![D-Link DFL-2400 [52/112] Olicy based](/img/pdf.png)
D-Link DFL-2400 [52/112] Olicy based
![D-Link DFL-2400 [52/112] Olicy based](/views2/1045579/page52/bg34.png)
DFL-2100/DFL-2400 Intrusion Detection System User Manual
4
2
5
5 POLICY BASED IDS
What is a Policy?
The policy is the most important information in the DFL-2100/ DFL-2400 IDS
Management System. A policy tells DFL-2100/DFL-2400 how to detect an attack, how to
response when an attack is detected, what to protect and when to protect. Therefore, a
policy consists of policy information, defense describe, protect scope, schedule, actions
and some high level information such as class, issued date and etc.
The Policy Book
The policy book is divided into two tables. The upper table is “Network Attack
Defense Policies” and the lower table is “DDoS Attack Defense Policies”. The reason of
dividing these policies into different categories is because the detection methods are quite
different inherently. The “Network Attack Defense Policies” employ the pattern matching
while the “DDoS Attack Defense Policies” use statistical modeling.
Figure 5-1: Policy Book
Содержание
- Dfl 2100 dfl 2400 1
- Intrusion detection system 1
- User manual 1
- Hardware 2
- Limited warranty 2
- Software 2
- Copyright statement 3
- D link offices for registration and warranty service 3
- Limitation of liability 3
- Limitation of warranties 3
- Trademarks 3
- Bsmi warning 4
- Ce mark warning 4
- Fcc warning 4
- Vcci a warning 4
- Table of contents 5
- Overview of this user manual 9
- Key features 11
- Ntroduction 11
- What is dfl 2100 dfl 2400 11
- Figure 1 1 dfl 2100 dfl 2400 ids network architecture 12
- Network architecture 12
- The dfl 2100 dfl 2400 family 13
- Install dfl 2100 dfl 2400 14
- Nitial 14
- Nstallation and 14
- Configure the dfl 2100 dfl 2400 15
- Figure 2 2 cable connection 15
- Install policy server software 15
- Getting started 16
- Manager 16
- Policy server initial screen 16
- Setting system parameters 16
- Starting the system 16
- Figure 2 3 the dfl 2100 dfl 2400 main page 17
- Get certification 17
- Getting certification 17
- The java plug in 17
- Figure 2 4 get certification 18
- Figure 2 5 dfl 2100 dfl 2400 management system login screen 18
- Manage your dfl 2100 dfl 2400 18
- Start dfl 2100 dfl 2400 management system 18
- Add new dfl 2100 dfl 2400 19
- Figure 2 6 dfl 2100 dfl 2400 management main screen 19
- Figure 2 7 add a dfl 2100 dfl 2400 dialog 19
- Figure 2 8 add policies dialog 20
- Load newest defense policies 20
- Figure 2 10 download latest attack pattern 21
- Figure 2 9 download latest attack pattern 21
- Figure 2 11 make sure the defense policies to take effect 22
- Summary of steps 22
- Dfl 2100 dfl 2400 console ssh system 23
- Ommand 23
- Help command 24
- Help get 24
- Help set 24
- The command classes 24
- Help arp 25
- Help netstat 25
- Help ping 25
- Help reset 25
- Get system 26
- Help reboot 26
- Query command 26
- Get log 27
- Get time 27
- Get interface 28
- Get psserver 28
- Get snmp 28
- Get state 28
- Set command 29
- Set system 30
- Set system detect 31
- Set time 31
- Set interface 32
- Set interface link 32
- Set interface stealth 33
- Set psserver 33
- 68 68 48 7596 10 7596 udp 34
- Figure 3 1 set policy server sample 34
- Figure 3 2 set policy server virtual ip sample figure 3 2 set policy server virtual ip sample 34
- Figure 3 3 set private ports service for policy server figure 3 3 set private ports service for policy server 34
- Firewall example netscreen 34
- Port 7595 and 7596 are private ports for dfl 2100 dfl 2400 management system 34
- Set psserver ip 192 68 68 48 34
- The firewall or nat must reconfigure port mapping as the firewall or nat must reconfigure port mapping as 192 68 68 48 7595 10 7595 tcp 34
- Figure 3 4 firewall must open the private service for dfl 2100 dfl 2400 35
- Set snmp 35
- Set state 35
- Miscellaneous commands 36
- Netstat 37
- Reboot 38
- Anagement 39
- Dfl 2100 2400 ids management main screen 39
- Dfl 2100 dfl 2400 management system main screen 40
- Figure 4 2 dfl 2100 40
- Manage dfl 2100 dfl 2400 40
- Management system main screen 40
- Add a dfl 2100 dfl 2400 41
- Figure 4 3 dfl 2100 41
- Figure 4 4 add a dfl 2100 dfl 2400 dialog 41
- Ids tree view 41
- Table 4 tree view icons and descriptions 41
- Figure 4 5 modify this dfl 2100 dfl 2400 dialog 42
- Modify a dfl 2100 dfl 2400 42
- Remove a dfl 2100 dfl 2400 42
- Dfl 2100 dfl 2400 configure and setting 43
- Dfl 2100 dfl 2400 device information 43
- Figure 4 6 dfl 2100 dfl 2400 device information dialog 43
- Setting dfl 2100 dfl 2400 parameters 43
- Figure 4 7 set device parameters dialog 44
- User manage 44
- Add new user 45
- Figure 4 8 user manage window 45
- Figure 4 9 add new user dialog 45
- Delete user 46
- Edit user 46
- Figure 4 10 remove user dialog 46
- Figure 4 11 change password dialog 47
- Figure 4 12 edit user permission dialog figure 4 12 edit user permission dialog 47
- Export books 48
- Figure 4 13 export policy and books to policy server dialog 48
- Ids management system miscellaneous functions 48
- Management system 48
- Table 4 1 the function list of dfl 2100 48
- Figure 4 14 export policy and books to local host dialog 49
- Figure 4 15 import policy from policy server dialog 49
- Import books 49
- Another way to back up books is to print them out in papers when the print button 50
- Figure 4 16 import policy from local host dialog 50
- On the toolbar is pressed the current loaded book will be prepared to print out the print preview screen as the following figure will show up click print to print it out otherwise click cancel to close this screen 50
- Print books 50
- About dfl 2100 dfl 2400 ids management system 51
- Dfl 2100 dfl 2400 ids reporting system 51
- Figure 4 17 print policy book preview screen 51
- Figure 4 18 dfl 2100 51
- Management system information 51
- Olicy based 52
- The policy book 52
- What is a policy 52
- Load latest attack pattern 53
- Change the priority of policies 55
- Figure 5 5 click the confirm button after change defense policies 55
- Figure 5 6 network defense policies database 56
- Network defense policies database 56
- Figure 5 7 policy list screen 57
- Select a defense policy 57
- Select defense policy 57
- Each policy has detail description about defense attack attributes administrator can get the detail description and recommend action 59
- Figure 5 9 the attack attributes frame 59
- Policy attribute 59
- Defense policy 60
- Define policy protect scope 60
- Figure 5 10 the defense policy property frame 60
- Figure 5 11 directional protect scope 60
- Figure 5 12 un directional protect scope 61
- Figure 5 13 pick protect scope figure 5 13 pick protect scope 61
- Set ddos parameters 61
- Define policy actions 62
- Figure 5 14 the ddos parameters setup 62
- Figure 5 15 the actions setup 62
- Define policy action schedule 63
- Figure 5 16 the schedule setup 63
- Define your own defense policy 64
- Efense 64
- Figure 6 2 the define new defense policy window 65
- Figure 6 3 the defense policy attributes frame 66
- Fill defense policy attributes 66
- Determine the action while being attacked 67
- Determine the recognize condition 67
- Figure 6 4 the recognize condition frame 67
- Figure 6 5 the actions frame 67
- Figure 6 6 the schedule frame 67
- Pick up the schedule 67
- Description 68
- Figure 6 7 the policy information 68
- When we define a new attack policy we should give some reference information about this attack it will be very useful for other user to understand the policy there is some information filed about the policy should be descript 68
- Figure 6 8 the comparison operations 69
- Fill the packet criteria 69
- Table 6 1 protocol type and policy property tabs 69
- The comparison operations 69
- Figure 6 9 the ip tab 70
- The ip tab 70
- Figure 6 10 the tcp tab 71
- The tcp tab 71
- Figure 6 11 the udp tab 72
- Figure 6 12 the select from service book 72
- The udp tab 72
- Figure 6 13 the icmp tab 73
- The icmp tab 73
- Figure 6 14 the igmp tab 74
- The igmp tab 74
- The content tab 75
- Figure 6 15 the content tab 76
- Edit service book 77
- Efinition 77
- Rocess 77
- Figure 7 1 add a service dialog 78
- Figure 7 2 modify a service dialog 78
- Modify a service 78
- Delete a service 79
- Edit address book 79
- Add an address 80
- Figure 7 3 add a new address dialog 80
- Delete an address 81
- Figure 7 4 modify an address dialog 81
- Modify an address 81
- Add a group 82
- Edit group book 82
- Figure 7 5 add a new group dialog 82
- Delete a group 83
- Figure 7 6 modify a group dialog 83
- Modify a group 83
- Add a schedule 84
- Edit schedule book 84
- Figure 7 7 add a new schedule dialog 84
- Delete a schedule 85
- Figure 7 8 modify this schedule dialog 85
- Modify a schedule 85
- Eporting 86
- The dfl 2100 dfl 2400 ids reporting system 86
- Figure 8 1 the main screen of dfl 2100 87
- Reporting system 87
- Start to use dfl 2100 dfl 2400 ids reporting system 87
- Figure 8 2 on line real time monitoring network attack 88
- Figure 8 3 enlarge and narrow the real time monitoring screen of network attack figure 8 3 enlarge and narrow the real time monitoring screen of network attack 88
