ZyWALL IDP 10Intrusion Detection and Prevention ApplianceUser’s GuideVer si on 2 . 03/2005
ZyWALL IDP 10 User’s GuideTable of Contents 106.3.14 Policy Actions ...
ZyWALL IDP 10 User’s GuideChapter 8 Maintenance 100After you see a “configuration upload successful” screen, you must then wait one minute before logg
ZyWALL IDP 10 User’s Guide101 Chapter 8 Maintenance
ZyWALL IDP 10 User’s GuideChapter 9 Command Line Interface Overview 102CHAPTER 9Command Line InterfaceOverview This chapter briefly introduces the co
ZyWALL IDP 10 User’s Guide103 Chapter 9 Command Line Interface Overview [on|off] means that you can use either on or off.6 “Command” refers to a comma
ZyWALL IDP 10 User’s GuideChapter 9 Command Line Interface Overview 104detect vpnbypass <ON/OFF> Allow/disallow bypass of VPN packets it doesn’
ZyWALL IDP 10 User’s Guide105 Chapter 9 Command Line Interface Overview Remote snmp on <LAN+MGMT/WAN+MGMT/MGMT/ALL>Enable remote snmp access fro
ZyWALL IDP 10 User’s GuideChapter 9 Command Line Interface Overview 106Help Displays a “help” messageReset Resets the ZyWALL to the factory defaults
ZyWALL IDP 10 User’s Guide107 Chapter 9 Command Line Interface Overview
ZyWALL IDP 10 User’s GuideAppendix A Introduction to Intrusions 108Appendix AIntroduction to IntrusionsIntroduction to PortsComputers share informatio
ZyWALL IDP 10 User’s Guide109 Appendix A Introduction to IntrusionsPing of DeathPing of Death uses a "ping" utility to create an IP packet t
ZyWALL IDP 10 User’s Guide11 Table of ContentsIntroduction to Ports ...
ZyWALL IDP 10 User’s GuideAppendix A Introduction to Intrusions 110Figure 63 SYN FloodLAND Attack In a LAND attack, hackers flood SYN packets into t
ZyWALL IDP 10 User’s Guide111 Appendix A Introduction to IntrusionsFigure 64 Smurf AttackTracerouteTraceroute is a utility used to determine the pat
ZyWALL IDP 10 User’s GuideAppendix A Introduction to Intrusions 112A TCP connect() call is used to open a connection to every interesting port on the
ZyWALL IDP 10 User’s Guide113 Appendix A Introduction to IntrusionsExample IntrusionsThe following are some examples of intrusions.SQL Slammer WormW32
ZyWALL IDP 10 User’s GuideAppendix A Introduction to Intrusions 114MyDoomMyDoom W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm th
ZyWALL IDP 10 User’s Guide115 Appendix A Introduction to Intrusions
ZyWALL IDP 10 User’s GuideAppendix B Intrusion Protection 116Appendix BIntrusion ProtectionFirewalls and IntrusionsFirewalls are designed to block cle
ZyWALL IDP 10 User’s Guide117 Appendix B Intrusion ProtectionNetwork Intrusions Network-based intrusions have the goal of bringing down a network or n
ZyWALL IDP 10 User’s GuideAppendix B Intrusion Protection 118The protocol decode engine first applies rules defined by the appropriate RFCs to look fo
ZyWALL IDP 10 User’s Guide119 Appendix B Intrusion Protection
ZyWALL IDP 10 User’s GuideList of Figures 12List of FiguresFigure 1 ZyWALL ...
