Home » ZyXEL Manuals » Networking » ZyXEL ZyWALL 5 » Manual Viewer

ZyXEL ZyWALL 5 User Guide - Page 282

Intrusion Severity, Signature Actions

Get ZyXEL ZyWALL 5 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 282 highlights

Chapter 14 Intrusion Detection and Prevention (IDP) Screens Table 78 SECURITY > IDP > Signature: Attack Types (continued) TYPE DESCRIPTION Web Attack Web attack signatures refer to attacks on web servers such as IIS (Internet Information Services). SPAM Spam is unsolicited "junk" e-mail sent to large numbers of people to promote products or services. Refer to the anti-spam chapter for more detailed information. Other This category refers to signatures for attacks that do not fall into the previously mentioned categories. 14.3.2 Intrusion Severity Intrusions are assigned a severity level based on the following table. The intrusion severity level then determines the default signature action. Table 79 SECURITY > IDP > Signature: Intrusion Severity SEVERITY DESCRIPTION Severe These are intrusions that try to run arbitrary code or gain system privileges. High These are known serious vulnerabilities or intrusions that are probably not false alarms. Medium These are medium threats, access control intrusions or intrusions that could be false alarms. Low These are mild threats or intrusions that could be false alarms. Very Low These are possible intrusions caused by traffic such as Ping, trace route, ICMP queries etc. 14.3.3 Signature Actions You can enable/disable individual signatures. You can log and/or have an alert sent when traffic meets a signature criteria. You can also change the default action to be taken when a packet or stream matches a signature. The following figure and table describes these actions. Note that in addition to these actions, a log may be generated or an alert sent, if those check boxes are selected and the signature is enabled. Table 80 SECURITY > IDP > Signature: Actions ACTION DESCRIPTION No Action The intrusion is detected but no action is taken. Drop Packet The packet is silently discarded. Drop Session When the firewall is enabled, subsequent TCP/IP packets belonging to the same connection are dropped. Neither sender nor receiver are sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Sender When the firewall is enabled, the TCP/IP connection is silently torn down. Just the sender is sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Receiver When the firewall is enabled, the TCP/IP connection is silently torn down. Just the receiver is sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. Reset Both When the firewall is enabled, the TCP/IP connection is silently torn down. Both sender and receiver are sent TCP RST packets. If the firewall is not enabled only the packet that matched the signature is dropped. 282 ZyWALL 5/35/70 Series User's Guide

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	29
List of Tables	41
Introduction	49
Getting to Know Your ZyWALL	51
1.1 ZyWALL Internet Security Appliance Overview	51
1.2 ZyWALL Features	51
1.3 Applications for the ZyWALL	52
1.3.1 Secure Broadband Internet Access via Cable or DSL Modem	52
1.3.2 VPN Application	53
1.3.3 3G WAN Application (ZyWALL 5 Only)	53
1.4 Ways to Manage the ZyWALL	54
1.5 Good Habits for Managing the ZyWALL	54
Hardware Installation	55
2.1 General Installation Instructions	55
2.2 Desktop Installation	55
2.3 Rack-mounted Installation Requirements	56
2.4 Rack-Mounted Installation	57
2.5 3G Card, WLAN Card and ZyWALL Turbo Card Installation	58
2.6 Front Panel Lights	59
Introducing the Web Configurator	61
3.1 Web Configurator Overview	61
3.2 Accessing the ZyWALL Web Configurator	61
3.3 Resetting the ZyWALL	63
3.3.1 Procedure To Use The Reset Button	63
3.3.2 Uploading a Configuration File Via Console Port	63
3.4 Navigating the ZyWALL Web Configurator	64
3.4.1 Title Bar	64
3.4.2 Main Window	65
3.4.3 HOME Screen: Router Mode	65
3.4.4 HOME Screen: Bridge Mode	71
3.4.5 Navigation Panel	74
3.4.6 Port Statistics	80
3.4.7 Show Statistics: Line Chart	81
3.4.8 DHCP Table	82
3.4.9 VPN Status	83
3.4.10 Bandwidth Monitor	84
Wizard Setup	87
4.1 Wizard Setup Overview	87
4.2 Internet Access	88
4.2.1 ISP Parameters	88
4.2.2 Internet Access Wizard: Second Screen	92
4.2.3 Internet Access Wizard: Registration	93
4.2.4 Internet Access Wizard: Status	94
4.2.5 Internet Access Wizard: Service Activation	95
4.3 VPN Wizard Gateway Setting	96
4.4 VPN Wizard Network Setting	97
4.5 VPN Wizard IKE Tunnel Setting (IKE Phase 1)	99
4.6 VPN Wizard IPSec Setting (IKE Phase 2)	100
4.7 VPN Wizard Status Summary	102
4.8 VPN Wizard Setup Complete	104
4.9 Anti-Spam Wizard: Email Server Location Setting	104
4.10 Anti-Spam Wizard: Direction Recommendations	105
4.11 Anti-Spam Wizard: Direction Configuration	106
4.12 Anti-Spam Wizard: Setup Complete	108
Tutorials	109
5.1 Dynamic VPN Rule Configuration	109
5.1.1 Configure Bob’s User Account	110
5.1.2 VPN Gateway and Network Policy Configuration	110
5.1.3 Configure Zero Configuration Mode on ZyWALL B	116
5.1.4 Testing Your VPN Configuration	117
5.1.5 Using the Dynamic VPN Rule for More VPN Tunnels	119
5.2 Security Settings for VPN Traffic	119
5.2.1 IDP for From VPN Traffic Example	120
5.2.2 IDP for To VPN Traffic Example	121
5.3 Firewall Rule for VPN Example	122
5.3.1 Configuring the VPN Rule	123
5.3.2 Configuring the Firewall Rules	127
5.4 How to Set up a 3G WAN Connection	130
5.4.1 Inserting a 3G Card	130
5.4.2 Configuring 3G WAN Settings	131
5.4.3 Checking WAN Connections	132
5.5 Configuring Load Balancing	132
5.6 Configuring Content Filtering	133
5.6.1 Enable Content Filtering	133
5.6.2 Block Categories of Web Content	134
5.6.3 Assign Bob’s Computer a Specific IP Address	136
5.6.4 Create a Content Filter Policy for Bob	136
5.6.5 Set the Content Filter Schedule	137
5.6.6 Block Categories of Web Content for Bob	138
Registration Screens	141
6.1 Overview	141
6.1.1 What You Can Do in the Registration Screens	141
6.1.2 What You Need to Know About Registration	141
6.2 The Registration Screen	142
6.3 The Service Screen	144
Network	147
LAN Screens	149
7.1 Overview	149
7.1.1 What You Can Do in The LAN Screens	149
7.1.2 What You Need to Know About LAN	150
7.2 The LAN Screen	152
7.3 The LAN Static DHCP Screen	155
7.4 The LAN IP Alias Screen	156
7.5 The LAN Port Roles Screen	158
Bridge Screens	161
8.1 Overview	161
