ZyXEL Communications ZyWALL5UTM 4.0 Intrusion Detection and Prevention (IDP)

ZyWALL 5/35/70 Series User’s Guide
Chapter 11
Firewall Screens...................................................................................................	210
11.1 Access Methods .............................................................................................	210
11.2 Firewall Policies Overview ..............................................................................	210
11.3 Rule Logic Overview ......................................................................................	212
11.3.1 Rule Checklist .......................................................................................	212
11.3.2 Security Ramifications ..........................................................................	212
11.3.3 Key Fields For Configuring Rules .........................................................	212
11.3.3.1 Action ...........................................................................................	212
11.3.3.2 Service .........................................................................................	213
11.3.3.3 Source Address ...........................................................................	213
11.3.3.4 Destination Address ....................................................................	213
11.4 Connection Direction Examples .....................................................................	213
11.4.1 LAN To WAN Rules ...............................................................................	213
11.4.2 WAN To LAN Rules ...............................................................................	214
11.5 Alerts ..............................................................................................................	214
11.10.1 Threshold Values ................................................................................	223
11.10.2 Half-Open Sessions ............................................................................	223
11.10.2.1 TCP Maximum Incomplete and Blocking Time ..........................	224
11.11.2 Predefined Services ............................................................................	229
11.12 Example Firewall Rule ..................................................................................	231
Chapter 12
Intrusion Detection and Prevention (IDP) ..........................................................	236
12.1 Introduction to IDP .......................................................................................	236
12.1.1 Firewalls and Intrusions ........................................................................	236
12.1.2 IDS and IDP .........................................................................................	237
12.1.3 Host IDP ..............................................................................................	237
12.1.4 Network IDP .........................................................................................	237
12.1.5 Example Intrusions ...............................................................................	238
12.1.5.1 SQL Slammer Worm ...................................................................	238
12.1.5.2 Blaster W32.Worm ......................................................................	238
12.1.5.3 Nimda ..........................................................................................	238
12.1.5.4 MyDoom ......................................................................................	239
12.1.6 ZyWALL IDP .........................................................................................	239
Chapter 13
Configuring IDP....................................................................................................	240
13.1 Overview ........................................................................................................	240
13.1.1 Interfaces ..............................................................................................	240
13.2 General Setup ................................................................................................	241
13.3.1 Attack Types .........................................................................................	242
13.3.2 Intrusion Severity ..................................................................................	244

Table of Contents