ZyWALL 5/35/70 Series User’s Guide

Chapter 11

 

Firewall Screens...................................................................................................

210

11.1 Access Methods .............................................................................................

210

11.2 Firewall Policies Overview ..............................................................................

210

11.3 Rule Logic Overview ......................................................................................

212

11.3.1 Rule Checklist .......................................................................................

212

11.3.2 Security Ramifications ..........................................................................

212

11.3.3 Key Fields For Configuring Rules .........................................................

212

11.3.3.1 Action ...........................................................................................

212

11.3.3.2 Service .........................................................................................

213

11.3.3.3 Source Address ...........................................................................

213

11.3.3.4 Destination Address ....................................................................

213

11.4 Connection Direction Examples .....................................................................

213

11.4.1 LAN To WAN Rules ...............................................................................

213

11.4.2 WAN To LAN Rules ...............................................................................

214

11.5 Alerts ..............................................................................................................

214

11.10.1 Threshold Values ................................................................................

223

11.10.2 Half-Open Sessions ............................................................................

223

11.10.2.1 TCP Maximum Incomplete and Blocking Time ..........................

224

11.11.2 Predefined Services ............................................................................

229

11.12 Example Firewall Rule ..................................................................................

231

Chapter 12

 

Intrusion Detection and Prevention (IDP) ..........................................................

236

12.1 Introduction to IDP .......................................................................................

236

12.1.1 Firewalls and Intrusions ........................................................................

236

12.1.2 IDS and IDP .........................................................................................

237

12.1.3 Host IDP ..............................................................................................

237

12.1.4 Network IDP .........................................................................................

237

12.1.5 Example Intrusions ...............................................................................

238

12.1.5.1 SQL Slammer Worm ...................................................................

238

12.1.5.2 Blaster W32.Worm ......................................................................

238

12.1.5.3 Nimda ..........................................................................................

238

12.1.5.4 MyDoom ......................................................................................

239

12.1.6 ZyWALL IDP .........................................................................................

239

Chapter 13

 

Configuring IDP....................................................................................................

240

13.1 Overview ........................................................................................................

240

13.1.1 Interfaces ..............................................................................................

240

13.2 General Setup ................................................................................................

241

13.3.1 Attack Types .........................................................................................

242

13.3.2 Intrusion Severity ..................................................................................

244

Table of Contents

14