ZyXEL Communications IDP 10 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones ZyXEL Communications IDP 10. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica ZyXEL Communications IDP 10 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual ZyXEL Communications IDP 10 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales ZyXEL Communications IDP 10, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones ZyXEL Communications IDP 10 debe contener:
- información acerca de las especificaciones técnicas del dispositivo ZyXEL Communications IDP 10
- nombre de fabricante y año de fabricación del dispositivo ZyXEL Communications IDP 10
- condiciones de uso, configuración y mantenimiento del dispositivo ZyXEL Communications IDP 10
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de ZyXEL Communications IDP 10 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de ZyXEL Communications IDP 10 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico ZyXEL Communications en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de ZyXEL Communications IDP 10, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo ZyXEL Communications IDP 10, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual ZyXEL Communications IDP 10. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    ZyW ALL IDP 10 Intrusion Detection Prevention Appliance Support Notes V ersion 1.0 Aug 2004[...]

  • Página 2

    IDP Support Notes 2 INDEX Application Notes ............................................................................................................................ 4 Deploy IDP ................................................................................................................................4 Register ZyW ALL IDP .................[...]

  • Página 3

    IDP Support Notes 3 Why can’ t I input mail server address by domain nam e? ........................................................32 What’ s “Drop” and “Block Connection” for Action of User Defined Policy? ........................33 How to use URL String in Content setup of User-defined policy?.........................................[...]

  • Página 4

    IDP Support Notes 4 Application Notes Deploy IDP IDP functions as a plug and play bridge device filtering malicious traf fic from attacking your networks. W ith continuous signa tures update, users can get free fr om network-based intrusions. In this example, we describe how to deploy and configure ZyW ALL IDP10 in a network. Since ZyW ALL IDP10 is[...]

  • Página 5

    IDP Support Notes 5 Servers/PC 192.168.2.5-10 LAN1: 192.168.1.5-50 LAN2: 192.168.1.51-100 WLAN: 192.168.1.101-130 Data Center: 192.168.1.131-140 Device IDP (A) IDP (B) IDP (C) IP Address 192.168.1.141 192.168.1.142 192.168.1.143 Device IDP (D) IDP (E) IDP (F) IP Address 192.168.1.144 192.168.1.145 192.168.1.146 Purpose: IDP (A) Since network device[...]

  • Página 6

    IDP Support Notes 6 Setup IP address of IDP (A, B, C, D, E, F) 1. Configure each IDP device’ s IP address. Since IDP is a bridge device, it only has one IP address for management purpose, IDP also uses this IP address to update signatures and the send system logs through syslog/E-mail/FTP . T o configure the system IP address of ID P device, user[...]

  • Página 7

    IDP Support Notes 7 1. Connect one PC to IDP’ s management port by cr ossed Ethernet cable. Make sure MGMT port light is on. 2. Go to S tart->Settings->Network and Dial-up C onnections, and select the Ethernet connection you are connecting to IDP device. 3. Change PC’ s IP address to 192.168.1.5, subnet mask= 255.255.255.0 from properties[...]

  • Página 8

    IDP Support Notes 8 5. Go to SYSTEM->General->Device, input IDP (A,)’ s IP address, subnet mask, default gateway , DNS server ’ s IP address. 6. Repeat step 1-5 to configure IDP (B, C, D, E, F) according to IP address assignment table. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 9

    IDP Support Notes 9 Connect the MGMT/LAN/W AN ports of all IDP devices to the network according to the deployment topology (192.168.1.0/24). Login IDP (A, E)’ s WEB GUI; go to SYSTEM->INTERF ACE->Policy Check. Then enable policy checking on W AN port of IDP (A, E). Login IDP (B, C, D)’ s WEB GUI, go to SYST EM->INTERF ACE->Policy Ch[...]

  • Página 10

    IDP Support Notes 10 Register ZyW ALL IDP ZyW ALL IDP comes with a “pre-defined” polic y set which requires subscription and can be update at regular bases. Having an up-to-date policy set is essentia l as new attack types evolve. 1. A “Device License Key” card is included in ZyW ALL IDP package for one year fre e subscription. All contents[...]

  • Página 11

    IDP Support Notes 11 2. Go to ZyXEL Communications online services center . http://www .myZyXEL.com . 3. In case you haven't got an account on m yZyXE L.com, you need to get a new account. Please follow the instruction on myZyXEL.com ; we skip the description of detailed procedure in this article. If you get into trouble in th is step, please [...]

