D-Link DFL-200 manual Intrusion Detection / Prevention, Add a new policy

Page 29

Intrusion Detection / Prevention

The DFL-200 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion detection and prevention sensor that identifies and takes action against a wide variety of suspicious network activity. The IDS uses intrusion signatures, stored in the attack database, to identify the most common attacks. In response to an attack, the IDS protect the networks behind the DFL-200 by dropping the traffic. To notify of the attack the IDS sends an email to the system administrators if email alerting is converted. There are two modes that can be configured, either Inspection Only or Prevention. Inspection Only will only inspect the traffic and if the DFL-200 sees anything it will log, email an alert (if configured) and pass on the traffic, if Prevention is used the traffic will be dropped and logged and if configured a email alert will be sent.

D-Link updates the attack database periodically. Since firmware version 1.30.00 automatic updates are possible. If IDS or IDP is enabled for at least one of the policies or port mappings, auto updating of the IDS database will be enabled. The firewall will then automatically download the latest database from the D-Link website.

Add a new policy

Follow these steps to add a new outgoing policy.

Step 1. Choose the LAN->WANpolicy list from the available policy lists.

Step 2. Click on the Add new link.

Step 3. Fill in the following values:

Name: Specifies a symbolic name for the rule. This name is used mainly as a rule reference in log data and for easy reference in the policy list.

Action: Select Allow to allow this type of traffic.

Source Nets: – Specifies the sender span of IP addresses to be compared to the received packet. Leave this blank to match everything.

Source Users/Groups: Specifies if an authenticated username is needed for this policy to match. Either make a list of usernames, separated by , or write Any for any authenticated user. If it’s left blank there is no need for authentication for the policy.

Destination Nets: Specifies the span of IP addresses to be compared to the destination IP of the received packet. Leave this blank to match everything.

Destination Users/Groups: Specifies if an authenticated username is needed for this policy to match. Either make a list of usernames, separated by , or write Any for any authenticated user. If it’s left blank there is no need for authentication for the policy.

Service: Either choose a predefined service from the dropdown menu or make a custom.

Schedule: Choose what schedule should be used for this policy to match, choose Always for no scheduling.

Click the Apply button below to apply the change or click Cancel to discard changes

Image 29
Contents Link DFL-200 Contents VPN Servers 111 125 122Access Control supported Features and BenefitsIntroduction Introduction to FirewallsIntroduction to Local Area Networking Physical Connections LEDsSystem Requirements Package ContentsManaging D-Link DFL-200 Resetting the DFL-200Administrative Access Administration SettingsAdd Admin access to an interface Add ping access to an interfaceEnable Snmp access to an interface Add Read-only access to an interfaceChange IP of the LAN or DMZ interface SystemInterfaces IP Address The IP address of the WAN interface. This is WAN Interface Settings Using Static IPWAN Interface Settings Using Dhcp Password WAN Interface Settings Using PPPoEWAN Interface Settings Using Pptp Password The password supplied to you by your ISP WAN Interface Settings Using BigPondMTU Configuration Routing Go to System and Routing Add a new Static RouteRemove a Static Route Logging Enable E-mail alerting for ISD/IDP events Enable LoggingEnable Audit Logging Page Time Setting time and date manually Using NTP to sync timeChanging time zone Checking the Set the system time boxPolicy FirewallPolicy modes Action TypesSchedule Service FilterSource and Destination Filter Add a new policy Intrusion Detection / PreventionEnable the Delete policy checkbox Configure Intrusion DetectionEnable the Intrusion Detection / Prevention checkbox Change order of policyConfigure Intrusion Prevention Add a new mapping Port mapping / Virtual ServersDelete mapping Enable the Delete mapping checkboxDFL-200 Radius Support UsersEnable Radius Support Enable User Authentication via Http / HttpsAdd User Change User PasswordEnable the Change password checkbox Delete User Enable the Delete user checkboxAdd new recurring schedule SchedulesAdding TCP, UDP or TCP/UDP Service ServicesAdding IP Protocol Grouping ServicesProtocol-independent settings Introduction to IPSec VPNPoint-to-Point Protocol Introduction to PptpIntroduction to L2TP MPPE, Microsoft Point-To-Point Encryption Authentication ProtocolsL2TP/PPTP Clients Authentication protocolL2TP/PPTP Servers Authentication Protocol Introduction chapterMppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networksCreating a Roaming Users IPSec VPN Tunnel VPN between client and an internal networkAdding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN ClientVPN Advanced Settings IPSec Proposal List Proposal ListsIKE Proposal List Trusting Certificates CertificatesLocal identities Certificates of remote peersIdentities Active content handling Content FilteringEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server SettingsEnable Dhcp Relay Enable Dhcp ServerDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server boxEnable by checking the Enable DNS Relayer box DNS Relayer SettingsEnable DNS Relayer Disable DNS Relayer Ping ToolsPing Example Add Dynamic DNS SettingsDynamic DNS Restoring the DFL-200’s Configuration BackupExporting the DFL-200’s Configuration Restarting the DFL-200 Restart/ResetRestoring system settings to factory defaults Page Upgrade IDS Signature-database UpgradeUpgrade Firmware CPU Load StatusSystem Interfaces VPN Click Connections below it. a window will ConnectionsDhcp Server Logging Usage events How to read the logsDrop events Conn eventsClose Example Open ExampleStep by step guides LAN IP 192.168.4.1, Subnet mask LAN-to-LAN VPN using IPsecRemote Net 192.168.1.0/24 Enable Automatically add a route for the remote networkLocal net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet maskRemote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP clientSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol NumbersLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise Warnung CE Mark WarningAdvertencia de Marca de la CE AttenzioneVcci Warning Offices Singapore D-LINK International 132
Related manuals
Manual 14 pages 8.62 Kb Manual 12 pages 24 Kb