- Of dfl 2100 dfl 2400 ids reporting system provides real time warnings of network attacks in the form of text for the system manager to fully understand the current situation of network at a glance the monitoring function classifies the threatening levels of network attacks into 5 real time monitoring screens serious threat high level threat medium level threat low level threat and slight threat 88
- Real time network attack monitor 88
- The on line real time network attack monitor 88
- Figure 8 4 report inquiry screen of attacks 89
- Network attack report 89
- Browse of main attack events 90
- Figure 8 5 the inquiry screen of attack events ranking report 90
- Figure 8 6 the inquiry screen of the host attacked ranking 90
- Figure 8 7 the detail information on the inquiry screen of attacked host 91
- Figure 8 8 the detailed analysis screen of attack packet 91
- Figure 8 10 the inquiry screen of attack types ranking figure 8 10 the inquiry screen of attack types ranking 92
- Figure 8 9 the inquiry screen of attack types ranking 92
- Figure 8 11 the inquiry screen of detailed information on attack events 93
- Figure 8 12 the detailed analysis screen of attack packets 93
- Figure 8 13 the inquiry screen of attack warning ranking 94
- Figure 8 14 the inquiry screen of the danger attack ranking figure 8 14 the inquiry screen of the danger attack ranking 94
- Figure 8 15 the browse and inquiry screen of attack events 95
- Figure 8 16 the screen of attack events result 95
- Inquiry about important attacks 95
- Figure 8 17 the screen of number of attack events 96
- Figure 8 18 the analysis screen of attack packet 96
- Figure 8 19 the screen of attack events results 97
- Figure 8 20 a monthly report of attack events figure 8 20 a monthly report of attack events 97
- Statistical analysis of attack events 97
- Figure 8 21 a weekly report of attack events 98
- Figure 8 22 the selection of a continuous time period 98
- Selections of inquiring time 98
- Figure 8 23 the selection of discontinuous periods 99
- Figure 8 24 web based print preview 100
- The report print function 100
- Figure 8 25 attacks are displayed in the form of a pie chart 101
- Real time traffic monitor 101
- Table 8 3 the options of on line real time traffic monitor 101
- Button is clicked a dialogue box of time setup would appear for setting 102
- Figure 8 26 real time traffic monitoring 102
- Figure 8 27 set up data update time for real time traffic monitoring 102
- Set up time for real time data update 102
- The system manager can set up data update time for flow monitoring after 102
- Figure 8 28 the reviewing screen of system event records 103
- System events 103
- Change display language 104
- Change warning levels 104
- Figure 8 29 change display language 104
- Figure 8 30 change warning levels 104
- Introduction of other important tools 104
- Figure 8 31 the warning dialogue box displays when the system is attacked 105
- Figure 8 32 use this dialogue box to enable the e mail trap 105
- Figure 8 33 set up time report as ftp output 106
- Set up the schedule report output form 106
- Figure 8 34 set up a time report as mail output 107
- Figure 8 35 the schedule summary report 107
- Close button click on this button to go back to the main screen version information this field includes version information of the system 108
- Figure 8 36 the dialogue box of dfl 2100 dfl 2400 version information 108
- Version information 108
- Offices 109
- Registration card 111
- Your comments on this product _________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ ____ 111
Похожие устройства
- Philips 190V5FB Инструкция по эксплуатации
- Nikon Coolpix S5200 Red Инструкция по эксплуатации
- Philips 190V6FB Инструкция по эксплуатации
- Vitek VT-1601 Инструкция по эксплуатации
- Nikon Coolpix S5200 Blue Инструкция по эксплуатации
- Philips 190C6FS Инструкция по эксплуатации
- D-Link DFL-500 Инструкция по эксплуатации
- Nikon Coolpix S9400 Black Инструкция по эксплуатации
- Bosch WLF16260OE Инструкция по эксплуатации
- Philips 190G6FB Инструкция по эксплуатации
- Nikon Coolpix S9400 White Инструкция по эксплуатации
- D-Link DFL-600 Инструкция по эксплуатации
- Philips 190CW7CS Инструкция по эксплуатации
- Hyundai H-TV1400 Инструкция по эксплуатации
- Targus CN600 Black Инструкция по эксплуатации
- Canon SX500 IS Инструкция по эксплуатации
- Philips 200XW7EB Инструкция по эксплуатации
- Scarlett SC-1135S Инструкция по эксплуатации
- D-Link DRS-200 Инструкция по эксплуатации
- Canon SX50 HS Инструкция по эксплуатации