ZyWALL IDP 10 User’s GuideIndex 120IndexNumerics10/100Mbps 36110V AC 4230V AC 4AAbnormal Working Conditions 5AC 4Access control 60Accessories 4Activat
ZyWALL IDP 10 User’s Guide121 IndexDNS server 30, 31DoS 19Basics 108Types 108duplex 36, 37Dust 4Ee-Donkey 53Electric Shock 4Electrocution 4E-MAIL 85E-
ZyWALL IDP 10 User’s GuideIndex 122License 2Lightning 4Liquids, Corrosive 4Local Upgrade 96Log Facility 88Login 103LOGS 84MMacro Virus 112Mail Server
ZyWALL IDP 10 User’s Guide123 IndexQQualified Service Personnel 4Quick Start Guide 24RRadio Communications 3Radio Frequency Energy 3Radio Interference
ZyWALL IDP 10 User’s GuideIndex 124syslog 27, 28, 30, 31, 32TTampering 5TCP connect() 112TCP Header 79TCP/IP 108TCP_RST 37Teardrop 109Telephone 6Telev
ZyWALL IDP 10 User’s Guide13 List of FiguresFigure 39 Search Example ...
ZyWALL IDP 10 User’s GuideList of Tables 14List of TablesTable 1 Web Configurator HOME Screen ...
ZyWALL IDP 10 User’s Guide15 List of Tables
ZyWALL IDP 10 User’s GuidePreface 16PrefaceCongratulations on your purchase of the ZyWALL IDP 10. About This User's GuideCongratulations on your
ZyWALL IDP 10 User’s Guide17 PrefaceGraphics Icons KeyPrestige Computer ModemSwitch Firewall ServerIntrusion Block an intrusion Security Hole
ZyWALL IDP 10 User’s GuideChapter 1 Introducing the ZyWALL IDP 10 18CHAPTER 1Introducing the ZyWALL IDP 10This chapter introduces the main features an
ZyWALL IDP 10 User’s Guide19 Chapter 1 Introducing the ZyWALL IDP 10Figure 1 ZyWALL1.2 FeaturesLAN, WAN and Management PortsYou can also manage the
ZyWALL IDP 10 User’s GuideCopyright 2CopyrightCopyright © 2005 by ZyXEL Communications Corporation.The contents of this publication may not be reprodu
ZyWALL IDP 10 User’s GuideChapter 1 Introducing the ZyWALL IDP 10 20• Traffic flow anomalies where certain applications such as peer-to-peer applicati
ZyWALL IDP 10 User’s Guide21 Chapter 1 Introducing the ZyWALL IDP 10Figure 2 Installation Example 1In installation example 2 (see Figure 3 on page 2
ZyWALL IDP 10 User’s GuideChapter 1 Introducing the ZyWALL IDP 10 22Figure 4 Installation Example 3In installation example 4 (see Figure 5 on page 2
ZyWALL IDP 10 User’s Guide23 Chapter 1 Introducing the ZyWALL IDP 10
ZyWALL IDP 10 User’s GuideChapter 2 Introducing the Web Configurator 24CHAPTER 2Introducing the WebConfiguratorThis chapter describes how to access th
ZyWALL IDP 10 User’s Guide25 Chapter 2 Introducing the Web ConfiguratorFigure 7 Login Screen4 You should see a screen asking you to change your pass
ZyWALL IDP 10 User’s GuideChapter 2 Introducing the Web Configurator 26Figure 9 Web Configurator HOME ScreenUse submenus to configure ZyWALL feature
ZyWALL IDP 10 User’s Guide27 Chapter 2 Introducing the Web Configurator2.1.1 Navigation PanelAfter you enter the password, use the sub-menus on the na
ZyWALL IDP 10 User’s GuideChapter 2 Introducing the Web Configurator 282.4 Example Configuration SettingsThe following table shows an example setup f
ZyWALL IDP 10 User’s Guide29 Chapter 2 Introducing the Web ConfiguratorGateway 10. 10. 1.254 (switch or router on LAN or DMZ)State INLINE Ports Settin
ZyWALL IDP 10 User’s Guide3 Federal Communications Commission (FCC) Interference StatementFederal CommunicationsCommission (FCC) InterferenceStatement
ZyWALL IDP 10 User’s GuideChapter 3 General Settings 30CHAPTER 3General SettingsThis chapter describes how to configure the ZyWALL’s TCP, VLAN and Sta
ZyWALL IDP 10 User’s Guide31 Chapter 3 General Settings3.2 Introduction to VLANsA VLAN (Virtual Local Area Network) allows a physical network to be p
ZyWALL IDP 10 User’s GuideChapter 3 General Settings 32The VLAN ID associates a frame with a specific VLAN and provides the information that switches
