uOS - DoS Prevention - Protocol Anomaly Detection
Zyxel Employee
DoS Prevention - Protocol Anomaly Detection
Zyxel Networks has introduced Protocol Anomaly detection as a security enhancement in firmware version 1.37. While previous versions focused on traffic anomalies, this new feature identifies traffic that violates protocol specifications or relevant standards. It serves as an attack pattern identification tool for traffic that does not match standard traffic anomaly profiles.
Configuration and Settings
Users can manage these settings by navigating to Security Policy and selecting the DoS Prevention Profile. Within the profile edit screen, a new section for Protocol Anomaly Detection is available. Currently, the system supports four distinct types of protocol anomalies.
- Default Settings: By default, only IP LAN attacks are enabled. All other protocol anomaly types are disabled initially.
- Actions: Administrators have the option to enable or disable logging for these events. The available actions for detected anomalies are to Ignore or Drop the traffic.
Maintenance and Monitoring
The ability to update protocol anomaly signatures is dependent on the firewall's firmware version. If an attack is detected, specific messages will appear in the firewall event logs to notify the administrator.
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 603 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 481 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight