ZyXEL ZyWALL ATP700 User Guide - Page 589
Reputation Filter
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 589 highlights
Chapter 28 Reputation Filter Table 226 Configuration > Security Service > Reputation Filter > IP Reputation > General (continued) LABEL DESCRIPTION Web Attacks These are sites that launch web attacks, such as SQL injection, cross site scripting, iframe injection, and brute force attack. SQL injection (SQLI) is an attack that attackers insert malicious SQL (Structured Query Language) code into a web application database query. Attackers can then access, add, modify, or delete data in users' databases. Cross site scripting (XSS) is an attack that attackers injects malicious scripts to websites or web applications in the form of HTML or JavaScript code. The scripts execute when users visit the infected web page or perform the infected web applications. XSS will cause failures to encrypt traffic, cookie stealing, identity impersonation, and phishing. Iframe injection is an attack that attackers injects malicious iframe (inline frame) tags to websites. The malicious iframe tag downloads malware to the devices of the infected websites' visitors, and steal users' sensitive information. An iframe tag is an HTML tag that is used to embed contents from another source in a website, but attackers misuse this feature. Brute force attack is an attack that attackers attempt to gain access to websites or device via a succession of different passwords. Types of Cyber Threats Coming From The Internet And Local Networks Select the categories of packets that come from the Internet and local network. The categories of packets are known to pose a security threat to users or their computers. Otherwise, clear it. Botnets A botnet is a network consisting of computers that are infected with malware and remotely controlled. The infected computers will contact and wait for instructions from a command and control (C&C) server. An attacker can control the botnet by setting up a C&C server and then sending commands to the infected computers. Alternatively, a peer-to-peer network approach is used. The infected computer scans and communicates with the peer devices in the same botnet to share commands or malware sent by the C&C server. These are botnet sites including command-and-control (C&C) servers. Test IP Threat Category IP to test Enter an IPv4 address of a website, and click the Query button to check if the website associates with suspicious activities that could pose a security threat to users or their computers. Signature Information The Zyxel Device comes with signatures for IP reputation. These signatures are continually updated as new malware evolves. New signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the IP reputation signatures service. You need to create an account at myZyxel, register your Zyxel Device and then subscribe for IP reputation service in order to be able to download new signatures from myZyxel (see the Registration screens). Current Version Signature Number Released Date Update Signatures Apply Reset The following fields display information on the current signature set that the Zyxel Device is using. This field displays the signature set version number currently used by the Zyxel Device. This number gets larger as new signatures are added. This field displays the number of signatures in this set. This field displays the date and time the set was released. Click this to go to the Configuration > Licensing > Signature Update screen to check for new signatures at myZyxel. You can schedule or immediately download signatures. Click Apply to save your changes. Click Reset to return the screen to its last-saved settings. ZyWALL ATP Series User's Guide 589