6.5. Intrusion Detection and Prevention
6.5.1. Overview
Intrusion Definition
Computer servers can sometimes have vulnerabilities which leave them exposed to attacks carried
by network traffic. Worms, trojans and backdoor exploits are examples of such attacks which, if
successful, can potentially compromise or take control of a server. A generic term that can be used
to describe these server orientated threats are intrusions.
Intrusion Detection
Intrusions differ from viruses in that a virus is normally contained in a single file download and this
is normally downloaded to a client system. An intrusion manifests itself as a malicious pattern of
Internet data aimed at bypassing server security mechanisms. Intrusions are not uncommon and they
can constantly evolve as their creation can be automated by the attacker. NetDefendOS IDP
provides an important line of defense against these threats.
Intrusion Detection and Prevention (IDP) is a NetDefendOS module that is designed to protect
against these intrusion attempts. It operates by monitoring network traffic as it passes through the
D-Link Firewall, searching for patterns that indicate an intrusion is being attempted. Once detected,
NetDefendOS IDP allows steps to be taken to neutralize both the intrusion attempt as well as its
source.
IDP Issues
In order to have an effective and reliable IDP system, the following issues have to be addressed:
1.
What kinds of traffic should be analyzed?
2.
What should we search for in that traffic?
3.
What action should be carried out when an intrusion is detected?
NetDefendOS IDP Components
NetDefendOS IDP addresses the above issues with the following mechanisms:
1.
IDP Rules are defined up by the administrator to determine what traffic should be scanned.
2.
Pattern Matching is applied by NetDefendOS IDP to the traffic that matches an IDP Rule as it
streams through the firewall.
3.
If NetDefendOS IDP detects an intrusion then the Action specified for the triggering IDP Rule
is taken.
IDP Rules, Pattern Matching and IDP Rule Actions are described in the sections which follow.
6.5.2. IDP Availability in D-Link Models
Maintenance and Advanced IDP
D-Link offers two types of IDP:
6.5. Intrusion Detection and
Prevention
Chapter 6. Security Mechanisms
265
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...