-
ZyXEL Communications IDP 10 - page 1
ZyW ALL IDP 10 Intrusion Detection Prevention Appliance Support Notes V ersion 1.0 Aug 2004 ...
-
ZyXEL Communications IDP 10 - page 2
IDP Support Notes 2 INDEX Application Notes ............................................................................................................................ 4 Deploy IDP ................................................................................................................................4 Register ZyW ALL IDP ................. ...
-
ZyXEL Communications IDP 10 - page 3
IDP Support Notes 3 Why can’ t I input mail server address by domain nam e? ........................................................32 What’ s “Drop” and “Block Connection” for Action of User Defined Policy? ........................33 How to use URL String in Content setup of User-defined policy?......................................... ...
-
ZyXEL Communications IDP 10 - page 4
IDP Support Notes 4 Application Notes Deploy IDP IDP functions as a plug and play bridge device filtering malicious traf fic from attacking your networks. W ith continuous signa tures update, users can get free fr om network-based intrusions. In this example, we describe how to deploy and configure ZyW ALL IDP10 in a network. Since ZyW ALL IDP10 is ...
-
ZyXEL Communications IDP 10 - page 5
IDP Support Notes 5 Servers/PC 192.168.2.5-10 LAN1: 192.168.1.5-50 LAN2: 192.168.1.51-100 WLAN: 192.168.1.101-130 Data Center: 192.168.1.131-140 Device IDP (A) IDP (B) IDP (C) IP Address 192.168.1.141 192.168.1.142 192.168.1.143 Device IDP (D) IDP (E) IDP (F) IP Address 192.168.1.144 192.168.1.145 192.168.1.146 Purpose: IDP (A) Since network device ...
-
ZyXEL Communications IDP 10 - page 6
IDP Support Notes 6 Setup IP address of IDP (A, B, C, D, E, F) 1. Configure each IDP device’ s IP address. Since IDP is a bridge device, it only has one IP address for management purpose, IDP also uses this IP address to update signatures and the send system logs through syslog/E-mail/FTP . T o configure the system IP address of ID P device, user ...
-
ZyXEL Communications IDP 10 - page 7
IDP Support Notes 7 1. Connect one PC to IDP’ s management port by cr ossed Ethernet cable. Make sure MGMT port light is on. 2. Go to S tart->Settings->Network and Dial-up C onnections, and select the Ethernet connection you are connecting to IDP device. 3. Change PC’ s IP address to 192.168.1.5, subnet mask= 255.255.255.0 from properties ...
-
ZyXEL Communications IDP 10 - page 8
IDP Support Notes 8 5. Go to SYSTEM->General->Device, input IDP (A,)’ s IP address, subnet mask, default gateway , DNS server ’ s IP address. 6. Repeat step 1-5 to configure IDP (B, C, D, E, F) according to IP address assignment table. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 9
IDP Support Notes 9 Connect the MGMT/LAN/W AN ports of all IDP devices to the network according to the deployment topology (192.168.1.0/24). Login IDP (A, E)’ s WEB GUI; go to SYSTEM->INTERF ACE->Policy Check. Then enable policy checking on W AN port of IDP (A, E). Login IDP (B, C, D)’ s WEB GUI, go to SYST EM->INTERF ACE->Policy Ch ...
-
ZyXEL Communications IDP 10 - page 10
IDP Support Notes 10 Register ZyW ALL IDP ZyW ALL IDP comes with a “pre-defined” polic y set which requires subscription and can be update at regular bases. Having an up-to-date policy set is essentia l as new attack types evolve. 1. A “Device License Key” card is included in ZyW ALL IDP package for one year fre e subscription. All contents ...
-
ZyXEL Communications IDP 10 - page 11
IDP Support Notes 11 2. Go to ZyXEL Communications online services center . http://www .myZyXEL.com . 3. In case you haven't got an account on m yZyXE L.com, you need to get a new account. Please follow the instruction on myZyXEL.com ; we skip the description of detailed procedure in this article. If you get into trouble in th is step, please ...
-
ZyXEL Communications IDP 10 - page 12
IDP Support Notes 12 5. Press add button to add the Zy W A LL IDP you have. 6. In this step you need to enter Serial Number , Authentication Code (MAC address), and a Friendly Name for your product. Y ou can find serial number and MAC address at the bottom of your device. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 13
IDP Support Notes 13 7. Input the date you purchase the pr oduct, and the purpose of the buying. 8. Y ou would get a successful message. Then press Continue button. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 14
IDP Support Notes 14 9. From ZyW ALL IDP’ s Applicable Se rvice List, you will have a service " IDP Signature Update " available. Click Activate. 10. Enter the license key you get from “ Device License Key ” card. Then press Submit button. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 15
IDP Support Notes 15 1 1. After clicking Submit button, you will get an “ Activation Key ” and “ Service Set Key ”. An email with these keys will be sen d to your email address as well. 12. Y ou can copy & paste “ Activation Key ” to ZyW ALL IDP’ s Registration page. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor por ...
