ZyXEL Communications 91-009-073003B IDP, 30.1 Overview, 30.1.1What You Can Do in this Chapter, 30.1.2What You Need To Know

30

IDP

30.1 Overview

This chapter introduces packet inspection IDP (Intrusion, Detection and Prevention), IDP profiles, binding an IDP profile to a traffic flow, custom signatures and updating signatures. An IDP system can detect malicious or suspicious packets and respond instantaneously. IDP on the ZyWALL protects against network-based intrusions.

30.1.1What You Can Do in this Chapter

•Use the Anti-X > IDP > General screen (Section 30.2 on page 481) to turn IDP on or off, bind IDP profiles to traffic directions, and view registration and signature information. Click the Add or Edit icon in this screen to bind an IDP profile to a traffic direction.

•Use the Anti-X > IDP > Profile screen (Section 30.3 on page 483) to add a new profile, edit an existing profile or delete an existing profile.

•Use the Anti-X > IDP > Custom Signature screens (Section 30.8 on page 498) to create a new signature, edit an existing signature, delete existing signatures or save signatures to your computer.

30.1.2What You Need To Know

Packet Inspection Signatures

A signature identifies a malicious or suspicious packet and specifies an action to be taken. You can change the action in the profile screens. Packet inspection signatures examine OSI (Open System Interconnection) layer-4 to layer-7 packet contents for malicious data. Generally, packet inspection signatures are created for known attacks while anomaly detection looks for abnormal behavior (see Section 31.1 on page 513).

Zone

A zone is a combination of ZyWALL interfaces and VPN connections used for configuring security. See the zone chapter for details on zones and the interfaces chapter for details on interfaces.