D-Link DFL-260E User Manual for DFL-260E - Page 354
Using Individual Signatures, IDP Traffic Shaping, add IDPRuleAction, Action=Protect, IDPServity=All
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 354 highlights
6.5.8. SMTP Log Receiver for IDP Events Chapter 6. Security Mechanisms • Destination Network: ip_mailserver • Click OK Specify the Action: An action is now defined, specifying what signatures the IDP should use when scanning data matching the rule, and what NetDefendOS should do when a possible intrusion is detected. In this example, intrusion attempts will cause the connection to be dropped, so Action is set to Protect. The Signatures option is set to IPS_MAIL_SMTP in order to use signatures that describe attacks from the external network that are based on the SMTP protocol. 1. Select the Rule Action tab for the IDP rule 2. Now enter: • Action: Protect • Signatures: IPS_MAIL_SMTP • Click OK If logging of intrusion attempts is desired, this can be configured by clicking in the Rule Actions tab when creating an IDP rule and enabling logging. The Severity should be set to All in order to match all SMTP attacks. In summary, the following will occur: If traffic from the external network to the mail server occurs, IDP will be activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature group, the connection will be dropped, thus protecting the mail server. Using Individual Signatures The preceding example uses an entire IDP group name when enabling IDP. However, it is possible to instead specify indvidual signatures or a list of signatures for an IDP rule. Individual signatures are identified by their unique number ID and multiple signatures is specified as a comma separated list of these IDs. For example, to specify signatures with the ID 68343, the CLI in the above example would become: gw-world:/IDPMailSrvRule> add IDPRuleAction Action=Protect IDPServity=All Signatures=68343 To specify a list which also includes signatures 68345 and 68349: gw-world:/IDPMailSrvRule> add IDPRuleAction Action=Protect IDPServity=All Signatures=68343,68345,68349 Individual signatures are entered in a similar way when using the Web Interface. IDP Traffic Shaping IDP offers an excellent means of identifying different types of traffic flow through NetDefendOS and the applications responsible for them. This ability is combined with the traffic management features of NetDefendOS to provide IDP Traffic Shaping which can place bandwidth and priority restrictions on the specific flows identified. The IDP traffic shaping feature is discussed in depth in Section 10.2, "IDP Traffic Shaping". 354