8.1.1 What You Can Do in the Bridge Screens	161
8.1.2 What You Need To Know About Bridging	162
8.2 The Bridge Screen	163
8.3 The Bridge Port Roles Screen	164
8.4 Bridge Technical Reference	166
WAN Screens	169
9.1 Overview	169
9.1.1 What You Can Do in the WAN Screens	170
9.1.2 What You Need to Know About WAN	170
9.1.3 Before You Begin	172
9.2 The General Screen	172
9.2.1 Configuring the General Screen	173
9.2.2 Configuring Load Balancing	177
9.2.3 Least Load First	177
9.2.4 Weighted Round Robin	179
9.2.5 Spillover	180
9.3 The WAN1 and WAN2 Screen	182
9.3.1 WAN Ethernet Encapsulation	183
9.3.2 PPPoE Encapsulation	186
9.3.3 PPTP Encapsulation	189
9.4 The 3G (WAN2) Screen	192
9.5 The Traffic Redirect Screen	197
9.6 Configuring the Traffic Redirect Screen	198
9.7 The Dial Backup Screen	199
9.7.1 The Advanced Modem Setup Screen	201
9.7.2 Configuring the Advanced Modem Setup Screen	202
9.8 WAN Technical Reference	204
DMZ Screens	207
10.1 Overview	207
10.1.1 What You Can Do in the DMZ Screens	207
10.1.2 What You Need To Know About DMZ	208
10.1.3 DMZ Public IP Address Example	208
10.1.4 DMZ Private and Public IP Address Example	209
10.2 The DMZ Screen	210
10.3 The Static DHCP Screen	213
10.4 The IP Alias Screen	214
10.5 The DMZ Port Roles Screen	216
WLAN Screens	219
11.1 Overview	219
11.1.1 What You Can Do in the WLAN Screens	219
11.1.2 What You Need to Know About WLAN	220
11.2 The WLAN Screen	220
11.3 WLAN Static DHCP	223
11.4 WLAN IP Alias	224
11.5 WLAN Port Roles	226
Wireless Screens	229
12.1 Overview	229
12.1.1 What You Can Do in the Wireless Screens	229
12.1.2 What You Need to Know	229
12.2 Wireless Card	232
12.2.1 Static WEP	234
12.2.2 WPA-PSK	235
12.2.3 WPA	237
12.2.4 IEEE 802.1x + Dynamic WEP	238
12.2.5 IEEE 802.1x + Static WEP	239
12.2.6 IEEE 802.1x + No WEP	240
12.2.7 No Access 802.1x + Static WEP	241
12.2.8 No Access 802.1x + No WEP	242
12.3 MAC Filter	243
12.4 Technical Reference	244
Security	249
Firewall Screens	251
13.1 Overview	251
13.1.1 What You Can Do Using the Firewall Screens	252
13.1.2 What You Need To Know About the ZyWALL Firewall	252
13.1.3 Before You Begin	252
13.2 Firewall Rules Example	252
13.3 The Firewall Default Rule Screen	254
13.4 The Firewall Default Rule (Bridge Mode) Screen	256
13.5 The Firewall Rule Summary Screen	259
13.5.1 The Firewall Edit Rule Screen	260
13.6 The Anti-Probing Screen	263
13.7 The Firewall Thresholds Screen	264
13.8 The Firewall Services Screen	266
13.8.1 The Firewall Edit Custom Service Screen	267
13.8.2 My Service Firewall Rule Example	268
13.9 Technical Reference	271
Intrusion Detection and Prevention (IDP) Screens	277
14.1 Overview	277
14.1.1 What You Can Do Using the IDP Screens	277
14.1.2 What You Need To Know About the ZyWALL IDP	278
14.1.3 Before You Begin	279
14.2 The General Setup Screen	279
14.3 The Signatures Screen	281
14.3.1 Attack Types	281
14.3.2 Intrusion Severity	282
14.3.3 Signature Actions	282
14.3.4 Configuring The IDP Signatures Screen	283
14.3.5 The Query View Screen	284
14.4 The Anomaly Screen	289
14.5 The Update Screen	291
14.5.1 mySecurityZone	291
14.5.2 Configuring The IDP Update Screen	292
14.6 The Backup and Restore Screen	293
14.7 Technical Reference	294
Anti-Virus Screens	299
15.1 Overview	299
15.1.1 What You Can Do in the Antivirus Screens	299
15.1.2 What You Need to Know About Antivirus	300
15.2 The General Screen	301
15.3 The Signature Screen	303
15.3.1 Signature Search Example	305
15.4 The Update Screen	306
15.4.1 mySecurityZone	307
15.4.2 Configuring Anti-virus Update	307
