IPS Anti-Virus Configuration Example



Similar documents
IPS Attack Protection Configuration Example

H3C SecPath UTM Series Anti-Spam Configuration Example

How To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet

H3C SSL VPN RADIUS Authentication Configuration Example

SANGFOR SSL VPN. Quick Start Guide

SSL-VPN 200 Getting Started Guide

Portal Authentication Technology White Paper

Using SonicWALL NetExtender to Access FTP Servers

Internet Filtering Appliance. User s Guide VERSION 1.2

H3C SSL VPN Configuration Examples

M2M Series Routers. Port Forwarding / DMZ Setup

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

HP IMC Firewall Manager

Multi-Homing Security Gateway

HP A-IMC Firewall Manager

Best Practices: Pass-Through w/bypass (Bridge Mode)

How To - Deploy Cyberoam in Gateway Mode

SonicWALL Security Dashboard

Unified Threat Management

Log Audit Ensuring Behavior Compliance Secoway elog System

Managed Devices - Web Browser/HiView

If you are unable to set up your Linksys Router by using one of the above options, use the steps below to manually configure your router.

Bandwidth Management Technology White Paper

Manual Wireless Extender Setup Instructions. Before you start, there are two things you will need. 1. Laptop computer 2. Router s security key

Huawei Network Edge Security Solution

Trend Micro OfficeScan Best Practice Guide for Malware

Volume. Instruction Manual

Application Notes for Configuring a SonicWALL Continuous Data Protection (CDP) backup solution with Avaya Voic Pro - Issue 1.

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

DDoS Protection Technology White Paper

Wireless G Broadband quick install

Configuring PA Firewalls for a Layer 3 Deployment

SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

ADSL MODEM. User Manual V1.0

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Configuring a customer owned router to function as a switch with Ultra TV

Lab Configuring Access Policies and DMZ Settings

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

NB6 Series Quality of Service (QoS) Setup (NB6Plus4, NB6Plus4W Rev1)

DSL-2600U. User Manual V 1.0

Kaseya Server Instal ation User Guide June 6, 2008

Shield Pro. Quick Start Guide

This techno knowledge paper can help you if: You need to setup a WAN connection between a Patton Router and a NetGuardian.

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

ASTi Voisus Server Quick Start Guide Document: DOC-05-VS-QSG-1

MAS-PC QuickConnect. A utility program for connection of a PC to MAS711

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

iboss Enterprise Deployment Guide iboss Web Filters

Equinox L5300 Installation and Configuration Guide Version 1.0 Innovative Payment Processing Solutions for Businesses

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Ethernet Radio Configuration Guide

SOFTWARE LICENSE LIMITED WARRANTY

Installation of the On Site Server (OSS)

1 You will need the following items to get started:

Technical Note. Monitoring Ethernet Traffic with Tolomatic ACS & Managed Switch. Contents

Using Cisco UC320W with Windows Small Business Server

Best Practice Configurations for OfficeScan (OSCE) 10.6

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

Configuring Global Protect SSL VPN with a user-defined port

Using the Content Distribution Manager GUI

Barracuda Web Filter Administrator s Guide

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Setting up the Swann HD IP cameras

D-Link Central WiFiManager Configuration Guide

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Chapter 1 Configuring Basic Connectivity

ON HOLD ANNOUNCER. Once you receive your audio announcer, check the packaging to ensure that all of the following items are enclosed:

Deployment Guide: Transparent Mode

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

P-660R-T1 v3 QUICK START GUIDE. ADSL2+ Access Router DEFAULT LOGIN DETAILS. Firmware v3.40 Edition 1, 09/2008. IP Address:

Optimum Business SIP Trunk Set-up Guide

Savvius Insight Initial Configuration

SSL VPN Technology White Paper

Internet Access to a DVR365

801.11n Wireless Broadband Router

Full Install Setup Guide Actiontec F2250 Gateway

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Qvis Security Technical Support Field Manual LX Series

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

StarMOBILE Network Configuration Guide. A guide to configuring your StarMOBILE system for networking

ZyWALL SSL 10. Integrated SSL-VPN Appliance. Support Notes. Revision 2.0 April. 2007

How to configure Linksys SPA for VOIP Connections

DVG-2101SP VoIP Telephone Adapter

Quick Start Guide. Cisco Small Business. 200E Series Advanced Smart Switches

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

Application Notes for snom 3x0 VoIP Phones with Avaya IP Office Issue 1.0

Chapter 4 Customizing Your Network Settings

Network Incident Report

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall


Aolynk DR814Q ADSL2+ Broadband Router Quick Start

Barracuda Link Balancer Administrator s Guide

Quick Installation Guide

If you re not using VMware vsphere Client 5.1, your screens may vary.

