English dropdown-ico

Manual ZyXEL Communications IDP 10

42 pages 2.08 mb
Download

Go to site of 42

Summary
  • ZyXEL Communications IDP 10 - page 1

    ZyW ALL IDP 10 Intrusion Detection Prevention Appliance Support Notes V ersion 1.0 Aug 2004 ...

  • ZyXEL Communications IDP 10 - page 2

    IDP Support Notes 2 INDEX Application Notes ............................................................................................................................ 4 Deploy IDP ................................................................................................................................4 Register ZyW ALL IDP ................. ...

  • ZyXEL Communications IDP 10 - page 3

    IDP Support Notes 3 Why can’ t I input mail server address by domain nam e? ........................................................32 What’ s “Drop” and “Block Connection” for Action of User Defined Policy? ........................33 How to use URL String in Content setup of User-defined policy?......................................... ...

  • ZyXEL Communications IDP 10 - page 4

    IDP Support Notes 4 Application Notes Deploy IDP IDP functions as a plug and play bridge device filtering malicious traf fic from attacking your networks. W ith continuous signa tures update, users can get free fr om network-based intrusions. In this example, we describe how to deploy and configure ZyW ALL IDP10 in a network. Since ZyW ALL IDP10 is ...

  • ZyXEL Communications IDP 10 - page 5

    IDP Support Notes 5 Servers/PC 192.168.2.5-10 LAN1: 192.168.1.5-50 LAN2: 192.168.1.51-100 WLAN: 192.168.1.101-130 Data Center: 192.168.1.131-140 Device IDP (A) IDP (B) IDP (C) IP Address 192.168.1.141 192.168.1.142 192.168.1.143 Device IDP (D) IDP (E) IDP (F) IP Address 192.168.1.144 192.168.1.145 192.168.1.146 Purpose: IDP (A) Since network device ...

  • ZyXEL Communications IDP 10 - page 6

    IDP Support Notes 6 Setup IP address of IDP (A, B, C, D, E, F) 1. Configure each IDP device’ s IP address. Since IDP is a bridge device, it only has one IP address for management purpose, IDP also uses this IP address to update signatures and the send system logs through syslog/E-mail/FTP . T o configure the system IP address of ID P device, user ...

  • ZyXEL Communications IDP 10 - page 7

    IDP Support Notes 7 1. Connect one PC to IDP’ s management port by cr ossed Ethernet cable. Make sure MGMT port light is on. 2. Go to S tart->Settings->Network and Dial-up C onnections, and select the Ethernet connection you are connecting to IDP device. 3. Change PC’ s IP address to 192.168.1.5, subnet mask= 255.255.255.0 from properties ...

  • ZyXEL Communications IDP 10 - page 8

    IDP Support Notes 8 5. Go to SYSTEM->General->Device, input IDP (A,)’ s IP address, subnet mask, default gateway , DNS server ’ s IP address. 6. Repeat step 1-5 to configure IDP (B, C, D, E, F) according to IP address assignment table. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 9

    IDP Support Notes 9 Connect the MGMT/LAN/W AN ports of all IDP devices to the network according to the deployment topology (192.168.1.0/24). Login IDP (A, E)’ s WEB GUI; go to SYSTEM->INTERF ACE->Policy Check. Then enable policy checking on W AN port of IDP (A, E). Login IDP (B, C, D)’ s WEB GUI, go to SYST EM->INTERF ACE->Policy Ch ...

  • ZyXEL Communications IDP 10 - page 10

    IDP Support Notes 10 Register ZyW ALL IDP ZyW ALL IDP comes with a “pre-defined” polic y set which requires subscription and can be update at regular bases. Having an up-to-date policy set is essentia l as new attack types evolve. 1. A “Device License Key” card is included in ZyW ALL IDP package for one year fre e subscription. All contents ...

  • ZyXEL Communications IDP 10 - page 11

    IDP Support Notes 11 2. Go to ZyXEL Communications online services center . http://www .myZyXEL.com . 3. In case you haven't got an account on m yZyXE L.com, you need to get a new account. Please follow the instruction on myZyXEL.com ; we skip the description of detailed procedure in this article. If you get into trouble in th is step, please ...

