Protecting the user

zHow To Configure Microsoft® Windows XP Virtual Private Network (VPN) client interoperability without NAT-T support

zHow To Configure Microsoft® Windows XP Virtual Private Network (VPN) client interoperability with NAT-T support

zHow To Configure IPsec VPN Between Microsoft ISA Server 2004 and an Allied Telesyn Router Client

zHow To Create a VPN between an Allied Telesis and a SonicWALL router, with NAT-T

zHow To Create a VPN between an Allied Telesis and a NetScreen router

zHow To Troubleshoot A Virtual Private Network (VPN)

Protecting against worms

In the recent history of the Internet, the danger has shifted from viruses to worms. Viruses need humans to transfer them from system to system, for example, by downloading a program. Worms transfer themselves from system to system without human interaction. The most successful worms exploit Microsoft Windows vulnerabilities because of the prevalence of these operating systems. Commonly, a worm causes the same kind of damage to a system as a virus.

Worms and viruses generally exploit flaws in PC operating systems. There are no known worms that affect AlliedWare. In fact, you can configure Allied Telesis switches to protect your network PCs and servers from both internal and external attack from worms.

In an Allied Telesis switched network (where no hubs exist), the switches can forward or drop every packet on the basis of specific criteria. You can employ this packet inspection at no cost to network performance. Therefore, you can configure an Allied Telesis switch to check for packets that appear to exploit a TCP or UDP port that a known worm attacks.

An example of a worm that exploits a port-based vulnerability is the W32.Slammer worm. This worm caused significant denial of service problems several years ago. It propagates via UDP Port 1434, which is the port used by SQL server traffic. All network administrators should have patched their SQL Server 2000 systems against this worm, but we will use it as an example.

Blocking worms through classifier-based filters

On Rapier, Rapier i, AT-8800, AT-8700XL and AT-8600 Series switches, use classifier-based hardware filters to block traffic from a worm.

Configuration 1. Find out which UDP or TCP port the worm attacks.

2.Create a classifier to match traffic arriving at a target switch port, using that UDP or TCP port.

Target switch ports must not be attached to clients who legitimately need to access the UDP or TCP port.

3.Create a filter that uses the classifier and discards matching traffic.

Products

AT-8600 Series

AT-8700XL Series

Rapier i Series

Rapier Series

AT-8800 Series

Software Versions

All

Create A Secure Network With Allied Telesis Managed Layer 3 Switches

25

Page 24 Page 26
Page 25
Image 25
Allied Telesis Layer 3 Switches manual Protecting against worms, Blocking worms through classifier-based filters
Page 24 Page 26
Top Page Image Contents