SonicWALL Global Management System Reporting Guide Standard Edition

NetFlow Auditor Manual Getting Started

Transcription:

IPS Anti-Virus Configuration Example Keywords: IPS, AV Abstract: This document presents a configuration example for the AV feature of the IPS devices. Acronyms: Acronym Full spelling IPS AV Intrusion Prevention System Anti-Virus Hangzhou H3C Technologies Co., Ltd. www.h3c.com 1/14

Table of Contents Feature Overview 3 Application Scenarios 3 Configuration Guidelines 3 Configuration Example 3 Network Requirements 3 Configuration Considerations 4 Configuration Procedures 4 Logging In to the Web Interface 4 Creating a Security Zone 5 Adding a Segment 7 Configuring the AV Segment Policy 8 Modifying AV Rules 10 Activating the Configurations 12 Saving Configurations 12 Verifying the Configurations 13 Hangzhou H3C Technologies Co., Ltd. www.h3c.com 2/14

Feature Overview The Intrusion Prevention System (IPS) runs on the important links of networks in inline mode or bypass mode. The anti-virus (AV) module is a very important module of the IPS devices. It supports analyzing traffic, logging events, and blocking packets with viruses on the network, protecting hosts on the network against viruses. Usually, upon detecting a packet with viruses, the feature blocks the packet to prevent virus infection, logs the event, and sends a report to the network administrator. You can configure policies to implement realtime traffic analysis, traffic detection, and automatic tackling of problems. In addition, you can also view the virus intrusion trend of the network through AV reports. The AV feature provides a virus signature package with tens of thousands of virus signatures and supports signature package update, allowing you to deploy the up-to-date signature package to IPS devices in time. Application Scenarios With the popularity and globalization of networks, more and more viruses are emerging and threatening the security of networks. An IPS device is usually deployed on a network in inline mode to identify and block virus intrusions from the Internet to hosts on the network. All traffic from the Internet to the internal network will undergo the virus inspection of the IPS device. Once a worm, backdoor program, Trojan horse, or phishing attack is detected, the AV module will issue an alarm, log the AV event, and take actions in response. Configuration Guidelines None. Configuration Example Network Requirements As shown in Figure 1, the IPS device is connected to the internal interface of the egress router of the corporate network in inline mode. Any packet from the Internet to the internal network must pass the IPS device. It is required to configure the AV module of the IPS device to inspect the packets and, if detecting viruses, block the packets. Only packets permitted by the AV module can reach the switch and then enter the internal network. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 3/14

Figure 1 Network diagram for anti-virus configuration Internet Router IPS SecCenter (IPS Manager) Switch PC1 LAN PC2 Configuration Considerations When configuring the AV feature, you need to: 1) Configure the AV policy to be applied to the link. 2) Configure rules for inspecting packets selectively and blocking infected packets. 3) Activate the configurations. After completing the above operations, infected packets will be blocked and logged by the AV module. You can view the logs and the virus intrusion trend through virus reports. Configuration Procedures Logging In to the Web Interface The IPS devices support web-based management and are configured with Web login information by default. The following are the default Web login information: Username: admin Password: admin IP address of the management interface: 192.168.1.1/24 If the Web login information of an IPS device has been changed, you need to use the up-to-date login information to log in to the device; otherwise, you can use the default Web login information. To use the default Web login information to log in to the IPS device, follow these steps: 1) Connect the PC to the IPS device Use a crossover Ethernet cable to connect the network interface of the PC to the management interface of the IPS device. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 4/14