  • ZyXEL Communications IDP 10 - page 12

    IDP Support Notes 12 5. Press add button to add the Zy W A LL IDP you have. 6. In this step you need to enter Serial Number , Authentication Code (MAC address), and a Friendly Name for your product. Y ou can find serial number and MAC address at the bottom of your device. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 13

    IDP Support Notes 13 7. Input the date you purchase the pr oduct, and the purpose of the buying. 8. Y ou would get a successful message. Then press Continue button. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 14

    IDP Support Notes 14 9. From ZyW ALL IDP’ s Applicable Se rvice List, you will have a service " IDP Signature Update " available. Click Activate. 10. Enter the license key you get from “ Device License Key ” card. Then press Submit button. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 15

    IDP Support Notes 15 1 1. After clicking Submit button, you will get an “ Activation Key ” and “ Service Set Key ”. An email with these keys will be sen d to your email address as well. 12. Y ou can copy & paste “ Activation Key ” to ZyW ALL IDP’ s Registration page. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor por ...

  • ZyXEL Communications IDP 10 - page 16

    IDP Support Notes 16 Firmware Upgrade 1. Under Maintenance you can find F/W Upload tab. Click browse to select firmware file (.bin) and click Upload button to start firmware upload. 2. It may take few minutes for firmware upload process to finish. ZyW ALL IDP will reboot when firmware upload completed. All contents c opyright (c ) 2004 Zy XEL Comm ...

  • ZyXEL Communications IDP 10 - page 17

    IDP Support Notes 17 Signature Update *Make sure you have registered your ZyW ALL IDP before you do the signature update. T o update pre-defined policy for your ZyW ALL ID P , login into ZyW ALL IDP via HTTP , go to IDP > Update and enter U pdate Server ’ s domain name (updateidp.zyxel.com ) 1. Y ou could click Update Now to force ZyW ALL IDP ...

  • ZyXEL Communications IDP 10 - page 18

    IDP Support Notes 18 Configure User Defined Policy In this example, we describe the procedure of using user defined policy . W e take eMule application as an example. eMule is a P2P file sharing application. In th e following description we break down the procedure of how to get and analys is eMule traf fic pattern, and how to setup user defined po ...

  • ZyXEL Communications IDP 10 - page 19

    IDP Support Notes 19 4. S tart ethereal packet capturing. 5. Initiate eMule connection from the internal PC, be sure to reduce unnecessary traf fic if possible. 6. S top packet capturing. 7. Analyze the packet. In ethereal, you will ge t 3 sub-windows. The first window displays summary of each packet in time sequence. In the second wind ow , you ca ...

  • ZyXEL Communications IDP 10 - page 20

    IDP Support Notes 20 8. Count the TCP offset and the leng th of “http://emu le-prjoect.net” 9. Create User-defined policy in IDP . Login to IDP’ s WEB GUI; go to IDP->User -defined. W e’ll create a user -defined policy for TCP protocol, with offset=38 bytes, matching depth=24 bytes. Please note that the starting point of offset depends o ...

  • ZyXEL Communications IDP 10 - page 21

    IDP Support Notes 21 After click Apply button, we get the summary of the user defined policy . All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 22

    IDP Support Notes 22 All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 23

    IDP Support Notes 23 IDP F AQ What is HIDS? Host intrusion detection system s are intrusion detection system s that are installed locally on host machines. This makes HIDS a very versatile system compared to NIDS. HIDS can be installed on many dif fer ent types (roles) of machines nam ely servers, workstations and notebook co mputers. This methodol ...

  • ZyXEL Communications IDP 10 - page 24

    IDP Support Notes 24 Is IDP able to investigate VPN traf fic? No, VPN traf fics are encrypted, IDP is not able to decrypted VPN traffics, and thus it could not investigate VPN packets. Product F AQ What is ZyW ALL IDP10? ZyW ALL IDP10 f unctions as a plug and play bridge device f iltering malicious traf fic from attacking your networks. W ith conti ...

  • ZyXEL Communications IDP 10 - page 25

    IDP Support Notes 25 crash? ZyW all IDP 10 does not support hardware bypa ss, so if your ZyW ALL IDP 10 lost power or crashed, you will need to either replace it or take it of f the network immediately . If I forget IDP’s p a ssword, how to reset the password to default? The default IDP user name/password is “admin/1234”. Customers can modify ...

  • ZyXEL Communications IDP 10 - page 26

    IDP Support Notes 26 9600bps baud rate N81 data format (No Parity , 8 data bits, 1 stop bit) The baud rate of IDP10 is unchangeable. How to trouble shoot the false positive and false negative cases? Please capture the problematic packets through the following steps and send the packet trace back to ZyXEL support. The capturing can be done as follow ...

  • ZyXEL Communications IDP 10 - page 27

    IDP Support Notes 27 When should I use VLAN T ag function? V irtual LAN, a groups of network devices (PC, router , etc…) that behave as if they are connected to the same wire even t hough they may actually be physically located on dif ferent segments of a LAN. If the computer you use to manage Zy W ALL IDP is in LAN with VLAN ID3, you must config ...

  • ZyXEL Communications IDP 10 - page 28

    IDP Support Notes 28 Select Maintenance from the menu, and click Restart T ab Click Restart button to restart your ZyW ALL IDP . It may take few minutes before you can access the device again. Console Login using admin/1234, and type the comm and “reboot” to restart your device. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor porat ...

  • ZyXEL Communications IDP 10 - page 29

    IDP Support Notes 29 What does "S tealth" mean, why should I need it? When you enable St e a l t h mode on an interface (W AN/LAN/MGMT), it will not respond to any type of traf fic intended for it; it will not respond to traf fic like ICMP echo request. Before hacker/cracker could infiltrate your network, hacker/cracker would need to take ...

  • ZyXEL Communications IDP 10 - page 30

    IDP Support Notes 30 What's Pre-defined signature? Pre-defined signatures ar e signatures created by ZyXEL Security Response T eam (ZSR T) . These signatures are attack patterns or m isuse network behavior researched and studied by ZSRT , then compiled into a “p re-defined” policy set available for update. Why should I need to update signa ...

  • ZyXEL Communications IDP 10 - page 31

    IDP Support Notes 31 And you should make sure your ZyW ALL IDP 10 has updated policy to the latest version. Go to W E B Interface Æ Home. I can’t download the latest policy from update server . How can I fix the problem? W e recommend users to update policy , send E-mail reports or syslogs through ZyW ALL I DP10’ s MGMT port (management port). ...

  • ZyXEL Communications IDP 10 - page 32

    IDP Support Notes 32 stealth mode on W A N (or LAN ) interface. Additionally , since ZyW ALL IDP10 downloads the latest policies periodically from the update server (updateidp.z yxel.com). DNS server should be configured correctly on ZyW ALL IDP10 ( SYSTEM/GENEARL/Device/DNS Server ). How many User-defined policies can I have on ZyW ALL IDP 10? Y o ...

  • ZyXEL Communications IDP 10 - page 33

    IDP Support Notes 33 What’s “Drop” and “Block Connecti on” for Action of User Defined Policy? Action of “Drop”, will drop the traf fic that matches the def ined policy silently . So the sender would not get any response or e rror/warning message about the action. “Block Connection” is for TCP traf fic, si nce UDP is a connectionle ...

  • ZyXEL Communications IDP 10 - page 34

    IDP Support Notes 34 created to check Outgoing direction, it is applied on LAN interface. While a policy is set Bi-dir ectiona l, it is applied on both WA N and LAN interfaces. How to decide which Interface sh ould be applied for policy check? Users can setup policy check from WEB GUI/SYSTEM/INTERF ACE/Policy Check . Policy check acts as a switch t ...

  • ZyXEL Communications IDP 10 - page 35

    IDP Support Notes 35 If the IDP is placed on the entry point of a W ireless LAN network, we recommend you to apply policy check on the W AN interface, due to the lack of security protection of W ireless LAN. In User-defined policy , what’ s the meaning of Matching Offset, Matching Depth? Matching Offset defines the payload start point. If Pr otoc ...