-
ZyXEL Communications IDP 10 - page 16
IDP Support Notes 16 Firmware Upgrade 1. Under Maintenance you can find F/W Upload tab. Click browse to select firmware file (.bin) and click Upload button to start firmware upload. 2. It may take few minutes for firmware upload process to finish. ZyW ALL IDP will reboot when firmware upload completed. All contents c opyright (c ) 2004 Zy XEL Comm ...
-
ZyXEL Communications IDP 10 - page 17
IDP Support Notes 17 Signature Update *Make sure you have registered your ZyW ALL IDP before you do the signature update. T o update pre-defined policy for your ZyW ALL ID P , login into ZyW ALL IDP via HTTP , go to IDP > Update and enter U pdate Server ’ s domain name (updateidp.zyxel.com ) 1. Y ou could click Update Now to force ZyW ALL IDP ...
-
ZyXEL Communications IDP 10 - page 18
IDP Support Notes 18 Configure User Defined Policy In this example, we describe the procedure of using user defined policy . W e take eMule application as an example. eMule is a P2P file sharing application. In th e following description we break down the procedure of how to get and analys is eMule traf fic pattern, and how to setup user defined po ...
-
ZyXEL Communications IDP 10 - page 19
IDP Support Notes 19 4. S tart ethereal packet capturing. 5. Initiate eMule connection from the internal PC, be sure to reduce unnecessary traf fic if possible. 6. S top packet capturing. 7. Analyze the packet. In ethereal, you will ge t 3 sub-windows. The first window displays summary of each packet in time sequence. In the second wind ow , you ca ...
-
ZyXEL Communications IDP 10 - page 20
IDP Support Notes 20 8. Count the TCP offset and the leng th of “http://emu le-prjoect.net” 9. Create User-defined policy in IDP . Login to IDP’ s WEB GUI; go to IDP->User -defined. W e’ll create a user -defined policy for TCP protocol, with offset=38 bytes, matching depth=24 bytes. Please note that the starting point of offset depends o ...
-
ZyXEL Communications IDP 10 - page 21
IDP Support Notes 21 After click Apply button, we get the summary of the user defined policy . All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 22
IDP Support Notes 22 All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 23
IDP Support Notes 23 IDP F AQ What is HIDS? Host intrusion detection system s are intrusion detection system s that are installed locally on host machines. This makes HIDS a very versatile system compared to NIDS. HIDS can be installed on many dif fer ent types (roles) of machines nam ely servers, workstations and notebook co mputers. This methodol ...
-
ZyXEL Communications IDP 10 - page 24
IDP Support Notes 24 Is IDP able to investigate VPN traf fic? No, VPN traf fics are encrypted, IDP is not able to decrypted VPN traffics, and thus it could not investigate VPN packets. Product F AQ What is ZyW ALL IDP10? ZyW ALL IDP10 f unctions as a plug and play bridge device f iltering malicious traf fic from attacking your networks. W ith conti ...
-
ZyXEL Communications IDP 10 - page 25
IDP Support Notes 25 crash? ZyW all IDP 10 does not support hardware bypa ss, so if your ZyW ALL IDP 10 lost power or crashed, you will need to either replace it or take it of f the network immediately . If I forget IDP’s p a ssword, how to reset the password to default? The default IDP user name/password is “admin/1234”. Customers can modify ...
-
ZyXEL Communications IDP 10 - page 26
IDP Support Notes 26 9600bps baud rate N81 data format (No Parity , 8 data bits, 1 stop bit) The baud rate of IDP10 is unchangeable. How to trouble shoot the false positive and false negative cases? Please capture the problematic packets through the following steps and send the packet trace back to ZyXEL support. The capturing can be done as follow ...
-
ZyXEL Communications IDP 10 - page 27
IDP Support Notes 27 When should I use VLAN T ag function? V irtual LAN, a groups of network devices (PC, router , etc…) that behave as if they are connected to the same wire even t hough they may actually be physically located on dif ferent segments of a LAN. If the computer you use to manage Zy W ALL IDP is in LAN with VLAN ID3, you must config ...
-
ZyXEL Communications IDP 10 - page 28
IDP Support Notes 28 Select Maintenance from the menu, and click Restart T ab Click Restart button to restart your ZyW ALL IDP . It may take few minutes before you can access the device again. Console Login using admin/1234, and type the comm and “reboot” to restart your device. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor porat ...
-
ZyXEL Communications IDP 10 - page 29
IDP Support Notes 29 What does "S tealth" mean, why should I need it? When you enable St e a l t h mode on an interface (W AN/LAN/MGMT), it will not respond to any type of traf fic intended for it; it will not respond to traf fic like ICMP echo request. Before hacker/cracker could infiltrate your network, hacker/cracker would need to take ...
-
ZyXEL Communications IDP 10 - page 30
IDP Support Notes 30 What's Pre-defined signature? Pre-defined signatures ar e signatures created by ZyXEL Security Response T eam (ZSR T) . These signatures are attack patterns or m isuse network behavior researched and studied by ZSRT , then compiled into a “p re-defined” policy set available for update. Why should I need to update signa ...
