Patton electronic 2621, 2635 manual Intrusion Detection System IDS

Page 78

Models 2603, 2621, and 2635 Getting Started Guide	7 • Security

Intrusion Detection System (IDS)

The security feature in the IPLink Router provides protection from a number of attacks. Some attacks cause a host to be blacklisted (i.e., no trafﬁc from that host is accepted under any circumstances) for a period of time. Other attacks are simply logged. The subsequent table is a summary of the attacks detected.

	Attack Name	Protocol	Attacking Host
	Attack Name	Protocol	Blacklisted?
			Blacklisted?

	Ascend Kill	UDP	yes

	Echo/Chargen	UDP	no

	Echo Scan	UDP	yes

	WinNuke	TCP	yes

	Xmas Tree Scan	TCP	yes

	IMAP SYN/FIN Scan	TCP	yes

	Smurf	ICMP	If victim protection set

	SYN/FIN/RST Flood	TCP	If scanning threshold
			exceeded

	Net Bus Scan	TCP	yes

	Back Oriﬁce Scan	UDP	yes

1.To enable IDS, click on Enabled for “Intrusion Detection Enabled” on the “Security Interface Conﬁgura- tion” page. Then click on Change State.

2.Click on Conﬁgure Intrusion Detection...

3.You may choose which of the parameters to conﬁgure and for which value.

– Use Blacklist: Default = 10 minutes when enabled.

If IDS has detected an intrusion an external host, access to the network is denied for ten minutes.

– Use Victim Protection: Default = Disabled.

Victim Protection. When enabled, Victim Protection protects the victim from an attempted spooﬁng attack. Web spooﬁng allows an attacker to create a ‘shadow’ copy of the world wide web (WWW). All access to the shadow Web goes through the attacker’s machine, so the attacker can monitor all of the victim’s activities and send false data to or from the victim’s machine. When enabled, packets destined for the victim host of a spook- ing style attack are blocked.

–Victim Protection Block Duration: Default = 600 seconds

–DOS Attack Block Duration:Default = 1800 seconds (30 minutes).

A Denial of Service (DOS) attack is an attempt by an attacker to prevent legitimate users from using a service. If a DOS attack is detected, all suspicious hosts are blocked by the ﬁrewall for a set time limit

– Scan Attack Block Duration:Default = 86400 seconds

Sets the duration for blocking all suspicious hosts. The ﬁrewall detects when the system is being scanned by a suspicious host attempting to identify any open ports.

Intrusion Detection System (IDS)

