Administration > intrusion detection – Multi-Tech Systems RF660 User Manual

Chapter 6 – RouteFinder Software

Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

51

Administration > Intruder Detection

Administration > Intrusion Detection

The Intrusion Detection mechanism notifies the administrator if there has been any tampering with the files on the server.

Intrusion Detection

Enable File Integrity Check –

Check the box to enable File Integrity Checking.

Time Interval –

Select the amount of time you would like the system to conduct this check. Options are every 5

Minutes, Hourly, or Daily. Then click the Save button.

Network Intrusion Detection

This allows the user to detect attacks on the network. In the event that port scans are carried out by hackers
who look for a secure network with weak spots. When this feature is enabled, it informs the administrator by
email as soon as the attack has been logged. The administrator can decide what actions are to be taken. By
default, DOS attack, minimum fragmentation checks, port scans, DNS attacks, bad packets, overflows, chat
accesses, Web attacks will be detected; and then the administrator is informed. Apart from the above, the user
can configure user-defined rules for intrusion detection.

Enable Network Intrusion Detection for LAN –

Check the box to enable Network Intrusion Detection for the

LAN. Then click the Save button.

Enable Network Intrusion Detection for WAN –

Check the box to enable Network Intrusion Detection for the

WAN. Then click the Save button.

Enable Network Intrusion Detection for DMZ –

Check the box to enable Network Intrusion Detection for the

DMZ. Then click the Save button.

User-Defined Network Intrusion Detection Rules

SRC IP Address

This selection allows you to choose the network from which the information packet must be sent for the rule to
match. Network groups can also be selected. The ANY option matches all IP addresses; it does not matter
whether they are officially assigned addresses or private addresses. These Networks or groups must be
predefined in the Networks menu.

Destination IP Address

This selection allows you to choose the network to which the information packet must be sent for the rule to
match. Network groups can also be selected. These network clients or groups must have been previously
defined in the Networks menu.

Protocol

This selection allows you to choose the corresponding service. The service must have been previously defined
in the Services menu. Select intrusion detection rules from the following dropdown list boxes:

Add

After the rules are defined/selected, click the Add button. The commands can be deleted by clicking Delete
under the Command option.