  • ZyXEL Communications IDP 10 - page 36

    IDP Support Notes 36 What’s the priority among Pre-def i ned policy and User-defined policy? The User-defined policies are always checked before the Pre-defined policy . T r ouble Shooting In this part we’ll introduce the steps to trouble shoot when problems occur at customer side. Unable to Run Applications Step1. First of all, please switch y ...

  • ZyXEL Communications IDP 10 - page 37

    IDP Support Notes 37 Step4. Search this policy by the Policy ID in IDP >> Pr e-defined>>Policy Sear ch . Step5. Under the search result, please change the Action taken to Log ONL Y and click Apply . All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration. ...

  • ZyXEL Communications IDP 10 - page 38

    IDP Support Notes 38 Step6. Switch your IDP back to Inline state and activate them by clicking Apply . Then try to run the application again. S tep7. Finally , it should be able to r un now . If possible, please provide us the application’ s name & version and the polic y ID and system inform ation including IDP 10’ s firmware version and p ...

  • ZyXEL Communications IDP 10 - page 39

    IDP Support Notes 39 S tep8. If it was still unable to run then please repeat step 3, 4, 5 until identify and correct this False Positives policy . CLI Command List System related Command Command Description set log logmax Setup maximum log num ber the dev ice generated every second system passwd <value> Setup login password system tomeout Se ...

  • ZyXEL Communications IDP 10 - page 40

    IDP Support Notes 40 stateful <ON/OFF> Enable/disable TCP state check integrity <ON/OFF> Setup TCP idle timeout tcptimeout <value> Setup maximum ping lengt h pinglen <value > Setup maximum ping packet number per second pingmax <value> wan Setup maximum ping packet accepted at wan port lan Setup maximum ping packet acce ...

  • ZyXEL Communications IDP 10 - page 41

    IDP Support Notes 41 off Disable remote SSH access acl <ip address> Setup access control list ip address web on <CAN+MGMT/W AN+MGMT/MGM T/ALL> Enable remote web access from LAN+MGMT/W AN+MGMT / MGMT ONL Y/ALL port off Disable remote w e access acl <ip address> Setup access control list ip address get state Get system state log Get ...

  • ZyXEL Communications IDP 10 - page 42

    IDP Support Notes 42 Debug mode CLI Command Command Description set system ip <ip> Setup device temporar y ip address in the debug mode mask <mask> Setup device temporar y ip mask in the debug mode gat ew ay <gateway ip> Setup device temporar y ip gateway in the debug mode server <server ip > Setup device temporar y server i ...

Manufacturer ZyXEL Communications Category Computer Drive

Documents that we receive from a manufacturer of a ZyXEL Communications IDP 10 can be divided into several groups. They are, among others:
- ZyXEL Communications technical drawings
- IDP 10 manuals
- ZyXEL Communications product data sheets
- information booklets
- or energy labels ZyXEL Communications IDP 10
All of them are important, but the most important information from the point of view of use of the device are in the user manual ZyXEL Communications IDP 10.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals ZyXEL Communications IDP 10, service manual, brief instructions and user manuals ZyXEL Communications IDP 10. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product ZyXEL Communications IDP 10.

Similar manuals

A complete manual for the device ZyXEL Communications IDP 10, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use ZyXEL Communications IDP 10 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of ZyXEL Communications IDP 10.

A complete ZyXEL Communications manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual ZyXEL Communications IDP 10 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the ZyXEL Communications IDP 10, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the ZyXEL Communications IDP 10, that we can find in the current document
3. Tips how to use the basic functions of the device ZyXEL Communications IDP 10 - which should help us in our first steps of using ZyXEL Communications IDP 10
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with ZyXEL Communications IDP 10
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of ZyXEL Communications IDP 10 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning ZyXEL Communications IDP 10?

Use the form below

If you did not solve your problem by using a manual ZyXEL Communications IDP 10, ask a question using the form below. If a user had a similar problem with ZyXEL Communications IDP 10 it is likely that he will want to share the way to solve it.

Copy the text from the picture

Captcha
New picture

Comments (0)