1. Home
    2. /
  2. Manuals
    3. /
  3. ZoneAlarm
    4. /
  4. Z100G
    5. /
  5. 52
Page 256 / 428 Scroll up to view Page 251 - 255
SmartDefense Categories
242
Check Point ZoneAlarm User Guide
Table 63: File Print and Sharing Fields
In this field…
Do this…
Action
Specify what action to take when a CIFS worm attack is detected, by
selecting one of the following:
Block.
Block the attack.
None.
No action. This is the default.
Track
Specify whether to log CIFS worm attacks, by selecting one of the
following:
Log.
Log the attack.
None.
Do not log the attack. This is the default.
CIFS worm patterns
list
Select the worm patterns to detect.
Patterns are matched against file names (including file paths but
excluding the disk share name) that the client is trying to read or
write from the server.
Page 257 / 428
SmartDefense Categories
Chapter 11: Using SmartDefense
243
IGMP
This category includes the IGMP protocol.
IGMP is used by hosts and routers to dynamically register and discover multicast group
membership. Attacks on the IGMP protocol usually target a vulnerability in the multicast
routing software/hardware used, by sending specially crafted IGMP packets.
You can configure how IGMP attacks should be handled.
Table 64: IGMP Fields
In this field…
Do this…
Action
Specify what action to take when an IGMP attack occurs, by selecting
one of the following:
Block.
Block the attack. This is the default.
None.
No action.
Track
Specify whether to log IGMP attacks, by selecting one of the following:
Log.
Log the attack. This is the default.
None.
Do not log the attack.
Page 258 / 428
SmartDefense Categories
244
Check Point ZoneAlarm User Guide
In this field…
Do this…
Enforce IGMP to
multicast addresses
According to the IGMP specification, IGMP packets must be sent to
multicast addresses. Sending IGMP packets to a unicast or broadcast
address might constitute and attack; therefore the ZoneAlarm router
blocks such packets.
Specify whether to allow or block IGMP packets that are sent to non-
multicast addresses, by selecting one of the following:
Block.
Block IGMP packets that are sent to non-multicast
addresses. This is the default.
None.
No action.
Instant Messaging Traffic
SmartDefense can block instant messaging applications that use VoIP protocols, by
identifying the messaging application's fingerprints and HTTP headers.
This category includes the following nodes:
ICQ
MSN Messenger
Skype
Yahoo
Page 259 / 428
SmartDefense Categories
Chapter 11: Using SmartDefense
245
Note:
SmartDefense can detect instant messaging traffic regardless of the TCP port
being used to initiate the session.
Note:
Skype versions up to
2.0.0.103 are supported.
In each node, you can configure how instant messaging connections of the selected type
should be handled, using the following table.
Table 65: Instant Messengers Fields
In this field…
Do this…
Action
Specify what action to take when a connection is attempted, by selecting
one of the following:
Block.
Block the connection.
None.
No action. This is the default.
Track
Specify whether to log instant messenger connections, by selecting one
of the following:
Log.
Log the connection.
None.
Do not log the connection. This is the default.
Page 260 / 428
Resetting SmartDefense to its Defaults
246
Check Point ZoneAlarm User Guide
In this field…
Do this…
Block proprietary
protocol /
Block proprietary
protocols on all ports
Specify whether proprietary protocols should be blocked on all ports, by
selecting one of the following:
Block.
Block the proprietary protocol on all ports. This in effect
prevents all communication using this instant messenger
application. This is the default.
None.
Do not block the proprietary protocol on all ports.
Block masquerading
over HTTP protocol
Specify whether to block using the instant messenger application over
HTTP, by selecting one of the following:
Block.
Block using the application over HTTP. This is the
default.
None.
Do not block using the application over HTTP.
Resetting SmartDefense to its Defaults
If desired, you can reset the SmartDefense security policy to its default settings. For
information on the default value of each SmartDefense setting, see
SmartDefense
Categories
on page 205.
For information on resetting individual nodes in the SmartDefense tree to their default
settings, see
Using the SmartDefense Tree
on page 203.
To reset SmartDefense to its defaults
1.
Click
Security
in the main menu, and click the
SmartDefense
tab.
The
SmartDefense
page appears.
2.
Click
Reset to Defaults
.
A confirmation message appears.
3.
Click
OK
.
The SmartDefense policy is reset to its default settings.

Rate

3.5 / 5 based on 2 votes.

Popular ZoneAlarm Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top