Filter
Top Products
ZyWALL USG 1000 User’s Guide
563
CHAPTER 34
IDP
34.1 Overview
This chapter introduces packet inspection IDP (Intrusion, Detection and
Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures
and updating signatures. An IDP system can detect malicious or suspicious
packets and respond instantaneously. IDP on the ZyWALL protects against
network-based intrusions.
34.1.1 What You Can Do in this Chapter
•Use the Anti-X > IDP > General screen (Section 34.2 on page 565) to turn
IDP on or off, bind IDP profiles to traffic directions, and view registration and
signature information. Click the Add or Edit icon in this screen to bind an IDP
profile to a traffic direction.
•Use the Anti-X > IDP > Profile screen (Section 34.3 on page 567) to add a
new profile, edit an existing profile or delete an existing profile.
•Use the Anti-X > IDP > Custom Signature screens (Section 34.8 on page
582) to create a new signature, edit an existing signature, delete existing
signatures or save signatures to your computer.
34.1.2 What You Need To Know
Packet Inspection Signatures
A signature identifies a malicious or suspicious packet and specifies an action to be
taken. You can change the action in the profile screens. Packet inspection
signatures examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created
for known attacks while anomaly detection looks for abnormal behavior (see
Chapter 35 on page 597).
Zone
A zone is a combination of ZyWALL interfaces and VPN connections used for
configuring security. See the zone chapter for details on zones and the interfaces
chapter for details on interfaces.