D-Link DFL-210-WCF-12 Product Manual - Page 325
Destination Network, Action, Signatures, Rule Action, Severity, Specify the Action
UPC - 790069601545
View all D-Link DFL-210-WCF-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 325 highlights
6.5.8. SMTP Log Receiver for IDP Events Chapter 6. Security Mechanisms • Destination Network: ip_mailserver • Click OK Specify the Action: An action is now defined, specifying what signatures the IDP should use when scanning data matching the rule, and what NetDefendOS should do when a possible intrusion is detected. In this example, intrusion attempts will cause the connection to be dropped, so Action is set to Protect. The Signatures option is set to IPS_MAIL_SMTP in order to use signatures that describe attacks from the external network that are based on the SMTP protocol. 1. Select the Rule Action tab for the IDP rule 2. Now enter: • Action: Protect • Signatures: IPS_MAIL_SMTP • Click OK If logging of intrusion attempts is desired, this can be configured by clicking in the Rule Actions tab when creating an IDP rule and enabling logging. The Severity should be set to All in order to match all SMTP attacks. In summary, the following will occur: If traffic from the external network to the mail server occurs, IDP will be activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature group, the connection will be dropped, thus protecting the mail server. 325