User's Manual

ISG50 User’s Guide 411

CHAPTER 26

ADP

26.1 Overview

This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an

ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol

standards (RFCs – Requests for Comments) and abnormal flows such as port scans.

26.1.1 ADP

1 ADP anomaly detection is in general effective against abnormal behavior.

2 ADP traffic and anomaly rules are updated when you upload new firmware.

26.1.2 What You Can Do in this Chapter

•Use Anti-X > ADP > General (Section 26.2 on page 412) to turn anomaly detection on or off

and apply anomaly profiles to traffic directions.

•Use Anti-X > ADP > Profile (Section 26.3 on page 413) to add a new profile, edit an existing

profile or delete an existing profile.

26.1.3 What You Need To Know

Traffic Anomalies

Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or

network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be updated

when you upload new firmware.

Protocol Anomalies

Protocol anomalies are packets that do not comply with the relevant RFC (Request For Comments).

Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP

Decoder. Protocol anomaly rules may be updated when you upload new firmware.

ADP Profile

An ADP profile is a set of traffic anomaly rules and protocol anomaly rules that you can activate as

a set and configure common log and action settings. You can apply ADP profiles to traffic flowing

from one zone to another.