No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN V200R019C00 Typical Configuration Examples
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Attack Defense Profile

Attack Defense Profile

Overview

As the network develops continuously, there are various types of potential risks such as Trojan horses, worms, and viruses in packets. After an attack defense profile is created, various security functions are available, such as URL filtering, intrusion prevention, and antivirus.

The profile of URL filtering defines actions for URLs matching the blacklist and whitelist to allow or block access to the URLs.

Before you configure intrusion prevention, update the intrusion prevention signature database or, if necessary, configure user-defined signatures, create intrusion prevention profiles, reference signatures matching the specified conditions in the intrusion prevention profiles, and apply the intrusion prevention profiles in the attack defense profiles.

The AV function identifies the files transmitted using the specified protocols and processes the virus-infected files based on the predefined response actions to prevent virus-infected files from entering the protected network.

CLI-based Procedure

For details about how to configure URL filtering, see Configuring URL Filtering Profile in the Configuration-Security Configuration Guide.

For details about how to configure intrusion prevention, see Configuring Intrusion Prevention in the Configuration-Security Configuration Guide.

For details about how to configure the antivirus function, see Configuring Antivirus in the Configuration-Security Configuration Guide.

Web-based Procedure

Attack Defense Profile

  1. Log in to the web platform, and choose Configuration > AP Config > AP Group or Configuration > AP Config > AP Config. Click the AP group name or AP ID to access the AP group or AP configuration page.
  2. Click VAP Configuration and create a VAP profile. Select Attack Defense Profile and create an attack defense profile. Table 3-43 describes the related parameters.
    Figure 3-64 Attack Defense Profile
    Table 3-43 Attack Defense Profile

    Item

    Description

    URL Filtering Profile

    URL filtering profile referenced by the attack defense profile.

    IPS Profile

    IPS profile referenced by the attack defense profile.

    Antivirus Profile

    Antivirus profile referenced by the attack defense profile.

URL Filtering Profile

  1. Log in to the web platform, and choose Configuration > AP Config > AP Group or Configuration > AP Config > AP Config. Click the AP group name or AP ID to access the AP group or AP configuration page.

  2. Click VAP Configuration and create a VAP profile. Select Attack Defense Profile and create an attack defense profile.

  3. On the Attack Defense Profile page, click Apply.

  4. Click next to Attack Defense Profile. Select URL Filtering Profile and create a URL filtering profile. Table 3-44 describes the related parameters.

    Figure 3-65 URL Filtering Profile
    Table 3-44 URL Filtering Profile

    Item

    Description

    Default action
    Default action that the NMS performs on HTTP requests of users to access URLs or hosts that are not in the blacklist or whitelist
    • Allow
    • Block
    • Alert

    The default action is Allow.

    URL Whitelist

    Users are allowed to access URLs or hosts in a whitelist after it is enabled.

    Whitelist

    Add a URL filtering whitelist based on the URL or host name.

    URL Blacklist

    Users are not allowed to access URLs or hosts in a blacklist after it is enabled.

    Blacklist

    Add a URL filtering blacklist based on the URL or host name.

    Filtering Type

    URL- or host name-based filtering.

    Filtering Contents

    Configured filtering content.

IPS Profile

  1. Log in to the web platform, and choose Configuration > AP Config > AP Group or Configuration > AP Config > AP Config. Click the AP group name or AP ID to access the AP group or AP configuration page.

  2. Click VAP Configuration and create a VAP profile. Select Attack Defense Profile and create an attack defense profile.

  3. On the Attack Defense Profile page, click Apply.

  4. Click next to Attack Defense Profile. Select IPS Profile and create an IPS profile. Table 3-45 describes the related parameters.

    Figure 3-66 IPS Profile
    Table 3-45 IPS Profile

    Item

    Description

    Action
    Action after the signature is matched:
    • Default action of the signature: The default action is recommended based on the threat severity.
    • Alert: Permits the packets that match the signature.
    • Block: Discards the packets that match the signature.

