Using the Intrusion Detection Sample

The intrusion detection component of the template gateway user interface allows users to view a log of activities at the firewall. The sample provides application level detection of port scanning and allows the gateway to detect that someone on the external network is scanning the device. This activity generates an entry into the security log.

OEMs can replace the scanning component to provide new levels of security as new techniques become available. This is similar to updating virus signature files; but the update mechanism for intrusion detection is limited to application level attacks that can be detected in the log.

To add the intrusion detection sample to the gateway image, set the __SYSGEN_GATEWAY_UI_INTRUSION variable when you build your platform.

When you use the Gateway configuration to build your platform, the intrusion detection sample is included by default, but the component is not included in the image because the __SYSGEN_GATEWAY_UI_INTRUSION variable is not set. Because intrusion detection is not enabled, you can remove both the front-end and back-end components from your platform.

To remove the back-end component from your platform

  1. Delete the %_WINCEROOT%\Public\Servers\Oak\Gateway\Admin\Adminfwhook directory.
  2. From the %_WINCEROOT%\Public\Servers\Oak\Gateway\Admin directory, open dirs file, and delete the AdminFWHook entry.
  3. From the %_WINCEROOT%\Public\Servers\Oak\Gateway\Admin\Services directory, open firewallpages.h.
  4. Delete the CIntrusionPage class.
  5. From the // for intrusion.htm section, delete all the #define constants.
  6. Save and close firewallpages.h.
  7. From the %_WINCEROOT%\Public\Servers\Oak\Gateway\Admin\Services directory, open firewallpages.cpp.
  8. Delete all the methods for the CIntrusionPage class.
  9. Delete CIntrusionPage::EstablishPage in the InitValues method.
  10. Save and close firewallpages.cpp.

To remove the intrusion detection links from the front-end

  1. From the %_WINCEROOT%\Public\Servers\Oak\Gateway\Html\Intfile\<Localized Folder> directory, delete the intrusion.htm file.
  2. From the %_WINCEROOT%\Public\Servers\Oak\Gateway\Html\Intfile\<Localized Folder>\Include directory, delete all the lines with reference to Intrusion Detection in the script files.

See Also

Using the Template Gateway User Interface | Customizing the Gateway | How to Create a Gateway

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.