15.5 The Backup and Restore Screen	309
15.6 Technical Reference	310
Anti-Spam Screens	313
16.1 Overview	313
16.1.1 What You Can Do in the Antispam Screens	313
16.1.2 What You Need to Know About Antispam	314
16.2 The General Screen	315
16.3 The External DB Screen	318
16.4 The Lists Screen	320
16.5 Anti-Spam Lists Edit Screen	322
16.6 Technical Reference	324
Content Filtering Screens	327
17.1 Overview	327
17.1.1 What You Can Do in the Content Filtering Screens	327
17.1.2 What You Need to Know About Content Filtering	327
17.2 General Screen	328
17.3 The Policy Screen	331
17.4 Content Filter Policy: General	332
17.5 Content Filter Policy: External Database	334
17.6 Content Filter Policy: Customization	341
17.7 Content Filter Policy: Schedule	342
17.8 Content Filter Object	343
17.9 Content Filtering Cache	346
Content Filtering Reports	349
18.1 Overview	349
18.2 Checking Content Filtering Activation	349
18.3 Viewing Content Filtering Reports	349
18.4 Web Site Submission	354
IPSec VPN	357
19.1 Overview	357
19.1.1 What You Can Do in the IPSec VPN Screens	357
19.1.2 What You Need to Know About IPSec VPN	358
19.2 The VPN Rules (IKE) Screen	360
19.3 The VPN Rules (IKE) Gateway Policy Edit Screen	361
19.4 The Network Policy Edit Screen	367
19.5 The Network Policy Edit: Port Forwarding Screen	372
19.6 The Network Policy Move Screen	374
19.7 The VPN Rules (Manual) Screen	375
19.8 The VPN Rules (Manual): Edit Screen	376
19.9 The VPN SA Monitor Screen	379
19.10 The VPN Global Setting Screen	379
19.11 Telecommuter VPN/IPSec Examples	382
19.11.1 Telecommuters Sharing One VPN Rule Example	383
19.11.2 Telecommuters Using Unique VPN Rules Example	383
19.12 VPN and Remote Management	385
19.13 Hub-and-spoke VPN	385
19.13.1 Hub-and-spoke VPN Example	386
19.13.2 Hub-and-spoke Example VPN Rule Addresses	387
19.13.3 Hub-and-spoke VPN Requirements and Suggestions	387
19.14 IPSec VPN Background Information	388
Certificates	399
20.1 Overview	399
20.1.1 What You Can Do in the Certificate Screens	399
20.1.2 What You Need to Know About Certificates	399
20.1.3 Verifying a Certificate	400
20.2 The My Certificates Screen	401
20.2.1 The My Certificate Details Screen	403
20.3 The My Certificate Export Screen	406
20.4 The My Certificate Import Screen	407
20.4.1 Using the My Certificate Import Screen	407
20.5 The My Certificate Create Screen	409
20.6 The Trusted CAs Screen	413
20.7 The Trusted CA Details Screen	415
20.8 The Trusted CA Import Screen	418
20.9 The Trusted Remote Hosts Screen	419
20.10 The Trusted Remote Hosts Import Screen	421
20.11 The Trusted Remote Host Certificate Details Screen	422
20.12 The Directory Servers Screen	424
20.13 The Directory Server Add or Edit Screen	425
Authentication Server Screens	427
21.1 Overview	427
21.1.1 What You Can Do in the Authentication Server Screens	427
21.1.2 What You Need To Know About Authentication Server	427
21.2 The Local User Database Screen	428
21.3 The RADIUS Screen	430
Advanced	433
Network Address Translation (NAT)	435
22.1 Overview	435
22.1.1 What You Can Do Using the NAT Screens	435
22.1.2 What You Need To Know About NAT	435
22.1.3 Before You Begin	436
22.2 The NAT Overview Screen	436
22.3 The NAT Address Mapping Screen	438
22.3.1 NAT Address Mapping Edit	440
22.4 The Port Forwarding Screen	441
22.4.1 Default Server IP Address	441
22.4.2 Port Forwarding: Services and Port Numbers	442
22.4.3 Configuring Servers Behind Port Forwarding (Example)	442
22.4.4 NAT and Multiple WAN	442
22.4.5 Port Translation	443
22.4.6 Configuring The Port Forwarding Screen	443
