beautypg.com

Best practice deployment – Amer Networks E5Web GUI User Manual

Page 479

background image

from the external network that are based on the SMTP protocol.

1.

Select the Rule Action for the IDP rule

2.

Now enter:

Action: Protect

Signatures: IPS_MAIL_SMTP

Click OK

If logging of intrusion attempts is desired, this can be configured by clicking in the Rule Actions
tab when creating an IDP rule and enabling logging. The Severity should be set to All in order to
match all SMTP attacks.

In summary, the following will occur: If traffic from the external network to the mail server occurs,
IDP will be activated. If traffic matches any of the signatures in the IPS_MAIL_SMTP signature
group, the connection will be dropped, thus protecting the mail server.

Using Individual Signatures

The preceding example uses an entire IDP group name when enabling IDP. However, it is
possible to instead specify a single signature or a list of signatures for an IDP rule. Individual
signatures are identified by their unique number ID and multiple signatures are specified as a
comma separated list of these IDs.

For example, to specify signatures with the ID 68343, the CLI in the above example would
become:

Device:/IDPMailSrvRule> add IDPRuleAction

Action=Protect
IDPServity=All
Signatures=68343

To specify a list which also includes signatures 68345 and 68349:

Device:/IDPMailSrvRule> add IDPRuleAction

Action=Protect
IDPServity=All
Signatures=68343,68345,68349

Individual signatures are entered in a similar way when using the Web Interface or InControl.

IDP Traffic Shaping

IDP offers an excellent means of identifying different types of traffic flow through cOS Core and
the applications responsible for them. This ability is combined with the traffic management
features of cOS Core to provide IDP Traffic Shaping which can place bandwidth and priority
restrictions on the specific flows identified.

The IDP traffic shaping feature is discussed in depth in Section 10.2, “IDP Traffic Shaping”.

6.5.8. Best Practice Deployment

IDP Deployment Recommendations

Chapter 6: Security Mechanisms

479

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: