Chapter 29 IDP
Table 132 Policy Types (continued)
POLICY TYPE | DESCRIPTION |
DoS/DDoS | The goal of Denial of Service (DoS) attacks is not to steal information, but to |
| disable a device or network on the Internet. |
| A distributed |
| compromised systems attack a single target, thereby causing denial of service |
| for users of the targeted system. |
|
|
Scan | A scan describes the action of searching a network for an exposed service. An |
| attack may then occur once a vulnerability has been found. Scans occur on |
| several network levels. |
| A network scan occurs at |
| devices such as a router or server running in an IP network. |
| A scan on a protocol is commonly referred to as a |
| once an attacker has found a live end system, he looks for open ports. |
| A scan on a service is commonly referred to a |
| an attacker has found an open port, say port 80 on a server, he determines that |
| it is a HTTP service run by some web server application. He then uses a web |
| vulnerability scanner (for example, Nikto) to look for documented vulnerabilities. |
|
|
Buffer Overflow | A buffer overflow occurs when a program or process tries to store more data in |
| a buffer (temporary data storage area) than it was intended to hold. The excess |
| information can overflow into adjacent buffers, corrupting or overwriting the |
| valid data held in them. |
| Intruders could run codes in the overflow buffer region to obtain control of the |
| system, install a backdoor or use the victim to launch attacks on other devices. |
|
|
Virus/Worm | A computer virus is a small program designed to corrupt and/or alter the |
| operation of other legitimate programs. A worm is a program that is designed to |
| copy itself from one computer to another on a network. A worm’s uncontrolled |
| replication consumes system resources, thus slowing or stopping other tasks. |
|
|
Backdoor/Trojan | A backdoor (also called a trapdoor) is hidden software or a hardware |
| mechanism that can be triggered to gain access to a program, online service or |
| an entire computer system. A Trojan horse is a harmful program that is hidden |
| inside apparently harmless programs or data. |
| Although a virus, a worm and a Trojan are different types of attacks, they can be |
| blended into one attack. For example, W32/Blaster and W32/Sasser are |
| blended attacks that feature a combination of a worm and a Trojan. |
|
|
Access Control | Access control refers to procedures and controls that limit or detect access. |
| Access control attacks try to bypass validation checks in order to access |
| network resources such as servers, directories, and files. |
|
|
Web Attack | Web attacks refer to attacks on web servers such as IIS (Internet Information |
| Services). |
|
|
An IDP service group is a set of related packet inspection signatures.
Table 133 IDP Service Groups
WEB_PHP | WEB_MISC | WEB_IIS | WEB_FRONTPAGE |
|
|
|
|
WEB_CGI | WEB_ATTACKS | TFTP | TELNET |
|
|
|
|
SQL | SNMP | SMTP | RSERVICES |
|
|
|
|
RPC | POP3 | POP2 | P2P |
|
|
|
|
ORACLE | NNTP | NETBIOS | MYSQL |
|
|
|
|
MISC_EXPLOIT | MISC_DDOS | MISC_BACKDOOR | MISC |
|
|
|
|
428 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|