22.5 The Port Triggering Screen	445
22.5.1 Configuring Port Triggering	446
22.6 Technical Reference	447
Static Route Screens	451
23.1 Overview	451
23.1.1 What You Can Do in the Static Route Screens	451
23.2 The IP Static Route Screen	452
23.2.1 The IP Static Route Edit Screen	454
Policy Route Screens	457
24.1 Overview	457
24.1.1 What You Can Do in the Policy Route Screens	457
24.1.2 What You Need To Know About Policy Route	457
24.2 The Policy Route Summary Screen	458
24.2.1 The Policy Route Edit Screen	460
Bandwidth Management Screens	465
25.1 Overview	465
25.1.1 What You Can Do in the Bandwidth Management Screens	465
25.1.2 What You Need to Know About Bandwidth Management	465
25.1.3 Application and Subnet-based Bandwidth Management Example	466
25.1.4 Over Allotment of Bandwidth Example	467
25.1.5 Maximize Bandwidth Usage With Bandwidth Borrowing Example	467
25.2 The Summary Screen	467
25.2.1 Maximize Bandwidth Usage Example	470
25.2.2 Reserving Bandwidth for Non-Bandwidth Class Traffic	471
25.3 The Class Setup Screen	471
25.4 Bandwidth Manager Class Configuration	473
25.4.1 Bandwidth Borrowing Example	476
25.5 Bandwidth Management Statistics	477
25.6 The Monitor Screen	478
DNS Screens	479
26.1 Overview	479
26.1.1 What You Can Do in the DNS Screens	479
26.1.2 What You Need To Know About DNS	479
26.2 The System Screen	481
26.2.1 The Add Address Record Screen	483
26.2.2 The Insert Name Server Record Screen	484
26.3 The DNS Cache Screen	485
26.4 The DHCP Screen	487
26.5 The DDNS Screen	488
26.6 Configuring the Dynamic DNS Screen	489
Remote Management Screens	491
27.1 Overview	491
27.1.1 What You Can Do in the Remote Management Screens	491
27.1.2 What You Need To Know About Remote Management	492
27.2 HTTPS Example	493
27.2.1 Internet Explorer Warning Messages	493
27.2.2 Netscape Navigator Warning Messages	493
27.2.3 Avoiding the Browser Warning Messages	494
27.2.4 Login Screen	495
27.2.5 Enrolling and Importing SSL Client Certificates (Example)	496
27.2.6 Installing the CA’s Certificate (Example)	497
27.2.7 Installing Your Personal Certificate(s) (Example)	498
27.2.8 Using a Certificate When Accessing the ZyWALL (Example)	501
27.2.9 Secure Telnet Using SSH Examples	502
27.3 The WWW Screen	504
27.4 Configuring the WWW Screen	505
27.5 The SSH Screen	507
27.6 Configuring the SSH Screen	507
27.7 The Telnet Screen	508
27.8 The FTP Screen	509
27.9 The SNMP Screen	510
27.9.1 Configuring the SNMP Screen	512
27.10 The DNS Screen	513
27.11 The CNM Screen	514
27.12 Configuring the CNM Screen	514
27.13 Remote Management Technical Reference	516
UPnP Screens	519
28.1 Overview	519
28.1.1 What You Can Do in the UPnP Screens	519
28.1.2 What You Need To Know About UPnP	519
28.2 UPnP Examples	520
28.2.1 Installing UPnP in Windows Example	520
28.2.2 Using UPnP in Windows XP Example	522
28.3 The UPnP Screen	526
28.4 The Ports Screen	527
Custom Application Screen	529
29.1 Overview	529
29.1.1 What You Can Do in the Custom Application Screen	529
29.1.2 What You Need to Know About Custom Application	529
29.2 The Custom Application Screen	529
ALG Screen	531
30.1 Overview	531
30.1.1 What You Need to Know About ALG	531
30.2 The ALG Screen	535
Reports, Logs and Maintenance	537
Reports Screens	539
31.1 Overview	539
31.1.1 What You Can Do in the Reports Screens	539
31.2 The Traffic Statistics Screen	539
31.2.1 Viewing Web Site Hits	541
31.2.2 Viewing Host IP Address	542
31.2.3 Viewing Protocol/Port	543
31.2.4 System Reports Specifications	545
31.3 The IDP Screen	545
