Zyxel ZYWALL IDP 10 User Manual

Page 1
ZyWALL IDP 10
Intrusion Detection and Prevention Appliance
Quick Start Guide
Version 1.00
July 2004
Page 2
ZyWALL IDP 10 Quick Start Guide
1 Introduction to Intrusions .....................................................................................................4
2 Introducing the ZyWALL IDP 10 ........................................................................................... 5
3 Application Examples............................................................................................................5
4 Hardware Connections..........................................................................................................6
4.1 Front Panel ...................................................................................................................... 6
4.2 Rear Panel.......................................................................................................................8
4.3 The Front Panel LEDs .....................................................................................................9
5 Accessing Your ZyWALL IDP ............................................................................................. 10
6 Setting Up Your Computer’s IP Address...........................................................................11
6.1 Accessing Your ZyWALL IDP Via Web Configurator ....................................................12
7 ZyWALL IDP Quick Setup Wizard ......................................................................................15
8 Troubleshooting...................................................................................................................20
List of Figures
Figure 1 Intrusions .................................................................................................................................... 4
Figure 2 Installation Example ................................................................................................................... 6
Figure 3 Front Panel Connections............................................................................................................. 7
Figure 4 Rear Panel Power Connection ....................................................................................................8
Figure 5 Front Panel LEDs........................................................................................................................ 9
Figure 6 Set IP Address........................................................................................................................... 12
Figure 7 Web Site Address ...................................................................................................................... 13
Figure 8 Login......................................................................................................................................... 13
Figure 9 Change Password...................................................................................................................... 13
Figure 10 Home Screen........................................................................................................................... 14
Figure 11 Wizard– Password Setting ......................................................................................................15
Figure 12 Wizard– Network Setting........................................................................................................16
2
Page 3
ZyWALL IDP 10 Quick Start Guide
Figure 13 Wizard–Time Setting .............................................................................................................. 16
Figure 14 Wizard– Stealth Setting........................................................................................................... 17
Figure 15 Wizard– State Setting.............................................................................................................. 18
Figure 16 Wizard - Summary .................................................................................................................. 18
Figure 17 Wizard Result..........................................................................................................................19
List of Tables
Table 1 Front Panel Ports .......................................................................................................................... 7
Table 2 Rear Panel Power Connection...................................................................................................... 8
Table 3 Front Panel LEDs ......................................................................................................................... 9
Table 4 Troubleshooting.......................................................................................................................... 20
3
Page 4
ZyWALL IDP 10 Quick Start Guide
1 Introduction to Intrusions
Refer to the following figure for the introduction.
Figure 1 Intrusions
Figure 1 represents a typical business network consisting of an employee LAN, a DMZ (DeMilitarized Zone) containing the company web, FTP, mail etc. servers, a firewall and/or NAT router connected to a broadband modem for Internet access.
Host-based intrusions are what most people call “virus attacks”. The goal of host-based intrusions is to infiltrate files on an individual computer or server (see 1 in Figure 1) in with the goal of accessing or destroying confidential information. To protect against host-based intrusions you need to install anti­virus software on your computer or/and install a device with anti-virus software such as the Prestige 662HW. Sources of host-based attacks are the Internet, telecommuting employees using VPN to access the company intranet, employees (inadvertently) using infected floppy disks, memory sticks, removable hard drives etc.
4
Page 5
ZyWALL IDP 10 Quick Start Guide
Network-based intrusions have the goal of bringing down a network or networks by attacking computer(s), switch(es), router(s) or modem(s) (see 1, 2, 3 and 4 in Figure 1). If the LAN and/or DMZ switch is compromised (see 2 in Figure 1), then those networks are compromised. If the firewall/router is attacked (see 3 in Figure 1) and/or the Internet access broadband modem (see 4 in Figure 1), then this is the equivalent of a Denial of Service (DoS) attack on your network(s).
Host-based intrusions may be used to cause network-based intrusions when the goal of the host virus is to propagate attacks on the network, or attack computer/server operating system vulnerabilities with the goal of bringing down the computer/server.
To protect against network-based intrusions, you need the ZyWALL Intrusion Detection Prevention (IDP) Appliance. Typical network-based intrusions are SQL slammer, Blaster, Nimda, MyDoom etc.
2 Introducing the ZyWALL IDP 10
The ZyWALL IDP 10 functions as a plug and play bridge designed to protect networks from intrusions while allowing safe Internet access.
The default ZyWALL IDP 10 IP address is 192.168.1.3.
An IDP can detect malicious or suspicious packets and respond instantaneously. It can detect intrusions based on pre-defined attack patterns, violations of protocol standards (RFCs – Requests for Comments) or abnormal flows such as port scans. The rules that define detections are called “signatures”.
The ZyWALL IDP comes with a built-in signature set that can be regularly updated. Regular updates are vital as new attack types are constantly evolving.
For people with knowledge of packet header types and OSI (Open System Interconnection), the IDP allows you to create your own rules.
You can configure the ZyWALL IDP using the friendly, embedded web configurator or the command­line interface you access via the console port.
3 Application Examples
You can install a ZyWALL IDP either between the firewall (or switch) and Internet to protect your local networks and firewall (or switch) from intrusions from the Internet, behind the firewall (or switch) to protect the DMZ servers from intrusions from the local network (due to an infected LAN computer, for example), or ideally, install one in front of the firewall and two others behind the firewall.
