ZyXEL Communications 91-009-073003B ADP, 31.1 Overview, 31.1.1 ADP and IDP Comparison, 31.1.2What You Can Do in this Chapter, 31.1.3What You Need To Know

31

ADP

31.1 Overview

This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as port scans.

31.1.1 ADP and IDP Comparison

1ADP anomaly detection is in general effective against abnormal behavior while IDP packet inspection signatures are in general effective for known attacks (see Chapter 30 on page 479 for information on packet inspection).

2ADP traffic and anomaly rules are updated when you upload new firmware. This is different from the IDP packet inspection signatures and the system protect signatures you download from myZyXEL.com.

31.1.2What You Can Do in this Chapter

•Use Anti-X > ADP > General (Section 31.2 on page 515) to turn anomaly detection on or off and apply anomaly profiles to traffic directions.

•Use Anti-X > ADP > Profile (Section 31.3 on page 516) to add a new profile, edit an existing profile or delete an existing profile.

31.1.3What You Need To Know

Traffic Anomalies

Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be updated when you upload new firmware.