31.4 The Anti-Virus Screen	547
31.5 The Anti-Spam Screen	549
31.6 The E-mail Report Screen	551
Logs Screens	555
32.1 Overview	555
32.1.1 What You Can Do in the Log Screens	555
32.1.2 What You Need To Know About Logs	555
32.2 The View Log Screen	555
32.2.1 Log Description Example	556
32.2.2 About the Certificate Not Trusted Log	557
32.3 The Log Settings Screen	558
32.4 Technical Reference	561
Maintenance Screens	585
33.1 Overview	585
33.1.1 What You Can Do in the Maintenance Screens	585
33.2 The General Setup Screen	585
33.3 The Password Screen	586
33.4 The Time and Date Screen	587
33.4.1 Time Server Synchronization Example	590
33.5 The Device Mode Screen	591
33.6 Configuring the Device Mode Screen (Router)	592
33.7 Configuring the Device Mode Screen (Bridge)	593
33.8 The F/W Upload Screen	595
33.9 The Backup and Restore Screen	597
33.10 The Restart Screen	599
33.11 The Diagnostics Screen	599
SMT	603
Introducing the SMT	605
34.1 Introduction to the SMT	605
34.2 Accessing the SMT via the Console Port	605
34.2.1 Initial Screen	605
34.2.2 Entering the Password	606
34.3 Navigating the SMT Interface	606
34.3.1 Main Menu	607
34.3.2 SMT Menus Overview	609
34.4 Changing the System Password	610
34.5 Resetting the ZyWALL	611
SMT Menu 1 - General Setup	613
35.1 Introduction to General Setup	613
35.2 Configuring General Setup	613
35.2.1 Configuring Dynamic DNS	615
WAN and Dial Backup Setup	619
36.1 Introduction to WAN and Dial Backup Setup	619
36.2 WAN Setup	619
36.3 Dial Backup	620
36.3.1 Configuring Dial Backup in Menu 2	620
36.3.2 Advanced WAN Setup	621
36.3.3 Remote Node Profile (Backup ISP)	623
36.3.4 Editing TCP/IP Options	625
36.3.5 Editing Login Script	626
36.3.6 Remote Node Filter	628
36.3.7 3G Modem Setup	629
36.3.8 Remote Node Profile (3G WAN)	630
LAN Setup	633
37.1 Introduction to LAN Setup	633
37.2 Accessing the LAN Menus	633
37.3 LAN Port Filter Setup	633
37.4 TCP/IP and DHCP Ethernet Setup Menu	634
37.4.1 IP Alias Setup	636
Internet Access	639
38.1 Introduction to Internet Access Setup	639
38.2 Ethernet Encapsulation	639
38.3 Configuring the PPTP Client	641
38.4 Configuring the PPPoE Client	642
38.5 Basic Setup Complete	643
DMZ Setup	645
39.1 Configuring DMZ Setup	645
39.2 DMZ Port Filter Setup	645
39.3 TCP/IP Setup	646
39.3.1 IP Address	646
39.3.2 IP Alias Setup	647
Route Setup	649
40.1 Configuring Route Setup	649
40.2 Route Assessment	649
40.3 Traffic Redirect	650
40.4 Route Failover	651
Wireless Setup	653
41.1 Wireless LAN Setup	653
41.1.1 MAC Address Filter Setup	655
41.2 TCP/IP Setup	656
41.2.1 IP Address	656
41.2.2 IP Alias Setup	657
Remote Node Setup	659
42.1 Introduction to Remote Node Setup	659
42.2 Remote Node Setup	659
42.3 Remote Node Profile Setup	660
42.3.1 Ethernet Encapsulation	660
42.3.2 PPPoE Encapsulation	661
42.3.3 PPTP Encapsulation	663
42.4 Edit IP	664
42.5 Remote Node Filter	666
IP Static Route Setup	669
43.1 IP Static Route Setup	669
Network Address Translation (NAT)	673
44.1 Using NAT	673
44.1.1 SUA (Single User Account) Versus NAT	673
44.1.2 Applying NAT	673
44.2 NAT Setup	675
44.2.1 Address Mapping Sets	676
44.3 Configuring a Server behind NAT	681
44.4 General NAT Examples	683
44.4.1 Internet Access Only	683
44.4.2 Example 2: Internet Access with a Default Server	685
44.4.3 Example 3: Multiple Public IP Addresses With Inside Servers	685
44.4.4 Example 4: NAT Unfriendly Application Programs	689
44.5 Trigger Port Forwarding	690
44.5.1 Two Points To Remember About Trigger Ports	690
Introducing the ZyWALL Firewall	693

