D-Link DFL-260E User Manual for DFL-260E - Page 350
IDP Actions, Listing of IDP Groups, Processing Multiple Actions, IDP Signature Wildcarding
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 350 highlights
6.5.7. IDP Actions Chapter 6. Security Mechanisms This second level of naming describes the type of application or protocol. Examples are: • BACKUP • DB • DNS • FTP • HTTP 3. Signature Group Sub-Category The third level of naming further specifies the target of the group and often specifies the application, for example MSSQL. The Sub-Category may not be necessary if the Type and Category are sufficient to specify the group, for example APP_ITUNES. Listing of IDP Groups A listing of IDP groupings can be found in Appendix B, IDP Signature Groups. The listing shows group names consisting of the Category followed by the Sub-Category, since the Type could be any of IDS, IPS or POLICY. Processing Multiple Actions For any IDP rule, it is possible to specify multiple actions and an action type such as Protect can be repeated. Each action will then have one or more signatures or groups associated with it. When signature matching occurs it is done in a top-down fashion, with matching for the signatures for the first action specified being done first. IDP Signature Wildcarding When selecting IDP signature groups, it is possible to use wildcarding to select more than one group. The "?" character can be used to wildcard for a single character in a group name. Alternatively, the "*" character can be used to wildcard for any set of characters of any length in a group name. Caution: Use the minimum IDP signatures necessary Do not use the entire signature database and avoid using signatures and signature groups unnecessarily. Instead, use only those signatures or groups applicable to the type of traffic being protected. For example, using only the IDP groups IDS_WEB*, IPS_WEB*, IDS_HTTP* and IPS_HTTP* would be appropriate for protecting an HTTP server. IDP traffic scanning creates an additional load on the hardware that, in most cases, should not noticeably degrade performance. Using too many signatures during scanning can make the load on the hardware unnecessarily high, adversely affecting throughput. 6.5.7. IDP Actions Action Options 350