In the installation example (see Figure 2) ZyWALL IDPs (A1 and A2) protect the LAN and DMZ from intrusions from the Internet and from each other. They also receive firewall protection.
ZyWALL IDP (A3) protects the firewall (B), DMZ servers (and LAN). However, it does not receive firewall protection.
5
Page 6
ZyWALL IDP 10 Quick Start Guide
Figure 2 Installation Example
4 Hardware Connections
This section describes the front and rear panels of the ZyWALL IDP.
4.1 Front Panel
The front panel contains ports and LEDs.
6
Page 7
ZyWALL IDP 10 Quick Start Guide
LAN Port
WAN Port
Figure 3 Front Panel Connections
MGMT Port
Table 1 Front Panel Ports
LABEL DESCRIPTION
WAN 10/100 Connect a firewall, switch or cable/DSL modem to this port depending on where
you deploy the ZyWALL IDP (see Figure 2).
LAN 10/100 Use a crossover Ethernet cable to connect a computer to this port or use a straight-
through Ethernet cable to connect a hub. This port is auto-negotiating (can connect at 10 or 100Mbps).
MGMT Use a crossover Ethernet cable to connect a computer to this port in order to
manage the ZyWALL IDP using the web configurator. You can also manage the ZyWALL IDP via the LAN or WAN port, but the MGMT port is dedicated for management. If you manage the ZyWALL IDP via the LAN or WAN port then the ZyWALL IDP itself may be susceptible to being compromised.
7
Page 8
ZyWALL IDP 10 Quick Start Guide
Table 1 Front Panel Ports
LABEL DESCRIPTION
CONSOLE Use this port if you want to configure the ZyWALL IDP using the command-line
interface. See your User’s Guide for details on commands.
Connect the 9-pin male end of the console cable to the console port of the ZyWALL IDP and the other end to a serial port (COM1, COM2 or other COM port) on your computer. Your computer should have a terminal emulation communications program (such as HyperTerminal) set to VT100 terminal emulation, no parity, 8 data bits, 1 stop bit, no flow control and 9600 bps port speed.
4.2 Rear Panel
Figure 4 Rear Panel Power Connection
Table 2 Rear Panel Power Connection
LABEL DESCRIPTION
POWER 5V, 4A
Connect the included power adaptor to this power socket.
8
Page 9
ZyWALL IDP 10 Quick Start Guide
Table 2 Rear Panel Power Connection
LABEL DESCRIPTION
WARNING: Using an incorrect power adapter will damage your device!
After you’ve made the connections, use the power cord to connect the power adaptor to a power source and look at the front panel LEDs.
4.3 The Front Panel LEDs
Figure 5 Front Panel LEDs
The PWR LED turns on when you first connect the power. The SYS LED blinks while performing system testing and then stays on if the testing is successful. The WAN, LAN and MGMT LEDs turn on if the corresponding connections are properly made. Refer to the following table for more detailed LED descriptions.
Table 3 Front Panel LEDs
LED COLOR STATUS DESCRIPTION
PWR
SYS Green
10/100
Off The ZyWALL IDP is turned off.
Green On The ZyWALL IDP is turned on.
Red On The power to the ZyWALL IDP is too low.
Off The ZyWALL IDP is not ready or has failed.
On The ZyWALL IDP is ready and running.
Blinking The ZyWALL IDP is restarting.
Off The WAN connection is not ready, or has failed. WAN
Green On The ZyWALL IDP has a successful 10Mbps WAN
connection.
9
Page 10
ZyWALL IDP 10 Quick Start Guide
Table 3 Front Panel LEDs
LED COLOR STATUS DESCRIPTION
LAN 10/100
MGMT
Blinking The ZyWALL IDP is sending or receiving packets on the
10Mbps WAN connection.
Amber
Off The LAN port is not connected.
Green
Amber
Off The MGMT port is not connected.
Green
Amber
On The ZyWALL IDP has a successful 100Mbps WAN
connection.
Blinking The ZyWALL IDP is sending or receiving packets on the
100Mbps WAN connection.
On The ZyWALL IDP has a successful 10Mbps LAN Ethernet
connection.
Blinking The ZyWALL IDP is sending or receiving packets on the
10Mbps LAN connection.
On The ZyWALL IDP has a successful 100Mbps Ethernet
connection.
Blinking The ZyWALL IDP is sending or receiving packets on the
100Mbps LAN connection.
On The ZyWALL IDP has a successful 10Mbps Ethernet
connection on the MGMT port.
Blinking The MGMT port is sending or receiving packets on the
MGMT port.
On The ZyWALL IDP has a successful 100Mbps Ethernet
connection on the MGMT port.
Blinking The MGMT port is sending or receiving packets.
5 Accessing Your ZyWALL IDP
Choose one of these methods to access (and configure) the ZyWALL IDP.
Command line interface via the console port using terminal emulation software.
Web Configurator via the MGMT port using a web browser. To do this your computer must
be in the same subnet as the ZyWALL IDP. See the next section for how to do this.
The default ZyWALL IDP 10 IP address is 192.168.1.3.
10
Loading...