ZyXEL Communications IDP 10 User Manual 2
ZyWALL IDP 10
Intrusion Detection and Prevention Appliance
Quick Start Guide
Version 1.00
July 2004
ZyWALL IDP 10 Quick Start Guide
Table of Contents
1 Introduction to Intrusions .....................................................................................................4
2 Introducing the ZyWALL IDP 10 ........................................................................................... 5
3 Application Examples............................................................................................................5
4 Hardware Connections..........................................................................................................6
4.1 Front Panel ...................................................................................................................... 6
4.2 Rear Panel.......................................................................................................................8
4.3 The Front Panel LEDs .....................................................................................................9
5 Accessing Your ZyWALL IDP ............................................................................................. 10
6 Setting Up Your Computer’s IP Address...........................................................................11
6.1 Accessing Your ZyWALL IDP Via Web Configurator ....................................................12
7 ZyWALL IDP Quick Setup Wizard ......................................................................................15
8 Troubleshooting...................................................................................................................20
List of Figures
Figure 1 Intrusions .................................................................................................................................... 4
Figure 2 Installation Example ................................................................................................................... 6
Figure 3 Front Panel Connections............................................................................................................. 7
Figure 4 Rear Panel Power Connection ....................................................................................................8
Figure 5 Front Panel LEDs........................................................................................................................ 9
Figure 6 Set IP Address........................................................................................................................... 12
Figure 7 Web Site Address ...................................................................................................................... 13
Figure 8 Login......................................................................................................................................... 13
Figure 9 Change Password...................................................................................................................... 13
Figure 10 Home Screen........................................................................................................................... 14
Figure 11 Wizard– Password Setting ......................................................................................................15
Figure 12 Wizard– Network Setting........................................................................................................16
2
ZyWALL IDP 10 Quick Start Guide
Figure 13 Wizard–Time Setting .............................................................................................................. 16
Figure 14 Wizard– Stealth Setting........................................................................................................... 17
Figure 15 Wizard– State Setting.............................................................................................................. 18
Figure 16 Wizard - Summary .................................................................................................................. 18
Figure 17 Wizard Result..........................................................................................................................19
List of Tables
Table 1 Front Panel Ports .......................................................................................................................... 7
Table 2 Rear Panel Power Connection...................................................................................................... 8
Table 3 Front Panel LEDs ......................................................................................................................... 9
Table 4 Troubleshooting.......................................................................................................................... 20
3
ZyWALL IDP 10 Quick Start Guide
1 Introduction to Intrusions
Refer to the following figure for the introduction.
Figure 1 Intrusions
Figure 1 represents a typical business network consisting of an employee LAN, a DMZ (DeMilitarized
Zone) containing the company web, FTP, mail etc. servers, a firewall and/or NAT router connected to a
broadband modem for Internet access.
Host-based intrusions are what most people call “virus attacks”. The goal of host-based intrusions is to
infiltrate files on an individual computer or server (see 1 in Figure 1) in with the goal of accessing or
destroying confidential information. To protect against host-based intrusions you need to install antivirus software on your computer or/and install a device with anti-virus software such as the Prestige
662HW. Sources of host-based attacks are the Internet, telecommuting employees using VPN to access
the company intranet, employees (inadvertently) using infected floppy disks, memory sticks, removable
hard drives etc.
4
ZyWALL IDP 10 Quick Start Guide
Network-based intrusions have the goal of bringing down a network or networks by attacking
computer(s), switch(es), router(s) or modem(s) (see 1, 2, 3 and 4 in Figure 1). If the LAN and/or DMZ
switch is compromised (see 2 in Figure 1), then those networks are compromised. If the firewall/router
is attacked (see 3 in Figure 1) and/or the Internet access broadband modem (see 4 in Figure 1), then this
is the equivalent of a Denial of Service (DoS) attack on your network(s).
Host-based intrusions may be used to cause network-based intrusions when the goal of the host virus is
to propagate attacks on the network, or attack computer/server operating system vulnerabilities with the
goal of bringing down the computer/server.
To protect against network-based intrusions, you need the ZyWALL Intrusion Detection Prevention
(IDP) Appliance. Typical network-based intrusions are SQL slammer, Blaster, Nimda, MyDoom etc.
2 Introducing the ZyWALL IDP 10
The ZyWALL IDP 10 functions as a plug and play bridge designed to protect networks from intrusions
while allowing safe Internet access.
The default ZyWALL IDP 10 IP address is 192.168.1.3.
An IDP can detect malicious or suspicious packets and respond instantaneously. It can detect intrusions
based on pre-defined attack patterns, violations of protocol standards (RFCs – Requests for Comments)
or abnormal flows such as port scans. The rules that define detections are called “signatures”.
The ZyWALL IDP comes with a built-in signature set that can be regularly updated. Regular updates
are vital as new attack types are constantly evolving.
For people with knowledge of packet header types and OSI (Open System Interconnection), the IDP
allows you to create your own rules.
You can configure the ZyWALL IDP using the friendly, embedded web configurator or the commandline interface you access via the console port.
3 Application Examples
You can install a ZyWALL IDP either between the firewall (or switch) and Internet to protect your
local networks and firewall (or switch) from intrusions from the Internet, behind the firewall (or switch)
to protect the DMZ servers from intrusions from the local network (due to an infected LAN computer,
for example), or ideally, install one in front of the firewall and two others behind the firewall.
In the installation example (see Figure 2) ZyWALL IDPs (A1 and A2) protect the LAN and DMZ from
intrusions from the Internet and from each other. They also receive firewall protection.
ZyWALL IDP (A3) protects the firewall (B), DMZ servers (and LAN). However, it does not receive
firewall protection.
5
ZyWALL IDP 10 Quick Start Guide
Figure 2 Installation Example
4 Hardware Connections
This section describes the front and rear panels of the ZyWALL IDP.
4.1 Front Panel
The front panel contains ports and LEDs.
6
ZyWALL IDP 10 Quick Start Guide
LAN Port
WAN Port
Figure 3 Front Panel Connections
MGMT Port
Table 1 Front Panel Ports
LABEL DESCRIPTION
WAN 10/100 Connect a firewall, switch or cable/DSL modem to this port depending on where
you deploy the ZyWALL IDP (see Figure 2).
LAN 10/100 Use a crossover Ethernet cable to connect a computer to this port or use a straight-
through Ethernet cable to connect a hub. This port is auto-negotiating (can connect
at 10 or 100Mbps).
MGMT Use a crossover Ethernet cable to connect a computer to this port in order to
manage the ZyWALL IDP using the web configurator. You can also manage the
ZyWALL IDP via the LAN or WAN port, but the MGMT port is dedicated for
management. If you manage the ZyWALL IDP via the LAN or WAN port then the
ZyWALL IDP itself may be susceptible to being compromised.
7
Loading...