ZyWALL IDP 10 User’s Guide33 Chapter 3 General SettingsFigure 11 General: VLANThe following table describes the fields in this screen.3.3.1 StateTo
ZyWALL IDP 10 User’s GuideChapter 3 General Settings 34Table 6 General: StateLABEL DESCRIPTIONDevice Operation State SetupDevice Operation State:Inl
ZyWALL IDP 10 User’s Guide35 Chapter 3 General Settings
ZyWALL IDP 10 User’s GuideChapter 4 Interface Screens 36CHAPTER 4Interface ScreensThis chapter shows you how to configure the ZyWALL ports.4.1 10/100
ZyWALL IDP 10 User’s Guide37 Chapter 4 Interface ScreensFigure 13 Interface: LinkThe following table describes the fields in this screen.4.3 Stealt
ZyWALL IDP 10 User’s GuideChapter 4 Interface Screens 38Figure 14 Interface: StealthThe following table describes the fields in this screen.4.4 Pol
ZyWALL IDP 10 User’s Guide39 Chapter 4 Interface ScreensFigure 15 Policy Checking4.4.1 Policy DirectionDo not confuse policy check with a policy ru
ZyWALL IDP 10 User’s GuideSafety Warnings 4Safety WarningsFor your safety, be sure to read and follow all warning notices and instructions.• Do NOT op
ZyWALL IDP 10 User’s GuideChapter 4 Interface Screens 40Figure 16 Interface: Policy CheckThe following table describes the fields in this screen.Tab
ZyWALL IDP 10 User’s Guide41 Chapter 4 Interface Screens
ZyWALL IDP 10 User’s GuideChapter 5 Remote Management 42CHAPTER 5Remote ManagementThe remote management screens allow you to which ports are allowed w
ZyWALL IDP 10 User’s Guide43 Chapter 5 Remote ManagementHTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the ZyW
ZyWALL IDP 10 User’s GuideChapter 5 Remote Management 445.3 SNMPSimple Network Management Protocol is a protocol used for exchanging management infor
ZyWALL IDP 10 User’s Guide45 Chapter 5 Remote ManagementFigure 18 SNMP Management ModelAn SNMP managed network consists of two main types of compone
ZyWALL IDP 10 User’s GuideChapter 5 Remote Management 46• GetNext - Allows the manager to retrieve the next object variable from a table or list withi
ZyWALL IDP 10 User’s Guide47 Chapter 5 Remote ManagementThe following table describes the fields in this screen.5.4 SSH OverviewUnlike Telnet or FTP,
ZyWALL IDP 10 User’s GuideChapter 5 Remote Management 485.4.2 SSH Implementation on the ZyWALLYour ZyWALL supports SSH version 1.5 using RSA authenti
ZyWALL IDP 10 User’s Guide49 Chapter 5 Remote ManagementFigure 22 Remote Management: SSH The following table describes the fields in this screen.5.5
ZyWALL IDP 10 User’s Guide5 ZyXEL Limited WarrantyZyXEL Limited WarrantyZyXEL warrants to the original end user (purchaser) that this product is free
ZyWALL IDP 10 User’s GuideChapter 5 Remote Management 50Figure 23 PuTTY Settings4 You may see a PuTTY security alert next. Click Ye s to continue.F
ZyWALL IDP 10 User’s Guide51 Chapter 5 Remote ManagementFigure 25 ZyWALL Command Interface Login Screen
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 52CHAPTER 6IDP PoliciesThis chapter describes how to configure your ZyWALL’s IDP settings.6.1 IDP Ov
ZyWALL IDP 10 User’s Guide53 Chapter 6 IDP PoliciesFor more information on mySecurity zone, please visit http://www.mysecurity.zyxel.com.6.3 Signatur
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 54Figure 26 P2P Signatures6.3.2 IMIM (Instant Messaging) refers to chat applications. Chat is real
ZyWALL IDP 10 User’s Guide55 Chapter 6 IDP PoliciesFigure 27 IM (Chat) Signatures6.3.3 SPAMSpam is unsolicited "junk" e-mail sent to larg
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 56Figure 29 DoS/DDoS Signatures6.3.5 ScanScan refers to all port, IP or vulnerability scans. Hacke
ZyWALL IDP 10 User’s Guide57 Chapter 6 IDP PoliciesFigure 30 Scan Signatures6.3.6 Buffer OverflowA buffer overflow occurs when a program or process
