ZyXEL Communications 5 Series User Manual
Chapter 14 Intrusion Detection and Prevention (IDP) Screens
ZyWALL 5/35/70 Series User’s Guide
281
14.3 The Signatures Screen
The rules that define how to identify and respond to intrusions are called “signatures”. Click
SECURITY > IDP > Signatures to see the ZyWALL’s signatures.
SECURITY > IDP > Signatures to see the ZyWALL’s signatures.
14.3.1 Attack Types
Click SECURITY > IDP > Signature. The Attack Type list box displays all intrusion types
supported by the ZyWALL. Other covers all intrusion types not covered by other types listed.
supported by the ZyWALL. Other covers all intrusion types not covered by other types listed.
To see signatures listed by intrusion type supported by the ZyWALL, select that type from the
Attack Type list box.
Attack Type list box.
Table 78 SECURITY > IDP > Signature: Attack Types
TYPE
DESCRIPTION
DoS/DDoS
The goal of Denial of Service (DoS) attacks is not to steal information, but to
disable a device or network on the Internet. A distributed denial-of-service (DDoS)
attack is one in which multiple compromised systems attack a single target,
thereby causing denial of service for users of the targeted system.
disable a device or network on the Internet. A distributed denial-of-service (DDoS)
attack is one in which multiple compromised systems attack a single target,
thereby causing denial of service for users of the targeted system.
Buffer Overflow
A buffer overflow occurs when a program or process tries to store more data in a
buffer (temporary data storage area) than it was intended to hold. The excess
information can overflow into adjacent buffers, corrupting or overwriting the valid
data held in them.
Intruders could run codes in the overflow buffer region to obtain control of the
system, install a backdoor or use the victim to launch attacks on other devices.
buffer (temporary data storage area) than it was intended to hold. The excess
information can overflow into adjacent buffers, corrupting or overwriting the valid
data held in them.
Intruders could run codes in the overflow buffer region to obtain control of the
system, install a backdoor or use the victim to launch attacks on other devices.
Access Control
Access control refers to procedures and controls that limit or detect access.
Access control is used typically to control user access to network resources such
as servers, directories, and files.
Access control is used typically to control user access to network resources such
as servers, directories, and files.
Scan
Scan refers to all port, IP or vulnerability scans. Hackers scan ports to find targets.
They may use a TCP connect() call, SYN scanning (half-open scanning), Nmap
etc. After a target has been found, a vulnerability scanner can be used to exploit
exposures.
They may use a TCP connect() call, SYN scanning (half-open scanning), Nmap
etc. After a target has been found, a vulnerability scanner can be used to exploit
exposures.
Trojan Horse
A Trojan horse is a harmful program that’s hidden inside apparently harmless
programs or data. It could be used to steal information or remotely control a
device.
programs or data. It could be used to steal information or remotely control a
device.
P2P
Peer-to-peer (P2P) is where computing devices link directly to each other and can
directly initiate communication with each other; they do not need an intermediary.
A device can be both the client and the server. In the ZyWALL, P2P refers to peer-
to-peer applications such as eMule, eDonkey, BitTorrent, iMesh etc.
directly initiate communication with each other; they do not need an intermediary.
A device can be both the client and the server. In the ZyWALL, P2P refers to peer-
to-peer applications such as eMule, eDonkey, BitTorrent, iMesh etc.
IM
IM (Instant Messaging) refers to chat applications. Chat is real-time
communication between two or more users via networks-connected computers.
After you enter a chat (or chat room), any member can type a message that will
appear on the monitors of all the other participants.
communication between two or more users via networks-connected computers.
After you enter a chat (or chat room), any member can type a message that will
appear on the monitors of all the other participants.
Virus/Worm
A computer virus is a small program designed to corrupt and/or alter the operation
of other legitimate programs. A worm is a program that is designed to copy itself
from one computer to another on a network. A worm’s uncontrolled replication
consumes system resources thus slowing or stopping other tasks.
The IDP VirusWorm category refers to network-based viruses and worms. The
Anti-Virus (AV) screen refers to file-based viruses and worms. Refer to the anti-
virus chapter for additional information on file-based anti-virus scanning in the
ZyWALL.
of other legitimate programs. A worm is a program that is designed to copy itself
from one computer to another on a network. A worm’s uncontrolled replication
consumes system resources thus slowing or stopping other tasks.
The IDP VirusWorm category refers to network-based viruses and worms. The
Anti-Virus (AV) screen refers to file-based viruses and worms. Refer to the anti-
virus chapter for additional information on file-based anti-virus scanning in the
ZyWALL.
Porn
The ZyWALL can block web sites if their URLs contain certain pornographic
words. It cannot block web pages containing those words if the associated URL
does not.
words. It cannot block web pages containing those words if the associated URL
does not.