-
ZyXEL Communications IDP 10 - page 31
IDP Support Notes 31 And you should make sure your ZyW ALL IDP 10 has updated policy to the latest version. Go to W E B Interface Æ Home. I can’t download the latest policy from update server . How can I fix the problem? W e recommend users to update policy , send E-mail reports or syslogs through ZyW ALL I DP10’ s MGMT port (management port). ...
-
ZyXEL Communications IDP 10 - page 32
IDP Support Notes 32 stealth mode on W A N (or LAN ) interface. Additionally , since ZyW ALL IDP10 downloads the latest policies periodically from the update server (updateidp.z yxel.com). DNS server should be configured correctly on ZyW ALL IDP10 ( SYSTEM/GENEARL/Device/DNS Server ). How many User-defined policies can I have on ZyW ALL IDP 10? Y o ...
-
ZyXEL Communications IDP 10 - page 33
IDP Support Notes 33 What’s “Drop” and “Block Connecti on” for Action of User Defined Policy? Action of “Drop”, will drop the traf fic that matches the def ined policy silently . So the sender would not get any response or e rror/warning message about the action. “Block Connection” is for TCP traf fic, si nce UDP is a connectionle ...
-
ZyXEL Communications IDP 10 - page 34
IDP Support Notes 34 created to check Outgoing direction, it is applied on LAN interface. While a policy is set Bi-dir ectiona l, it is applied on both WA N and LAN interfaces. How to decide which Interface sh ould be applied for policy check? Users can setup policy check from WEB GUI/SYSTEM/INTERF ACE/Policy Check . Policy check acts as a switch t ...
-
ZyXEL Communications IDP 10 - page 35
IDP Support Notes 35 If the IDP is placed on the entry point of a W ireless LAN network, we recommend you to apply policy check on the W AN interface, due to the lack of security protection of W ireless LAN. In User-defined policy , what’ s the meaning of Matching Offset, Matching Depth? Matching Offset defines the payload start point. If Pr otoc ...
-
ZyXEL Communications IDP 10 - page 36
IDP Support Notes 36 What’s the priority among Pre-def i ned policy and User-defined policy? The User-defined policies are always checked before the Pre-defined policy . T r ouble Shooting In this part we’ll introduce the steps to trouble shoot when problems occur at customer side. Unable to Run Applications Step1. First of all, please switch y ...
-
ZyXEL Communications IDP 10 - page 37
IDP Support Notes 37 Step4. Search this policy by the Policy ID in IDP >> Pr e-defined>>Policy Sear ch . Step5. Under the search result, please change the Action taken to Log ONL Y and click Apply . All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...
-
ZyXEL Communications IDP 10 - page 38
IDP Support Notes 38 Step6. Switch your IDP back to Inline state and activate them by clicking Apply . Then try to run the application again. S tep7. Finally , it should be able to r un now . If possible, please provide us the application’ s name & version and the polic y ID and system inform ation including IDP 10’ s firmware version and p ...
-
ZyXEL Communications IDP 10 - page 39
IDP Support Notes 39 S tep8. If it was still unable to run then please repeat step 3, 4, 5 until identify and correct this False Positives policy . CLI Command List System related Command Command Description set log logmax Setup maximum log num ber the dev ice generated every second system passwd <value> Setup login password system tomeout Se ...
-
ZyXEL Communications IDP 10 - page 40
IDP Support Notes 40 stateful <ON/OFF> Enable/disable TCP state check integrity <ON/OFF> Setup TCP idle timeout tcptimeout <value> Setup maximum ping lengt h pinglen <value > Setup maximum ping packet number per second pingmax <value> wan Setup maximum ping packet accepted at wan port lan Setup maximum ping packet acce ...
-
ZyXEL Communications IDP 10 - page 41
IDP Support Notes 41 off Disable remote SSH access acl <ip address> Setup access control list ip address web on <CAN+MGMT/W AN+MGMT/MGM T/ALL> Enable remote web access from LAN+MGMT/W AN+MGMT / MGMT ONL Y/ALL port off Disable remote w e access acl <ip address> Setup access control list ip address get state Get system state log Get ...
-
ZyXEL Communications IDP 10 - page 42
IDP Support Notes 42 Debug mode CLI Command Command Description set system ip <ip> Setup device temporar y ip address in the debug mode mask <mask> Setup device temporar y ip mask in the debug mode gat ew ay <gateway ip> Setup device temporar y ip gateway in the debug mode server <server ip > Setup device temporar y server i ...
ZyXEL Communications IDP 10についてご質問がありますか?
次のフォームを使用してください
見つけた説明書を読んでもZyXEL Communications IDP 10の問題を解決できない場合、下記のフォームを使用して質問をしましょう。ユーザーのどなたかがZyXEL Communications IDP 10で同様の問題を抱えていた場合、その解決方法を共有したいと考えるかもしれません。