Intrusion Detection / Prevention
The DFL-200 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion
detection and prevention sensor that identifies and takes action against a wide variety of
suspicious network activity. The IDS uses intrusion signatures, stored in the attack database,
to identify the most common attacks. In response to an attack, the IDS protect the networks
behind the DFL-200 by dropping the traffic. To notify of the attack the IDS sends an email to
the system administrators if email alerting is converted. There are two modes that can be
configured, either
Inspection Only
or
Prevention.
Inspection Only will only inspect the traffic
and if the DFL-200 sees anything it will log, email an alert (if configured) and pass on the
traffic, if Prevention is used the traffic will be dropped and logged and if configured a email
alert will be sent.
D-Link updates the attack database periodically. Since firmware version 1.30.00 automatic
updates are possible. If IDS or IDP is enabled for at least one of the policies or port mappings,
auto updating of the IDS database will be enabled. The firewall will then automatically
download the latest database from the D-Link website.
Add a new policy
Follow these steps to add a new outgoing policy.
Step 1.
Choose the
LAN->WAN
policy list from the available policy lists.
Step 2.
Click on the
Add new
link.
Step 3.
Fill in the following values:
Name:
Specifies a symbolic name for the rule. This name is used mainly as a rule
reference in log data and for easy reference in the policy list.
Action:
Select
Allow
to allow this type of traffic.
Source Nets:
– Specifies the sender span of IP addresses to be compared to the
received packet. Leave this blank to match everything.
Source Users/Groups:
Specifies if an authenticated username is needed for this policy to
match. Either make a list of usernames, separated by
,
or write
Any
for any authenticated
user. If it’s left blank there is no need for authentication for the policy.
Destination Nets:
Specifies the span of IP addresses to be compared to the destination
IP of the received packet. Leave this blank to match everything.
Destination Users/Groups:
Specifies if an authenticated username is needed for this
policy to match. Either make a list of usernames, separated by
,
or write
Any
for any
authenticated user. If it’s left blank there is no need for authentication for the policy.
Service:
Either choose a predefined service from the dropdown menu or make a custom.
Schedule:
Choose what schedule should be used for this policy to match, choose Always
for no scheduling.
Click the
Apply
button below to apply the change or click
Cancel
to discard changes
Summary of Contents for DFL-200 - Security Appliance
Page 102: ...102 5 Select Connect to the network at my workplace and click Next ...
Page 103: ...6 Select Virtual Private Network connection and click Next ...
Page 104: ...104 7 Name the connection MainOffice and click Next ...
Page 105: ...8 Select Do not dial the initial connection and click Next ...
Page 106: ...106 9 Type the IP address to the server 194 0 2 20 and click Next 10 Click Finish ...
Page 129: ...VCCI Warning ...
Page 132: ...132 ...
Page 133: ......