Symbol Technologies WS 2000 manual Configurable Firewall Filters

Page 53

Gateway—How to Configure the WS 2000 Firewall

Configurable Firewall Filters

The administrator can enabled or disabled the following filters. By default, all these filters are activated. If it reasonable to turn off the filters if one of the following things is true:

The switch is on a completely isolated network with no access to the Internet and is therefore secure.

The switch is heavily loaded a slight increase in performance outweighs the safety of the network.

Blocking these types of attacks would also block legitimate traffic on their network (although this scenario is highly unlikely.

SYN Flood Attack Check

A SYN flood attack requests a connection and then fails to promptly acknowledge a destination host’s response, leaving the destination host vulnerable to a flood of connection requests.

Source Routing Check

A source routing attack specifies an exact route for a packet’s travel through a network, while exploiting the use of an intermediate host to gain access to a private host.

Winnuke Attack Check

A “Win-nuking” attack uses the IP address of a destination host to send junk packets to its receiving port. This attack is a type of denial of service (DOS) attack that completely disables networking on systems Microsoft Windows 95 and NT. Because this attack is only affective on older systems, it may not be necessary to enable this feature on a LAN with newer Microsoft Windows operating systems or with systems that have the appropriate “Winnuke” patches loaded.

FTP Bounce Attack Check

An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary ports on machines other than the originating client.

IP Unaligned Timestamp Check

An IP unaligned timestamp attack uses a frame with the IP timestamp option, where the timestamp is not aligned on a 32-bit boundary.

Sequence Number Prediction Check

A sequence number prediction attack establishes a three-way TCP connection with a forged source address, and the attacker guesses the sequence number of the destination host’s response.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

53

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 52 Page 54
Image 53
Page 52 Page 54
Contents 72E-67701-01 Rev a March WS 2000 Wireless Switch VersionSystem Reference Patents CopyrightTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 Document Conventions WS 2000 Wireless Switch System Reference GuideAbout this Document Wireless LAN Wlan Security Management of Access PortsSystem Overview Firewall SecurityHardware Overview Technical SpecificationsPhysical Specifications Cell Controller Services Operating System OS ServicesPower Specifications Environmental SpecificationsGateway Services 802.11b Support 802.11a SupportAccess Ports Network Address Translation NAT Gateway ServicesWS 2000 Wireless Switch Firewall Snmp Management Support Layer 3 RoutingDhcp Client and Server OverviewWEP 128 104-bit Key 802.1x with Radius AuthenticationWEP 64 40-bit key Kerberos Authentication 802.1x with Shared Key AuthenticationKeyGuard-MCM Support Wireless Protected Access WPAGetting Started Overview Installing the SwitchSet up Communication to the Switch Getting Started Overview Changing the Administrator Password Configuring the Switch Configure the LAN InterfaceField Description Defining the SubnetsInterfaces Configure SubnetsDhcp Configuration Advanced Dhcp Settings Communicating with the Outside World Configure the WAN InterfaceSetting Up Point-to-Point over Ethernet PPPoE Communication Chap Enable Wireless LANs WLANsWireless Summary Area Access Port Adoption Configure WLANsSubnet Configure Wlan SecurityField Description Name 802.1x EAP Authentication Setting the Authentication MethodConfiguring WEP Encryption Setting the Encryption MethodKerberos Authentication Configuring WPA-TKIP Configure Wlan Security No Encryption KeyGuard-MCMMobile Unit Access Control List ACL Configure Access PortsConfigure Access Ports Name Configure Subnet AccessAccess Exception Area Access Overview TableColor Access Type Description Green YellowHttp Protocol Transport Description Port UsedALL Transport DescriptionWLAN-How to Configure Advanced Settings Advanced ConfigurationWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Dtim Period Beacon IntervalSecurity Beacon WLAN-Advanced Access Port SettingsPrimary Wlan WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Always On Firewall Filters Gateway-How to Configure the WS 2000 FirewallConfigurable Firewall Filters Mime Flood Attack Check Gateway-How to Configure Static RoutesDefining Routes Setting the RIP ConfigurationNo RIP RIPRIP v2 Security-How to Configure 802.1x EAP AuthenticationCompat NoneSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server WS 2000 Wireless Switch LED Functions Switch SettingsOverview Location DescriptionChanging the Name of the Switch Location field Change the Location and Country Settings of the WSUpdating the WS 2000 Wireless Switch’s Firmware How to Restart the WS 2000 Wireless SwitchPerforming the Firmware Update Checking for and Downloading Firmware updatesExporting and Importing Wireless Switch Settings System ConfigurationTo Export Settings to a Local File To Import or Export Settings to an FTP SiteTo Import Settings to a Local File How to Restore Default Configuration Settings Property Value How to Configure Snmp Traps Remote AdministrationSetting the Snmp Version Configuration Setting Up Snmp v1/v2c Community DefinitionsNoAuth Setting Up Snmp v3 Community DefinitionsAuthNoPriv AuthPrivSetting the Trap Configuration Setting Up the Access Control ListConfiguration AuthenticationTrap Trap Name Generates a Trap when… Category Cold StartSetting the Trap Configuration for Snmp v1/v2c Setting the Trap Configuration for Snmp Configure Administrator AccessAccess Port Description Configure Management AccessSetup AirBEAM Software Access Access Port StatisticsChanging the Administrator and Manager Passwords Statistics and LogsGeneral Access Port Information Associated Mobile Units Received and Transmitted TablesSubnet Statistics Transmitted Description Field Received Field DescriptionInterfaces WAN StatisticsReceived Field Description Viewing the Log on the Switch Setting Up and Viewing the System LogSetting Up a Log Server Background Retail Use CasesPlan Contacting the Wireless Switch Configuring the System SettingsEntering the Basic System Settings Setting Access Control Subnet IP Address Range Configuring the SubnetsIP Address Plan For each subnet Configuring POS SubnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Setting Access Port Defaults Configuring the Access PortsSwitch Port Connected to Inspecting the FirewallNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the Cafe Wlan Configuring the WLANsName Printer Configuring the Printer WlanFor the POS WLAN, she makes the following choices Configuring the POS WlanSetting Subnet Access Retail Use Cases Configuring the Clients Testing ConnectionsWireless Authentication Encryption Channel Client IP Address Subnet Mask Gateway PortField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the Engineering LAN Configuring the LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example Adopting Access Ports Confirm Firewall ConfigurationMAC Address Location Adoption List LabelField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents