Network intrusion detection system (nids), Detecting attacks – Fortinet FortiGate 100 User Manual

FortiGate-100 Installation and Configuration Guide Version 2.50 MR2

FortiGate-100 Installation and Configuration Guide

221

Network Intrusion Detection System
(NIDS)

The FortiGate NIDS is a real-time network intrusion detection sensor that uses attack
signature definitions to both detect and prevent a wide variety of suspicious network
traffic and direct network-based attacks. Also, whenever an attack occurs, the
FortiGate NIDS can record the event in a log plus send an alert email to the system
administrator.

This chapter describes:

•

Detecting attacks

•

Preventing attacks

•

Logging attacks

Detecting attacks

The NIDS Detection module detects a wide variety of suspicious network traffic and
network-based attacks. Use the following procedures to configure the general NIDS
settings and the NIDS Detection module Signature List.

For the general NIDS settings, you need to select which interfaces will be monitored
for network-based attacks. You also need to decide whether to enable checksum
verification. Checksum verification tests the integrity of packets received at the
monitored interface(s).

This section describes:

•

Selecting the interfaces to monitor

•

Disabling the NIDS

•

Configuring checksum verification

•

Viewing the signature list

•

Viewing attack descriptions

•

Enabling and disabling NIDS attack signatures

•

Adding user-defined signatures