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 58Figure 31 Buffer Overflow Signatures6.3.7 Virus/WormA computer virus is a small program designed
ZyWALL IDP 10 User’s Guide59 Chapter 6 IDP PoliciesFigure 32 Worm/Virus Signatures6.3.8 Backdoor/TrojanA backdoor (also called a trapdoor) is hidde
ZyWALL IDP 10 User’s GuideCustomer Support 6Customer SupportPlease have the following information ready when you contact customer support.• Product mo
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 60Figure 33 Backdoor/Trojan Signatures6.3.9 Access ControlAccess control refers to procedures and
ZyWALL IDP 10 User’s Guide61 Chapter 6 IDP PoliciesFigure 34 Access Control Signatures6.3.10 Web AttackWeb attack signatures refer to attacks on we
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 62Figure 35 Web Attack Signatures6.3.11 PornThe ZyWALL can block web sites if their URLs contain c
ZyWALL IDP 10 User’s Guide63 Chapter 6 IDP PoliciesFigure 36 Porn Signatures6.3.12 OthersThis category refers to signatures for attacks that do not
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 64Figure 37 Others Signatures6.3.13 Policy SeverityIntrusions are assigned a severity level based
ZyWALL IDP 10 User’s Guide65 Chapter 6 IDP Policies6.3.14 Policy ActionsThe following table describes the (configurable) actions for a policy.6.4 Co
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 66Figure 38 Pre-defined IDP Policies SummaryTable 16 Selecting Pre-defined PoliciesLABEL DESCRIPT
ZyWALL IDP 10 User’s Guide67 Chapter 6 IDP PoliciesPolicy Search You can search for policies based on policy name or ID number. Select By Name or By P
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 686.4.1 Search ExampleThe following screen displays when you perform a search for the “Sasser” virus
ZyWALL IDP 10 User’s Guide69 Chapter 6 IDP PoliciesFigure 39 Search Example6.4.2 Query ExampleThe following screen shows severe and high impact DoS
ZyWALL IDP 10 User’s Guide7 Customer SupportUNITED [email protected] +44 (0) 1344 30304408707 555779 (UK only) www.zyxel.co.uk ZyXEL Communic
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 70Figure 40 Query Example6.4.3 Modify ScreenClick Modify in Pre-defined IDP Policies Summary6-13 t
ZyWALL IDP 10 User’s Guide71 Chapter 6 IDP PoliciesFigure 41 Pre-defined Policies: ModifyTable 17 Pre-defined IDP PoliciesLABEL DESCRIPTIONALL Sel
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 726.5 UpdateThe ZyWALL comes with a “pre-defined” set of policies that can be regularly updated. Reg
ZyWALL IDP 10 User’s Guide73 Chapter 6 IDP Policies6.6 User-defined PoliciesYou need some knowledge of packet header types and OSI (Open System Inter
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 74Figure 43 User-defined PoliciesTable 19 User-defined PoliciesLABEL DESCRIPTIONEnable User-defin
ZyWALL IDP 10 User’s Guide75 Chapter 6 IDP PoliciesAlarm An alarm is an action (an e-mail is sent) to be taken on the policy when a packet matches a r
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 766.6.1 Configuring a User-defined IDP PolicyAll “policy attributions” have a logical AND relationsh
ZyWALL IDP 10 User’s Guide77 Chapter 6 IDP PoliciesFigure 44 Configuring a User-defined IDP Policy
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 78Table 20 Configuring a User-defined IDP PolicyLABEL DESCRIPTIONAttributions The “attributions” de
ZyWALL IDP 10 User’s Guide79 Chapter 6 IDP PoliciesSource IP Select whether the policy applies to source packets that match (Equal), don’t match (Not
ZyWALL IDP 10 User’s GuideTable of Contents 8Table of ContentsCopyright ...
