ProSecure Unified Threat Management (UTM) Appliance

Table 39. IPS screen settings (continued)

Setting

Description

 

 

Detect DDoS

Detect the action that is taken when the UTM detects a DDoS attack:

 

Alert. An alert is emailed to the administrator that is specified on the Email

 

Notification screen.

 

Disable. DDoS attack detection is disabled.

 

Block Source IP for. The IP address of the attacking computer is blocked for

 

the duration that you specify in the Seconds field. The default setting is

 

300 seconds. This is the default setting.

 

 

Security Category Settings

This section displays the different categories of attacks such as Web, Mail, Databases, and so on. The Action column shows the default settings (Disable, Drop, or Alert).

In the Action column for each category, either select the actions for individual attacks by making selections from the drop-down lists to the right of the names, or select a global action for all attacks for that category by making a selection from the top drop-down list for that category. Some of the less familiar web and miscellaneous attacks are explained in Table 40 on page 190.

The drop-down lists let you select one of the following actions:

Disable. The application is not controlled by the IPS.

Drop. The traffic that carries the attack is dropped, and an alert is logged.

Alert. An alert is logged but the traffic that carries the attack is not dropped.

The default action for all attacks is Disabled, except for the following attacks, for which the default action is Drop:

Web attacks: XSS, IIS, Apache, PHP, CGI, Web-Client, Web-Attack, Web-Misc.

Databases: SQL-injection.

Misc: ShellCode.

3.Click Apply to save your settings.

Note: Traffic that passes on the UTM’s VLANs and on the secondary IP addresses that you have configured on the LAN Multi-homing screen (see Configure Multihome LAN IP Addresses on the Default VLAN on page 109) is also scanned by the IPS.

Firewall Protection

188

Page 188
Image 188
NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual 188, Security Category Settings