78

Image 78

Contents IPLink Series High Speed Routers Mailsupport@patton.com Summary Table of Contents Contents Models 2603, 2621, and 2635 Getting Started Guide Remote Site Configuration Central site configuration EMC Ethernet Cable 123 Adapter Models 2603, 2621, and 2635 Getting Started Guide List of Figures Models 2603, 2621, and 2635 Getting Started Guide List of Tables About this guide AudienceStructure Precautions Safety when working with electricityImpaired functioning Factory default parameters General observationsTypographical conventions used in this document General conventionsChapter contents General InformationIPLink Series High Speed Routers overview General attributesPPP Support EthernetProtocol support WAN InterfacesLogging or Smtp on events POST, Post errors, PPP/DHCP, IP SecurityFront Panel Status LEDs and Console Port Rear panel connectors and switches Console portOn the rear panel from left to right are the following Power connector Ethernet port outlined in greenGeneral Information Product Overview Introduction Applications Overview Sync Serial ApplicationInitial Conﬁguration Hardware installation Interface cable installationWhat you will need RJ-48C pinout diagram Initial Configuration Ethernet connector Interface connector RJ-45 DB-15 Case being opened with a screwdriver Ethernet connector Interface connector RJ-45 DB-25 Installing the AC power cord DCEInitial Configuration Installing the Ethernet cable Do the followingWeb Operation and Conﬁguration IP address modiﬁcationIP address has now been successfully changed PC ConﬁgurationModel 2603 home Model 2635 home Ethernet LAN Port LAN Connections Ethernet PortBasic Ethernet port attributes Conﬁgurable Ethernet parameters Serial Port Conﬁguration WAN Serial Port Conﬁguration Serial InterfaceVariables Web Interface Conﬁguration T1/E1 Interface ConﬁgurationConﬁguring the IPLink Series 2603 for T1 Operation Web Conﬁguration , enter username See ﬁgureLine Options Fractional T1 Conﬁguring the IPLink Series 2603 for E1 OperationSerial Port Configuration WAN Services PPP BridgedWAN Services WAN Service Conﬁguration PPP ConﬁgurationPPP Bridged Leave User name and Password blank. Click on Create PPP Routed Remote site conﬁgurationClick on Create PPP Routed Conﬁguration menuClick the Update button Edit IP address of WAN portPPP link status Username blank Password blank Click on the Create button LMI Management Frame Relay linksLMI Conﬁguration Web Conﬁguration Methods Frame Relay Conﬁguration Dlci Number UseFrame Relay bridged Frame Relay bridged creationCentral site conﬁguration Frame Relay Routed RelayDescription FR routed Frame Relay Channel Routed conﬁguration Cost Interface frame-0 IP route for Frame Relay routed applicationWAN Services Security Click on Create a new service Conﬁguring the routerClick on the Create a new Ip route... hyperlink Conﬁguring the security interfaces Valid gateway routeSecurity conﬁguration home Conﬁguring Security Policies Click on the hyperlink New Policy... See ﬁgureEnabling the Firewall Firewall PortﬁltersDeleting a security Policy Security Triggers You can now ping between the two networksConﬁguring TCP port ﬁlter for FTP Adding trigger for FTP data transfer Intrusion Detection System IDS Attack Name Protocol Attacking Host Blacklisted?Security Introduction to NAT Enabling NATGlobal address pool and reserved map Click on Add Global Address Pool button Dhcp and DNS Conﬁguration Services and features normally associated with each other Dhcp Server NATDhcp Server web Parameters for the Dhcp Server subnet Dhcp server conﬁguration webIP Addresses to be available on this subnet Next section see ﬁgure 58. has three parametersExample based on default range of IP address pool DNS server option informationDhcp Relay Default gateway option informationAdditional option information Conﬁguration of the Dhcp RelayDhcp Relay webpage DNS Relay Conﬁguring the DNS RelayDNS Relay conﬁguration webpage IP Services WEB Server IP ServicesNext command disables the WEB server CLI ConﬁgurationAssociated Ports for the different System IP Services System Conﬁguration Authentication Authentication web page showing default superuserAlarm Access the conﬁguration and status of the alarmsRemote Access Alarm & Alarm Error Log conﬁgurationUpdate Backup/RestoreSave Website Settings RestartError Log Snmp DaemonSystem Tools Snmp Daemon conﬁgurationSntp Client Conﬁguration Sntp Client Mode Conﬁguration Parameters Conﬁguring the Sntp ClientSystem Clock Setting Sntp Client General Conﬁguration ParametersConﬁguration of the internal system calendar clock System Status System Status Port Connection StatusWAN Status LAN StatusMAC address the MAC address of the Ethernet port Hardware StatusStatus LEDs Contacting Patton for assistance Warranty coverage Contact informationPatton support headquarters in the USA Return for credit policy Out-of-warranty serviceReturns for credit RMA numbersAppendix a Compliance information EMCCE Declaration of Conformity ComplianceRadio and TV Interference FCC Part FCC Part 68 Acta Statement Model 2603 onlyIndustry Canada Notice 2603 Model only Appendix B Speciﬁcations Sync Serial Interface General CharacteristicsEthernet T1/E1 InterfaceProtocol Support PPP SupportManagement AC universal power supply DimensionsPower and Power Supply Speciﬁcations VDC power supplyAppendix C Cable Recommendations Ethernet Cable AdapterAppendix D IPLink Physical Connectors Assuming the MDI-X switch is in the out position RJ-45 shielded 10/100 Ethernet portRJ-45 non-shielded RS-232 console port EIA-561 35 M/34 and DB-25 Connector Serial port21 DB-15 Connector Pin No Circuit Signal Name DirectionE1/T1 RJ-48C Connector Pin No SignalAppendix E Command Line Interface CLI Operation Produces a list of numbered transport objects Using the ConsoleCLI Terminology Local VT-100 emulationAnother example shows when the user must provide a parameter ThenEnter the new password twice as prompted Administering user accountsSetting user passwords Adding new usersControlling user access Changing user settingsControlling login access For example, to change the security level for fred, enter

Related manuals

Manual 133 pages 54.65 Kb