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 806.6.2 Packet Content ExampleIn the following example, the rule is for the IP protocol, so the payl
ZyWALL IDP 10 User’s Guide81 Chapter 6 IDP Policies6.7 Registering your ZyWALLUse the Registration screen to enable IDP service on the ZyWALL. You ne
ZyWALL IDP 10 User’s GuideChapter 6 IDP Policies 82Figure 45 Registering ZyWALLTable 21 Registering ZyWALLLABEL DESCRIPTIONRegistration StatusThis
ZyWALL IDP 10 User’s Guide83 Chapter 6 IDP Policies
ZyWALL IDP 10 User’s GuideChapter 7 Log and Report 84CHAPTER 7Log and ReportThis chapter describes how to use the Log and Report screens.7.1 LogsTo v
ZyWALL IDP 10 User’s Guide85 Chapter 7 Log and Report7.2 ReportYou can send logs by e-mail or send them to a syslog server.7.2.1 E-MailUse the E-Mai
ZyWALL IDP 10 User’s GuideChapter 7 Log and Report 86Figure 47 Report: E-MailThe following table describes the fields in this screen.Table 23 Repo
ZyWALL IDP 10 User’s Guide87 Chapter 7 Log and Report7.2.2 SyslogSyslog logging sends a log to an external syslog server used to store logs. Figure 4
ZyWALL IDP 10 User’s GuideChapter 7 Log and Report 887.3 Alarm ScheduleAn alarm is a “warning log” generated by an event that warrants more serious a
ZyWALL IDP 10 User’s Guide89 Chapter 7 Log and ReportTable 25 AlarmLABEL DESCRIPTIONAlarm ScheduleActive Select this field to activate your ZyWALL&a
ZyWALL IDP 10 User’s Guide9 Table of ContentsChapter 4Interface Screens ...
ZyWALL IDP 10 User’s GuideChapter 8 Maintenance 90CHAPTER 8Maintenance8.1 Maintenance OverviewUse the maintenance screens to change the ZyWALL passwo
ZyWALL IDP 10 User’s Guide91 Chapter 8 Maintenance8.2.1 Forget PasswordIf you forgot your password, then you will have to reset it to the factory def
ZyWALL IDP 10 User’s GuideChapter 8 Maintenance 928.3.1 Pre-defined NTP Time Servers ListThe ZyWALL uses the following pre-defined list of NTP time s
ZyWALL IDP 10 User’s Guide93 Chapter 8 MaintenanceFigure 52 Maintenance: Time SettingTable 28 Time and DateLABEL DESCRIPTIONCurrent Time and DateC
ZyWALL IDP 10 User’s GuideChapter 8 Maintenance 948.3.2 Time Server SynchronizationClick the Synchronize Now button to get the time and date from the
ZyWALL IDP 10 User’s Guide95 Chapter 8 MaintenanceFigure 53 Synchronization in ProcessClick the Return button to go back to the Time and Date screen
ZyWALL IDP 10 User’s GuideChapter 8 Maintenance 96Figure 56 Maintenance: F/W UploadTable 29 Maintenance: F/W UploadLABEL DESCRIPTIONLocal UpgradeF
ZyWALL IDP 10 User’s Guide97 Chapter 8 MaintenanceAfter you see the Firmware Upload in Process screen, wait two minutes before logging into the ZyWALL
ZyWALL IDP 10 User’s GuideChapter 8 Maintenance 98Figure 58 Network Temporarily DisconnectedAfter two minutes, log in again and check your new firmw
ZyWALL IDP 10 User’s Guide99 Chapter 8 MaintenanceFigure 60 Maintenance: Configuration8.5.1 Backup ConfigurationBackup Configuration allows you to
Komentáře k této Příručce