    By default, Default action of the signature is used.

    Set a Filter Condition

    After the signature database is upgraded, a large number of signatures exist and are not classified, and features contained in some signatures do not exist on the local network. Therefore, the signature filter is configured to filter these signatures.

    The system filters signatures based on attributes such as the object or severity. If no attribute is set, all signatures are displayed by default.

    Object
    Add the IPS signature of the specified target to an IPS signature filter.
    • Server: adds signatures that detect packets to servers to a signature filter.
    • Client: adds signatures that detect packets to clients to a signature filter.

    Severity

    Add the IPS signature of the specified severity to an IPS signature filter.

    OS

    Add the IPS signature of the specified operating system to an IPS signature filter.

    • Unix-like: Indicates the UNIX operating system, including Linux, HP_unix, AIX, and Sun operating systems.
    • Windows: Indicates the Windows operating system.
    • Android: Indicates the Android operating system.
    • IOS: Indicates the iOS operating system.
    • Other: Indicates other operating system.

    Protocol

    Add the IPS signature of the specified protocol to an IPS signature filter.

    Threat type

    Add the IPS signature of the specified category to an IPS signature filter.

    Set Exception Signatures

    All signatures in a signature filter have the same action. However, you can add a signature as an exception and configure a different action for the exception signature.

    Signature ID

    Specifies the ID of an IPS signature.

    The value range is 1 to 16777215.

    Signature Name

    Name of an exception signature.

    Action
    Action taken after an exception signature is matched:
    • Allow: Indicates that the device permits a packet when a packet matches an exception IPS signature.
    • Alert: Indicates that the device generates an alarm when a packet matches an exception IPS signature.
    • Block: Indicates that the device denies a packet when a packet matches an exception IPS signature.

    The default response action for an exception signature is Allow.

Antivirus Profile

  1. Log in to the web platform, and choose Configuration > AP Config > AP Group or Configuration > AP Config > AP Config. Click the AP group name or AP ID to access the AP group or AP configuration page.

  2. Click VAP Configuration and create a VAP profile. Select Attack Defense Profile and create an attack defense profile.

  3. On the Attack Defense Profile page, click Apply.

  4. Click next to Attack Defense Profile. Select Antivirus Profile and create an antivirus profile. Table 3-46 describes the related parameters.

    Figure 3-67 Antivirus Profile
    Table 3-46 Antivirus Profile

    Item

    Description

    Configure Antivirus for Protocols

    Protocol

    The device supports virus detection for files transmitted using the following protocols:

    • HTTP (Hypertext Transfer Protocol)
    • FTP (File Transfer Protocol)
    • SMTP (Simple Mail Transfer Protocol)
    • POP3 (Post Office Protocol - Version 3)
    • IMAP (Internet Message Access Protocol)
    • NFS (Network File System)
    • SMB (Server Message Block)

    The device has a default configuration file named default for antivirus, which defines the default action in the upload or download direction of each protocol. You cannot modify or delete the default profile.

    Upload/Download

    Whether to enable virus detection for files in different transmission directions.

    • Upload: Indicates file transfer from a client to a server.
    • Download: Indicates file transfer from a server to a client.

    Action

    Action taken after a file is detected to contain viruses, which can be:

    • Block: The system terminates sessions and generates logs.
    • Alert: The system permits files and generates logs.

    Configure Exception Applications

    Application Name

    Name of the application for which an exception response action is to be configured.

    Action
    Response action after an application exception is detected, which can be:
    • Alert: The system permits files and generates logs.
    • Allow: The system permits files.
    • Block: The system terminates sessions and generates logs.

    The default value is Block.

    Configure Exception Viruses

    Virus signature ID

    Virus exception ID.

    The value range is 1 to 4294967295.
Translation
简体中文
Download
Updated: 2021-11-18

Document ID: EDOC1100096116

Views: 365818

Downloads: 2538

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :