The Intrusion System’s default policies deploy Intrusion Detection immediately to identify threats on your network. Any custom policies you create are deployed in the same method. Intrusion Prevention policies stop intrusions such as known and zero-day attacks, unwanted access and denial of service.
The Intrusion Detection System is based on Snort Open Source software. It uses rules supplied by Smoothwall from https://rules.emergingthreats.net/.
You can use rulesets supplied by www.snort.org by applying an Oinkcode.
You can upload custom signatures to the Smoothwall Filter and Firewall and Sourcefire Vulnerability Research Team (VRT) signatures and make them available for use in Intrusion Detection and Prevention policies. Any custom signatures you upload, or Sourcefire VRT signatures you download to the Smoothwall Filter and Firewall is listed on the Policies page. To deploy intrusion policies, see our help topics, Deploying intrusion detection policies and Managing intrusion prevention system policies.
Note: Use custom signatures with caution because the Smoothwall Filter and Firewall can't verify custom signature integrity.
WARNING: If you delete custom signatures, the Smoothwall Filter and Firewall deletes all custom signatures. If there are detection or prevention policies that use custom signatures, the signatures are deleted from the policies.
Prerequisite
To use rulesets supplied by Snort:
- Register for Snort.
- Log on and click your email address.
- Click Oinkcode.
- Copy the code.
Procedure
- On the SERVICES menu, under the Intrusion system submenu, click Signatures.
- To upload a custom signature, under the Custom Signatures section, click Choose File and find the signatures file that you want and click Upload.
- To turn on logging intrusion events in the syslog, under the Intrusion System section, select Use syslog for Intrusion logging.
- To use rulesets supplied by snort.org and apply an Oinkcode, under the Sourcefire VRT Signatures section, in the Oink code box, paste the Oinkcode and click Update.
- Click Save.