2) Configure an IP address for the network interface of the PC Configure an IP address on subnet 192.168.1.0/24 (except for 192.168.1.1) for the network interface of the PC, for example, 192.168.1.2. This is to ensure that the PC can communicate with the IPS device. 3) Launch the Web browser and enter the login information On the PC, launch the IE browser (it is recommended to use Internet Explorer 6.0 SP2 or later), and then type https://192.168.1.1 in the address bar and press the Enter key. The Web interface login page of the IPS device appears, as shown in Figure 2. Click the language link on the page to select a language for the Web interface, type the username (admin), password (admin), and verification code, and then click Login to log in to the web interface. Figure 2 Log in to the Web interface Creating a Security Zone Select System Management > Network Management > Security Zone from the navigation tree to enter the security zone management page, as shown in Figure 3. Figure 3 Security zone management page Hangzhou H3C Technologies Co., Ltd. www.h3c.com 5/14

Click Add to enter the page for adding a security zone, as shown in Figure 4. Figure 4 Add a security zone IPS Anti-Virus Configuration Example Create internal zone in and add port g-ethernet0/0/0 to the zone, as shown in Figure 5. Figure 5 Assign interface g-ethernet0/0/0 to the internal zone Create external zone out and add port g-ethernet0/0/1 to the zone, as shown in Figure 6. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 6/14

Figure 6 Assign interface g-ethernet0/0/1 to the external zone Figure 7 Security zones created Adding a Segment Select System Management > Network Management > Segment Configuration from the navigation tree to enter the segment management page, as shown in Figure 8. Figure 8 Segment management page Click Add Segment to enter the page for adding a segment and add a segment (segment 0 in this example) to connect the internal network and the external network, as shown in Figure 9. Figure 10 shows the newly added segment on the segment list. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 7/14

Figure 9 Add a segment Figure 10 Segment management page with the newly added segment Configuring the AV Segment Policy Select Anti-Virus > Segment Policies from the navigation tree to enter the segment policy management page, as shown in Figure 11. Figure 11 Create a segment Then, click Add to enter the page for adding an AV segment policy, as shown in Figure 12. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 8/14

Figure 12 Create an AV segment policy The number of internal zone IP address and internal zone excluded IP address veries with device models. Select the default AV policy Anti-Virus Policy, select Both for the Direction field, and then click Apply to create the AV segment policy and jump to the segment policy management page, as shown in Figure 13. Figure 13 segment policy management page with the AV segment policy added Hangzhou H3C Technologies Co., Ltd. www.h3c.com 9/14

Modifying AV Rules Click the policy name link Anti-Virus in Figure 13 to enter the AV rule management page. You can see tens of rules. Figure 14 AV rule list Each rule is against a type of virus. Enabling all rules will consume a lot of system resources and reduce the system performance greatly. Therefore, some rules are disabled by default. You can enable some rules as required to inspect packets for the corresponding viruses and block the infected packets. For example, if you want to inspect the traffic of the backdoor and Email-Worm types, select the check boxes before Backdoor and Email-Worm, select the Modify selected rules on this page option at the bottom of the page, and then click Enable Rule. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 10/14

Figure 15 Modify AV rules The page as shown in Figure 16 appears, showing that the Email-Worm and Backdoor rules have been enabled. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 11/14

Figure 16 Two AV rules have been modified You can also select the Modify all matched rules option at the bottom of the AV rule list page and then click Enable Rule to enable all rules. Activating the Configurations Click Activate at the bottom of the AV rule list page to activate the above configurations. Figure 17 Confirm the operation Saving Configurations To ensure that the above configurations can survive reboots, select System Management > Device Management > Configuration Maintenance from the navigation tree and then in the Save Current Configuration area, click Save. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 12/14

Figure 18 Save configurations Verifying the Configurations When packets carrying Backdoor virus or Email-Worm virus reach the device, the device will detect the viruses, block the traffic, and log the events. Selecting Log Management > Virus Logs > Recent Logs from the navigation tree, you can see the logs shown in Figure 19. Figure 19 Blocked virus intrusions Selecting Reports > Virus Report > Virus Report from the navigation tree, you can view the virus information of the network during a specified period of time. Specify the report type, virus name, virus type, action, time range, and segment, and click Query. Figure 20 Query virus information Virus information during the specified period of time will be displayed, as shown in Figure 21. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 13/14

Figure 21 View the virus report Copyright 2010 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 14/14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information