ZyXEL Communications 1000 User Manual
ZyWALL USG 1000 User’s Guide
563
C
H A P T E R
3 4
IDP
34.1 Overview
This chapter introduces packet inspection IDP (Intrusion, Detection and
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures
and updating signatures. An IDP system can detect malicious or suspicious
packets and respond instantaneously. IDP on the ZyWALL protects against
network-based intrusions.
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures
and updating signatures. An IDP system can detect malicious or suspicious
packets and respond instantaneously. IDP on the ZyWALL protects against
network-based intrusions.
34.1.1 What You Can Do in this Chapter
• Use the Anti-X > IDP > General screen (
) to turn
IDP on or off, bind IDP profiles to traffic directions, and view registration and
signature information. Click the Add or Edit icon in this screen to bind an IDP
profile to a traffic direction.
• Use the Anti-X > IDP > Profile screen (
) to add a
new profile, edit an existing profile or delete an existing profile.
• Use the Anti-X > IDP > Custom Signature screens (
) to create a new signature, edit an existing signature, delete existing
signatures or save signatures to your computer.
34.1.2 What You Need To Know
Packet Inspection Signatures
A signature identifies a malicious or suspicious packet and specifies an action to be
taken. You can change the action in the profile screens. Packet inspection
signatures examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created
for known attacks while anomaly detection looks for abnormal behavior (see
taken. You can change the action in the profile screens. Packet inspection
signatures examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created
for known attacks while anomaly detection looks for abnormal behavior (see
).
Zone
A zone is a combination of ZyWALL interfaces and VPN connections used for
configuring security. See the zone chapter for details on zones and the interfaces
chapter for details on interfaces.
configuring security. See the zone chapter for details on zones and the interfaces
chapter for details on interfaces.