beautypg.com

Intrusion detection and prevention, Overview, Idp availability in d-link models – D-Link DFL-2500 User Manual

Page 188: Section 6.5, “intrusion detection and prevention, Section 6.5, “intrusion detection and prevention”)

background image

6.5. Intrusion Detection and Prevention

6.5.1. Overview

Intrusion Definition

Computer servers can sometimes have vulnerabilites which leave them exposed to attacks carried by
network traffic. Worms, trojans and backdoor exploits are examples of such attacks which, if
successful, can potentially compromise or take control of a server. A generic term that can be used
to describe these server orientated threats are intrusions.

Intrusion Detection

Intrusions differ from viruses in that a virus is normally contained in a single file download and this
is normally downloaded to a client system. An intrusion manifests itself as a malicious pattern of
Internet data aimed at bypassing server security mechanisms. Intrusions are not uncommon and they
can constantly evolve as their creation can be automated by the attacker. NetDefendOS IDP
provides an important line of defense against these threats.

Intrusion Detection and Prevention (IDP) is a NetDefendOS module that is designed to protect
against these instrusion attempts. It operates by monitoring network traffic as it passes through the
D-Link Firewall, searching for patterns that indicate an intrusion is being attempted. Once detected,
NetDefendOS IDP allows steps to be taken to neutralize both the intrusion attempt as well as its
source.

IDP Issues

In order to have an effective and reliable IDP system, the following issues have to be addressed:

1.

What kinds of traffic should be analyzed?

2.

What should we searched for in that traffic?

3.

What action should be carried out when an intrusion is detected?

NetDefendOS IDP Components

NetDefendOS IDP addresses the above IDP issues with the following mechanisms:

1.

IDP Rules are defined up by the administrator to determine what traffic should be scanned.

2.

Pattern Matching is applied by NetDefendOS IDP to the traffic that matches an IDP Rule as it
streams through the firewall.

3.

If NetDefendOS IDP detects an intrusion then the Action specified for the triggering IDP Rule
is taken.

IDP Rules, Pattern Matching and IDP Rule Actions are described in the sections which follow.

6.5.2. IDP Availability in D-Link Models

Maintenance and Advanced IDP

D-Link offers two types of IDP:

Maintenance IDP is a basic IDP system included as standard with the D-Link

6.5. Intrusion Detection and
Prevention

Chapter 6. Security Mechanisms

188