use wildcarding to select more than one
group. The "?" character can be used to wildcard for a single character in a group name.
Alternatively, the "*" character can be used to wildcard for any set of characters of any length in a
group name.
Caution: Use the minimum IDP signatures necessary
Do not use the entire signature database and avoid using signatures and signature
groups unnecessarily. Instead, use only those signatures or groups applicable to the
type of traffic you are trying to protect. For instance, using IDS_WEB*, IPS_WEB*,
IDS_HTTP* and IPS_HTTP* IDP groups would be appropriate for protecting an
HTTP server.
IDP traffic scanning creates an additional load on the hardware that in most cases
should not noticeably degrade performance. Using too many signatures during
280
Chapter 6. Security Mechanisms
Advertisement
Table of Contents
Troubleshooting
