beautypg.com

Idp policies, Idp overview, Mysecurity zone – ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

Page 47: Chapter 6 idp policies

background image

ZyWALL IDP 10 User’s Guide

IDP Policies

6-1

Chapter 6

IDP Policies

This chapter describes how to configure your ZyWALL’s IDP settings.

6.1 IDP

Overview

An IDP system can detect malicious or suspicious packets and respond instantaneously. It can detect
“misuse” detections based on pre-defined attack patterns and “anomaly” detections based on violations
of protocol standards (RFCs – Requests for Comments) or abnormal flows such as port scans. The
rules that define “misuse” or “anomaly” detections and how to respond to them are called “IDP
policies”.

The ZyWALL ships with a built-in “pre-defined” policy set. This policy set can be regularly updated
(see Update). Regular updates are vital as new attack types evolve.

For people with knowledge of packet header types and OSI (Open System Interconnection), the IDP
allows you to create your own (“user-defined”) rules.

See the appendices for more information on IDP systems.

Rule ordering is important as rules are applied in turn. Pre-defined rules have already been ordered for
you and cannot be re-ordered.

User-defined rules are checked before pre-defined rules.

The total number of pre-defined and user-defined rules (maximum 128 rules permitted) allowed on the
ZyWALL is 3,000.

The ZyWALL cannot check encrypted traffic such as VPN tunnel

traffic. There is a log entry every hour that shows how many
encrypted packets have passed through the ZyWALL in one hour.

6.2 mySecurity

Zone

mySecurity Zone is a web portal that provides all "security" related information for ZyXEL security
products.

You can find the policy description here that gives a detailed description about the intrusion for which
the policy was written. Copy the policy ID from the Note column in the Pre-defined screen or View
Log screen and paste it in a mySecurity zone search field to find detailed information about the
specific intrusion.

You can also find an advisory that tells you how to respond to new attacks.

If you have already registered your ZyWALL on myZyXEL.com, then you can use your
myzyXEL.com username and password to log into mySecurity Zone without having to register again
For more information on mySecurity zone, please visit http://www.mysecurity.zyxel.com.

See also other documents in the category ZyXEL Communications Hardware: