ZyXEL ZyWALL ATP700 User Guide - Page 588
Configuration > Security Service > Reputation Filter > IP Reputation > General continued
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 588 highlights
Chapter 28 Reputation Filter Table 226 Configuration > Security Service > Reputation Filter > IP Reputation > General (continued) LABEL DESCRIPTION Log These are the log options: no: Do not create a log when the packet comes from an IPv4 address with bad reputation. log: Create a log on the Zyxel Device when the packet comes from an IPv4 address with bad reputation. Types of Cyber Threats Coming From The Internet Anonymous Proxies Denial of Service log alert: An alert is an emailed log for more serious events that may need more immediate attention. Select this option to have the Zyxel Device send an alert when the packet comes from an IPv4 address with bad reputation. Select the categories of packets that come from the Internet and are known to pose a security threat to users or their computers. Otherwise, deselect it. These are sites and proxies that act as an intermediary for surfing to other websites in an anonymous fashion, whether to circumvent Web filtering or for other reasons. These are sites that issue Denial of Service (DoS) attacks, such as DoS, DDoS, SYN flood, and anomalous traffic detection. DoS attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. The goal of DoS attacks is not to steal information, but to disable a device or network on the Internet. A Distributed Denial of Service (DDoS) attack is one in which multiple compromised systems attack a single target, thereby causing denial of service for users of the targeted system. SYN flood is an attack that attackers flood SYN packets to a server in TCP handshakes, and not respond with ACK packets on purpose. This keeps the server waiting for attackers' responses to establish TCP connections, and make the server unavailable. Exploits Negative Reputation Scanners Spam Sources TOR Proxies Anomalous traffic detection could be malicious activities, such as malware outbreaks or hacking attempts. These are sites that distribute exploits or exploit kits to infect website visitors' devices. Exploits include shellcode, root kits, worms, or viruses that download additional malware to infect devices. An exploit kit consists of different exploits. These are sites that have bad reputation and associate with suspicious activities, such as spam, virus, and/or phishing. These are sites that run unauthorized system vulnerabilities scan to look for vulnerabilities in website visitors' devices. These are sites that have been promoted through spam techniques. These are sites that act as the exit nodes in a Tor (The Onion Router) network. Tor is a service that keep users anonymous in the Internet and make users' Internet activities untraceable. Tor hides user's real IP addresses by encrypting data and transmitting the encrypted data in a chain of selected nodes acting as intermediaries. Each node can only decrypt the data sent from the node before it. The first node that receives the encrypted data is called the entry node. The last node is the last intermediary that the encrypted data will go through before it arrives at the destination. ZyWALL ATP Series User's Guide 588