SonicWALL TZ 180 manual Enable IPS Logging, Brute-force Baseline Setup

Page 33

TotalSecure Configuration Task List

To disable IPS, uncheck the Enable IPS check box. This will prevent blocking of traffic that matches the IPS signatures. However, some signatures belong to Application Filter category sets as well as other types of category sets such as GAV, IPS, Anti-Spyware, or Web Filters. If Application Filtering is enabled, these signatures are blocked by the Application Filter process even when you configure the other filters to allow them.

Caution Checking the Enable IPS check box does not automatically start SonicWALL IPS protection. You must also update the IPS Global Settings section.You must specify a Prevent All action in the Signature Groups table to activate Intrusion Prevention on the SonicWALL security appliance, and specify the interface or zones you want to protect.

Specifying Global Attack Level Protection

SonicWALL IPS allows you to globally manage your network protection against attacks by simply selecting the class of attacks: High Priority Attacks, Medium Priority Attacks, and Low Priority Attacks. Selecting the Prevent All and Detect All check boxes for High Priority Attacks and Medium Priority Attacks in the Signature Groups table, and then clicking Apply protects your network against the most dangerous and disruptive attacks. For more detailed information on configuring global signature groups, refer to “Configuring Global Signature Groups” in the SonicWALL Intrusion Prevention Service Administrator’s Guide available on the SonicWALL Resource CD or at<http://www.sonicwall.com/us/3396.html>

Fine-tuning the IPS

To really take advantage of the SonicWALL IPS, it is sometimes necessary to fine-tune the behavior of certain IPS Categories and/or IPS Signatures.

Since all network are not alike, it can be quite difficult to exactly tell what IPS Categories or IPS Signatures should be Prevented or Detected.

However, what can be done is to create a Baseline Setup where as much hostile traffic as possible is Prevented and Detected regardless of what traffic may flow in an individual network.

Refer to the descriptions in this document for instructions on how to change the behavior of a certain IPS Category and/or IPS Signature.

A Baseline Setup can be accomplished in two different ways. The outcome is basically the same, but involves somewhat different steps, both depends heavily on logging of the correct

Enable IPS Logging

To view IPS-related events in the log, ensure that the correct log categories are enabled.

The more categories enabled while fine-tuning, the better, although the logs fill fast. Always make sure the categories Intrusion Prevention and Security Services are enabled.

The Brute-force Baseline Setup

The Brute-force Baseline setup is quite brutal and will in most cases break valid traffic flowing in the network.

Use the IPS Global Setting to enable the option Detect All for all three IPS Signature Groups.

SonicWALL TZ 180 TotalSecure

33

Page 32 Page 34
Image 33
Page 32 Page 34
Contents What is TotalSecure? IntroductionDocument Scope Benefits of TotalSecure Every SonicWALL TotalSecure solution includes the followingGAV Overview SonicWALL Gateway Anti-VirusHow Does GAV Work? BenefitsSonicWALL Gateway Anti-Virus/Intrusion Prevention Features SonicWALL GAV Multi-Layered Approach Internal Network Protection Remote Site ProtectionHttp File Downloads Server Protection SonicWALL GAV ArchitectureProtocol Handling Disabling the SonicWALL GAV/IPS EngineSmtp SonicWALL Intrusion Prevention Service IPS OverviewHow Does IPS Work? What is a Zone? SonicWALL Anti-Spyware Security Service SonicWALL Anti-SpywareSpyware Threat SonicWALL Anti-Spyware SonicWALL Content Filtering Service Premium CFS OverviewHow Does CFS Premium Work? SonicWALL Deep Packet Inspection DPI OverviewHow Does DPI Work? Deep Packet Inspection Flow Diagram SonicWALL Security Dashboard Security Dashboard Overview SonicWALL Security Dashboard How Does the Security Dashboard Work? What is Security Dashboard?Registering Your Appliance on MySonicWALL Registering Your Appliance on MySonicWALL Registering Your SonicWALL Security Appliance TotalSecure Configuration Task ListSetting Up SonicWALL GAV Protection Enabling SonicWALL GAVApplying SonicWALL GAV Protection on Interfaces Edit Zone Applying SonicWALL GAV Protection on Zones SonicOS EnhancedViewing SonicWALL GAV Status Information Updating SonicWALL GAV Signatures Specifying Protocol FilteringEnabling Inbound Inspection Enabling Outbound Smtp Inspection Configuring Client Alerts and an Exclusion ListConfiguring Client Alerts Configuring a SonicWALL GAV Exclusion ListRestricting File Transfers Displaying Signatures Viewing SonicWALL GAV SignaturesEnabling SonicWALL IPS Navigating the Gateway Anti-Virus Signatures TableBrute-force Baseline Setup Enable IPS LoggingSetting Up SonicWALL Anti-Spyware Protection Enabling SonicWALL Anti-Spyware Setting Up CFS Premium GlossarySpecifying Spyware Danger Level Protection Glossary Related Documentation Solution Document Version History Version Number Date Related Documentation SonicWALL TZ 180 TotalSecure
Related manuals
Manual 34 pages 40.02 Kb Manual 38 pages 55.88 Kb
Top Page Image Contents