  • Página 12

    IDP Support Notes 12 5. Press add button to add the Zy W A LL IDP you have. 6. In this step you need to enter Serial Number , Authentication Code (MAC address), and a Friendly Name for your product. Y ou can find serial number and MAC address at the bottom of your device. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 13

    IDP Support Notes 13 7. Input the date you purchase the pr oduct, and the purpose of the buying. 8. Y ou would get a successful message. Then press Continue button. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 14

    IDP Support Notes 14 9. From ZyW ALL IDP’ s Applicable Se rvice List, you will have a service " IDP Signature Update " available. Click Activate. 10. Enter the license key you get from “ Device License Key ” card. Then press Submit button. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 15

    IDP Support Notes 15 1 1. After clicking Submit button, you will get an “ Activation Key ” and “ Service Set Key ”. An email with these keys will be sen d to your email address as well. 12. Y ou can copy & paste “ Activation Key ” to ZyW ALL IDP’ s Registration page. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor por[...]

  • Página 16

    IDP Support Notes 16 Firmware Upgrade 1. Under Maintenance you can find F/W Upload tab. Click browse to select firmware file (.bin) and click Upload button to start firmware upload. 2. It may take few minutes for firmware upload process to finish. ZyW ALL IDP will reboot when firmware upload completed. All contents c opyright (c ) 2004 Zy XEL Comm [...]

  • Página 17

    IDP Support Notes 17 Signature Update *Make sure you have registered your ZyW ALL IDP before you do the signature update. T o update pre-defined policy for your ZyW ALL ID P , login into ZyW ALL IDP via HTTP , go to IDP > Update and enter U pdate Server ’ s domain name (updateidp.zyxel.com ) 1. Y ou could click Update Now to force ZyW ALL IDP [...]

  • Página 18

    IDP Support Notes 18 Configure User Defined Policy In this example, we describe the procedure of using user defined policy . W e take eMule application as an example. eMule is a P2P file sharing application. In th e following description we break down the procedure of how to get and analys is eMule traf fic pattern, and how to setup user defined po[...]

  • Página 19

    IDP Support Notes 19 4. S tart ethereal packet capturing. 5. Initiate eMule connection from the internal PC, be sure to reduce unnecessary traf fic if possible. 6. S top packet capturing. 7. Analyze the packet. In ethereal, you will ge t 3 sub-windows. The first window displays summary of each packet in time sequence. In the second wind ow , you ca[...]

  • Página 20

    IDP Support Notes 20 8. Count the TCP offset and the leng th of “http://emu le-prjoect.net” 9. Create User-defined policy in IDP . Login to IDP’ s WEB GUI; go to IDP->User -defined. W e’ll create a user -defined policy for TCP protocol, with offset=38 bytes, matching depth=24 bytes. Please note that the starting point of offset depends o[...]

  • Página 21

    IDP Support Notes 21 After click Apply button, we get the summary of the user defined policy . All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 22

    IDP Support Notes 22 All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 23

    IDP Support Notes 23 IDP F AQ What is HIDS? Host intrusion detection system s are intrusion detection system s that are installed locally on host machines. This makes HIDS a very versatile system compared to NIDS. HIDS can be installed on many dif fer ent types (roles) of machines nam ely servers, workstations and notebook co mputers. This methodol[...]

  • Página 24

    IDP Support Notes 24 Is IDP able to investigate VPN traf fic? No, VPN traf fics are encrypted, IDP is not able to decrypted VPN traffics, and thus it could not investigate VPN packets. Product F AQ What is ZyW ALL IDP10? ZyW ALL IDP10 f unctions as a plug and play bridge device f iltering malicious traf fic from attacking your networks. W ith conti[...]

  • Página 25

    IDP Support Notes 25 crash? ZyW all IDP 10 does not support hardware bypa ss, so if your ZyW ALL IDP 10 lost power or crashed, you will need to either replace it or take it of f the network immediately . If I forget IDP’s p a ssword, how to reset the password to default? The default IDP user name/password is “admin/1234”. Customers can modify[...]

  • Página 26

    IDP Support Notes 26 9600bps baud rate N81 data format (No Parity , 8 data bits, 1 stop bit) The baud rate of IDP10 is unchangeable. How to trouble shoot the false positive and false negative cases? Please capture the problematic packets through the following steps and send the packet trace back to ZyXEL support. The capturing can be done as follow[...]

  • Página 27

    IDP Support Notes 27 When should I use VLAN T ag function? V irtual LAN, a groups of network devices (PC, router , etc…) that behave as if they are connected to the same wire even t hough they may actually be physically located on dif ferent segments of a LAN. If the computer you use to manage Zy W ALL IDP is in LAN with VLAN ID3, you must config[...]

  • Página 28

    IDP Support Notes 28 Select Maintenance from the menu, and click Restart T ab Click Restart button to restart your ZyW ALL IDP . It may take few minutes before you can access the device again. Console Login using admin/1234, and type the comm and “reboot” to restart your device. All contents c opyright (c ) 2004 Zy XEL Comm unications Cor porat[...]

