D-Link DFL-800-AV-12 User Manual - Page 197
IDP > IDP Rules > IDPMailSrvRule > Add > IDP Rule Action, IPS_MAIL_SMTP
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 197 highlights
6.5.8. SMTP Log Receiver for IDP Events Chapter 6. Security Mechanisms When this IDP Rule has been created, an action must also be created, specifying what signatures the IDP should use when scanning data matching the IDP Rule, and what NetDefendOS should do in case an intrusion is discovered. Intrusion attempts should cause the connection to be dropped, so Action is set to Protect. Severity is set to Attack, in order to match all SMTP attacks. Signatures is set to IPS_MAIL_SMTP in order to use signatures that describe attacks from the external network, dealing with the SMTP protocol. 1. Go to IDP > IDP Rules > IDPMailSrvRule > Add > IDP Rule Action 2. Now enter: • Action: Protect • Severity: All • Signatures: IPS_MAIL_SMTP • Click OK In summary, the following will occur: If traffic from the external network to the mail server occurs, IDP will be activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature group, the connection will be dropped, thus protecting the mail server. 197