Match case Limit results 1 per page

Chapter 14 Intrusion Detection and Prevention (IDP) Screens

ZyWALL 5/35/70 Series User’s Guide

282

14.3.2

Intrusion Severity

Intrusions are assigned a severity level based on the following table. The intrusion severity

level then determines the default signature action.

14.3.3

Signature Actions

You can enable/disable individual signatures. You can log and/or have an alert sent when

traffic meets a signature criteria. You can also change the default action to be taken when a

packet or stream matches a signature. The following figure and table describes these actions.

Note that in addition to these actions, a log may be generated or an alert sent, if those check

boxes are selected and the signature is enabled.

Web Attack

Web attack signatures refer to attacks on web servers such as IIS (Internet

Information Services).

SPAM

Spam is unsolicited "junk" e-mail sent to large numbers of people to promote

products or services. Refer to the anti-spam chapter for more detailed information.

Other

This category refers to signatures for attacks that do not fall into the previously

mentioned categories.

Table 78

SECURITY > IDP > Signature: Attack Types (continued)

TYPE

DESCRIPTION

Table 79

SECURITY > IDP > Signature: Intrusion Severity

SEVERITY

DESCRIPTION

Severe

These are intrusions that try to run arbitrary code or gain system privileges.

High

These are known serious vulnerabilities or intrusions that are probably not false

alarms.

Medium

These are medium threats, access control intrusions or intrusions that could be false

alarms.

Low

These are mild threats or intrusions that could be false alarms.

Very Low

These are possible intrusions caused by traffic such as Ping, trace route, ICMP

queries etc.

Table 80

SECURITY > IDP > Signature: Actions

ACTION

DESCRIPTION

No Action

The intrusion is detected but no action is taken.

Drop Packet

The packet is silently discarded.

Drop Session

When the firewall is enabled, subsequent TCP/IP packets belonging to the

same connection are dropped. Neither sender nor receiver are sent TCP RST

packets. If the firewall is not enabled only the packet that matched the

signature is dropped.

Reset Sender

When the firewall is enabled, the TCP/IP connection is silently torn down. Just

the sender is sent TCP RST packets. If the firewall is not enabled only the

packet that matched the signature is dropped.

Reset Receiver

When the firewall is enabled, the TCP/IP connection is silently torn down. Just

the receiver is sent TCP RST packets. If the firewall is not enabled only the

packet that matched the signature is dropped.

Reset Both

When the firewall is enabled, the TCP/IP connection is silently torn down. Both

sender and receiver are sent TCP RST packets. If the firewall is not enabled

only the packet that matched the signature is dropped.