  • Página 29

    IDP Support Notes 29 What does "S tealth" mean, why should I need it? When you enable St e a l t h mode on an interface (W AN/LAN/MGMT), it will not respond to any type of traf fic intended for it; it will not respond to traf fic like ICMP echo request. Before hacker/cracker could infiltrate your network, hacker/cracker would need to take[...]

  • Página 30

    IDP Support Notes 30 What's Pre-defined signature? Pre-defined signatures ar e signatures created by ZyXEL Security Response T eam (ZSR T) . These signatures are attack patterns or m isuse network behavior researched and studied by ZSRT , then compiled into a “p re-defined” policy set available for update. Why should I need to update signa[...]

  • Página 31

    IDP Support Notes 31 And you should make sure your ZyW ALL IDP 10 has updated policy to the latest version. Go to W E B Interface Æ Home. I can’t download the latest policy from update server . How can I fix the problem? W e recommend users to update policy , send E-mail reports or syslogs through ZyW ALL I DP10’ s MGMT port (management port).[...]

  • Página 32

    IDP Support Notes 32 stealth mode on W A N (or LAN ) interface. Additionally , since ZyW ALL IDP10 downloads the latest policies periodically from the update server (updateidp.z yxel.com). DNS server should be configured correctly on ZyW ALL IDP10 ( SYSTEM/GENEARL/Device/DNS Server ). How many User-defined policies can I have on ZyW ALL IDP 10? Y o[...]

  • Página 33

    IDP Support Notes 33 What’s “Drop” and “Block Connecti on” for Action of User Defined Policy? Action of “Drop”, will drop the traf fic that matches the def ined policy silently . So the sender would not get any response or e rror/warning message about the action. “Block Connection” is for TCP traf fic, si nce UDP is a connectionle[...]

  • Página 34

    IDP Support Notes 34 created to check Outgoing direction, it is applied on LAN interface. While a policy is set Bi-dir ectiona l, it is applied on both WA N and LAN interfaces. How to decide which Interface sh ould be applied for policy check? Users can setup policy check from WEB GUI/SYSTEM/INTERF ACE/Policy Check . Policy check acts as a switch t[...]

  • Página 35

    IDP Support Notes 35 If the IDP is placed on the entry point of a W ireless LAN network, we recommend you to apply policy check on the W AN interface, due to the lack of security protection of W ireless LAN. In User-defined policy , what’ s the meaning of Matching Offset, Matching Depth? Matching Offset defines the payload start point. If Pr otoc[...]

  • Página 36

    IDP Support Notes 36 What’s the priority among Pre-def i ned policy and User-defined policy? The User-defined policies are always checked before the Pre-defined policy . T r ouble Shooting In this part we’ll introduce the steps to trouble shoot when problems occur at customer side. Unable to Run Applications Step1. First of all, please switch y[...]

  • Página 37

    IDP Support Notes 37 Step4. Search this policy by the Policy ID in IDP >> Pr e-defined>>Policy Sear ch . Step5. Under the search result, please change the Action taken to Log ONL Y and click Apply . All contents c opyright (c ) 2004 Zy XEL Comm unications Cor poration.[...]

  • Página 38

    IDP Support Notes 38 Step6. Switch your IDP back to Inline state and activate them by clicking Apply . Then try to run the application again. S tep7. Finally , it should be able to r un now . If possible, please provide us the application’ s name & version and the polic y ID and system inform ation including IDP 10’ s firmware version and p[...]

  • Página 39

    IDP Support Notes 39 S tep8. If it was still unable to run then please repeat step 3, 4, 5 until identify and correct this False Positives policy . CLI Command List System related Command Command Description set log logmax Setup maximum log num ber the dev ice generated every second system passwd <value> Setup login password system tomeout Se[...]

  • Página 40

    IDP Support Notes 40 stateful <ON/OFF> Enable/disable TCP state check integrity <ON/OFF> Setup TCP idle timeout tcptimeout <value> Setup maximum ping lengt h pinglen <value > Setup maximum ping packet number per second pingmax <value> wan Setup maximum ping packet accepted at wan port lan Setup maximum ping packet acce[...]

  • Página 41

    IDP Support Notes 41 off Disable remote SSH access acl <ip address> Setup access control list ip address web on <CAN+MGMT/W AN+MGMT/MGM T/ALL> Enable remote web access from LAN+MGMT/W AN+MGMT / MGMT ONL Y/ALL port off Disable remote w e access acl <ip address> Setup access control list ip address get state Get system state log Get[...]

  • Página 42

    IDP Support Notes 42 Debug mode CLI Command Command Description set system ip <ip> Setup device temporar y ip address in the debug mode mask <mask> Setup device temporar y ip mask in the debug mode gat ew ay <gateway ip> Setup device temporar y ip gateway in the debug mode server <server ip > Setup device temporar y server i[...]