Policy severity – ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

ZyWALL IDP 10 User’s Guide

6-12

IDP

Policies

Figure 6-12 Others Signatures

6.3.13 Policy Severity

Intrusions are assigned a severity level based on the following table. The intrusion severity level then
determines the default signature action (see Table 6-2).

Table 6-1 Policy Severity

SEVERITY DESCRIPTION

Severe (5)

These are intrusions that try to run arbitrary code or gain system privileges. The default action
for this level of intrusion is to block the traffic.

High (4)

These are known serious vulnerabilities or intrusions that are probably not false alarms. The
default action for this level of intrusion is to block the traffic.

Medium (3)

These are medium threats, access control intrusions or intrusions that could be false alarms.
The default action for this level of intrusion is to log the traffic.

Low (2)

These are mild threats or intrusions that could be false alarms. The default action for this level
of intrusion is to log the traffic.

Very Low (1)

These are possible intrusions caused by traffic such as Ping, trace route, ICMP queries etc.
The default action for this level of intrusion is to log the traffic.