Creating a set of default intrusion detection policies
Create a set of default intrusion detection policies that you can use to monitor for all intrusions and extrusions across all IP addresses and ports on your system.
Prerequisite: You must have *ALLOBJ and *IOSYSCFG authority to work with intrusion detection policies.
The default intrusion detection policies include attack, scan, and traffic regulation policies. To create a set of default intrusion detection policies, perform these steps:
- In IBM® Navigator for i, expand .
- Click Manage policies.
- In the Intrusion Detection Policies page, select New from the Actions menu. The New intrusion detection policy wizard is displayed.
- In the Select Policy to Create page, select Create a set of default intrusion detection policies. (If the default policies already exist, an error message is displayed when trying to create them again.)
- Follow the instructions in the wizard to create the policies.
- Click OK on the Create Default Policies page to create the default policies.
Now your system is ready to catch suspicious events coming in through the TCP/IP network.
The default IDS policies provide intrusion detection coverage for the entire system. If you want more specific policies that cover a specific range of IP addresses or ports, for example, you can create a policy based on a default policy and change those settings. Then you can configure the new policy to take precedence over the default policy. The user-created IDS policy monitors for a subset of intrusions and the system-supplied IDS policy monitors for the rest of the intrusions.