•
Intrusion Protection Signatures (IPS)
These are highly accurate and a match is almost certainly an indicator of a threat. Using the
Protect action is recommended. These signatures can detect administrative actions and
security scanners.
•
Intrusion Detection Signatures (IDS)
These can detect events that may be intrusions. They have lower accuracy than IPS and may
give some false positives so it is recommended that the Audit action is always used. Using
them with Protect may interrupt normal traffic.
•
Policy Signatures
These detect different types of application traffic. They can be used to block certain
applications such as file sharing applications and instant messaging.
6.6.6. IDP Signature Groups
Using Groups
Usually, several lines of attacks exist for a specific protocol, and it is best to search for all of them
at the same time when analyzing network traffic. To do this, signatures related to a particular
protocol are grouped together. For example, all signatures that refer to the FTP protocol form a
group. It is best to specify a group that relates to the traffic being searched than be concerned
about individual signatures. For performance purposes, the aim should be to have NetDefendOS
search data using the least possible number of signatures.
Specifying Signature Groups
IDP Signature Groups fall into a three level hierarchical structure. The top level of this hierarchy is
the signature
Type
, the second level the
Category
and the third level the
Sub-Category
. The
signature group called POLICY_DB_MSSQL illustrates this principle where Policy is the
Type
, DB
is the
Category
and MSSQL is the
Sub-Category
. These 3 signature components are explained
below:
1. Signature Group Type
The group type is one of the values
IDS
,
IPS
or
Policy
. These types are explained above.
2. Signature Group Category
This second level of naming describes the type of application or protocol. Examples are:
•
BACKUP
•
DB
•
DNS
•
FTP
•
HTTP
3. Signature Group Sub-Category
The third level of naming further specifies the target of the group and often specifies the
Chapter 6: Security Mechanisms
558
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...