hit counter script

Setting Up Idp - D-Link NetDefendOS User Manual

Network security firewall
Hide thumbs Also See for NetDefendOS:
Table of Contents

Advertisement

application, for example MSSQL. The Sub-Category may not be necessary if the Type and
Category are sufficient to specify the group, for example APP_ITUNES.
Listing of IDP Groups
A listing of IDP groupings can be found in Appendix B, IDP Signature Groups. The listing shows
group names consisting of the Category followed by the Sub-Category, since the Type could be
any of IDS, IPS or POLICY.
Processing Multiple Actions
For any IDP rule, it is possible to specify multiple actions and an action type such as Protect can
be repeated. Each action will then have one or more signatures or groups associated with it.
When signature matching occurs it is done in a top-down fashion, with matching for the
signatures for the first action specified being done first.
IDP Signature Wildcarding
When selecting IDP signature groups, it is possible to use wildcarding to select more than one
group. The "?" character can be used to wildcard for a single character in a group name.
Alternatively, the "*" character can be used to wildcard for any set of characters of any length in a
group name.

6.6.7. Setting Up IDP

The steps for setting up IDP are as follows:
Create an IDP Rule object which identifies the traffic to be processed.
Add one or more IDP RUle Action objects to the rule which specify:
i.
The IDP signatures to be used when scanning the traffic targeted by the rule.
ii.
The action to take when a signature triggers.
IDP Blacklisting
The Protect option includes the option that the particular host or network that triggers the IDP
Rule can be added to a Blacklist of offending traffic sources. This means that all subsequent traffic
Caution: Use the minimum IDP signatures necessary
Do not use the entire signature database and avoid using signatures and signature
groups unnecessarily. Instead, use only those signatures or groups applicable to the type
of traffic being protected.
For example, using only the IDP groups IDS_WEB*, IPS_WEB*, IDS_HTTP* and
IPS_HTTP* would be appropriate for protecting an HTTP server.
IDP traffic scanning creates an additional load on the hardware that, in most cases,
should not noticeably degrade performance. Using too many signatures during
scanning can make the load on the hardware unnecessarily high, adversely affecting
throughput.
559
Chapter 6: Security Mechanisms

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents