Creating a set of default intrusion detection policies

Create a set of default intrusion detection policies that you can use to monitor for all intrusions and extrusions across all IP addresses and ports on your system.

Prerequisite: You must have *ALLOBJ and *IOSYSCFG authority to work with intrusion detection policies.
The default intrusion detection policies include attack, scan, and traffic regulation policies. To create a set of default intrusion detection policies, perform these steps:
  1. In IBM® Navigator for i, expand Security > Intrusion Detection.
  2. Click Manage policies.
  3. In the Intrusion Detection Policies page, select New from the Actions menu. The New intrusion detection policy wizard is displayed.
  4. In the Select Policy to Create page, select Create a set of default intrusion detection policies. (If the default policies already exist, an error message is displayed when trying to create them again.)
  5. Follow the instructions in the wizard to create the policies.
  6. Click OK on the Create Default Policies page to create the default policies.
Now your system is ready to catch suspicious events coming in through the TCP/IP network.
The default IDS policies provide intrusion detection coverage for the entire system. If you want more specific policies that cover a specific range of IP addresses or ports, for example, you can create a policy based on a default policy and change those settings. Then you can configure the new policy to take precedence over the default policy. The user-created IDS policy monitors for a subset of intrusions and the system-supplied IDS policy monitors for the rest of the intrusions.