Manuals / Billion Electric Company / Computer Equipment / Network Card

Billion Electric Company 30 user manual Intrusion Detection

Models: 30

1 209

Download 209 pages 59.73 Kb

Page 111

4.4.5.5 Intrusion Detection

Blocking WAN requests is one way to prevent DDOS attacks by preventing ping requests from the Internet. Use this menu to enable or disable function.

4.4.5.5 Intrusion Detection

Intrusion Detection can prevent most common DoS attacks from the Internet or from LAN users.

Intrusion Detection: Enable or disable this function.

Intrusion Log: All the detected and dropped attacks will be shown in the system log.

ARP Protection: ARP protection is used to protect users on the LAN against ARP virus. When enabled, ARP Protection will only protect computers that were set in Fixed Host (refer to page 78) so that the ARP table of the hosts can be updated. Periodically BiGuard30 will send ARP packets to these computers to refresh their ARP tables. Enabling ARP Protection can prevent potential viruses infecting computers within the local network. Enabling this option will mitigate the effect of ARP virus attack on LAN.

Session Limit: Allows administrators to self-define the amount of sessions that currently allowed to connect to BiGuard30. This function limits the number of connections on per-user basis. This is useful when controlling users who will use the applications which create a large number of connections (such as P2P software).

No Limit: No restrictions on the amount of sessions allowed to connect to BiGuard30.

Limit Maximum sessions per IP to: Restricts an upper limit of sessions allowed to connect to BiGuard30, additional sessions beyond the maximum limit will not be allowed to connect.

111

Image 111

Billion Electric Company 30 user manual Intrusion Detection

Contents

Version Release 7.01 FW1.06p BiGuardiBusiness Security Gateway SMB User’s Manual Trademarks Updated March 28 Copyright InformationBiGuard 30 User’s Manual DisclaimerSafety Warnings 1.1 Overview 1.2 Product Highlights Table of Contents Chapter 1 Introduction1.3 Package Contents Chapter 2 Router Applications3.5 Factory Default Settings Chapter 4 Router Configuration3.1 Overview 3.2 Before You Begin 3.3 Connecting Your Router 3.4 Configuring PCs for TCP/IP Networking4.4.2.2 Bandwidth Settings 4.4.2.3 WAN IP Alias 4.4 Configuration4.3 Quick Start 4.4.2.1 ISP Settings5.2 LAN Interface Chapter 5 Troubleshooting4.5 Save Configuration To Flash 4.6 Logout 5.1 Basic FunctionalityE.1 What is a VPN? Appendix A Product Specifications Appendix B Customer Support5.4 ISP Connection 5.5 Problems with Date and Time 5.6 Restoring Factory DefaultsE.2.2 IPSec Modes E.2 What is IPSec?E.2.1.1 Authentication Header AH E.2.1 IPSec Security ComponentsH.12 PPTP Remote Access by Windows XP Appendix H Router Setup ExamplesWhat is Quality of Service? H.7 VPN ConfigurationChapter 1 Introduction 1.1 Overview1.2 Product Highlights BiGuard 30 iBusiness Security Gateway SMB 1.3 Package ContentsPower Status WAN1 WAN21.3.2 Rear Panel RESET WAN2 WAN1 LAN 1.3.4 Cabling 2.2.1 QoS Technology 2.1 Overview2.2 Bandwidth Management with QoS Chapter 2 Router ApplicationsVoIP Normal PCs Restricted PC 2.2.2 QoS Policies for Different Applicationslow network latencies to function properly. If bandwidth is being used by other applications such as an FTP server, users using VoIP will experience network lag and/or service interruptions during use. To avoid this scenario, this network has assigned VoIP with a guaranteed bandwidth and higher priority to ensure smooth communications. The FTP server, on the other hand, has been given a maximum bandwidth cap to make sure that regular service to both VoIP and normal Internet applications is uninterrupted policies for different PCs on the network. Policy based traffic shaping lets you better manage your bandwidth, providing reliable Internet and network service to your organization 2.2.7 DiffServ DSCP Marking 2.2.6 Management by IP or MAC address2.2.8 DSCP Matching 2.3 Outbound Traffic2.3.1 Outbound Fail Over 192.168.2.3 1st ConnectionISP 2nd connection 192.168.2.22.4.1 Inbound Fail Over 2.4 Inbound TrafficBefore Fail Over After Fail Over2.4.2 Inbound Load Balancing Remote Access from Internet 2.5 DNS InboundHTTP 2.5.1 DNS Inbound Fail Over ISP ISPBefore Fail Over After Fail OverDNS Reply Heavy load on WANHeavy load on WAN DNS RequestIn the example above, the client is making a DNS request. The request is sent to the DNS server of BiGuard 30 through WAN2 1. WAN2 will route this request to the embedded DNS server of BiGuard 30 2. BiGuard 30 will analyze the bandwidth of both WAN1 and WAN2 and decide which WAN IP to reply to the request 3. After the decision is made, BiGuard 30 will route the DNS reply to the user through WAN2 4. The user will receive the DNS reply with the IP address of WAN1 5. The browser will initiate an HTTP request to the WAN1 IP address 6. The HTTP request will be send to BiGuard 30’s URL Host Map 7. The Host Map will then redirect the HTTP request to the HTTP server 8. The HTTP server will reply 9. The URL Host Map will route the packet through WAN1 to the user 10. Finally, the client will receive an HTTP reply packet 2.6 Virtual Private NetworkingBiGuard Client 2.6.1 General VPN SetupBefore Fail Over After Fail Over2.6.2 VPN Planning - Fail Over BiGuard Before Fail Over3.1 Overview 3.2 Before You BeginChapter 3 Getting Started 3.3 Connecting Your Router 3.4.1 Overview 3.4 Configuring PCs for TCP/IP Networking3.4.2 Windows XP 3.4.2.1 Configuring 1. Select Start Settings Network Connections3. Select Internet Protocol TCP/IP and click Properties 5. Click OK to finish the configuration 2. In the Command Prompt window, type ipconfig and then press ENTER 3.4.2.2 Verifying SettingsTo verify your settings using a command prompt 1. Click Start Programs Accessories Command PromptTo verify your settings using the Windows XP GUI 1. Click Start Settings Network ConnectionsAn IP address between 192.168.1.1 and A subnet mask of 3. Click the Support tab If you are using BiGuard 30’s default settings, your PC should 3.4.3.1 Configuring 1. Select Start Settings Control PanelHave an IP address between 192.168.1.1 and Have a subnet mask of Page 5. Select Internet Protocol TCP/IP and click Properties 4. In the Local Area Connection window, click PropertiesPage 7. Click OK to finish the configuration 3.4.3.2 Verifying Settings1. Click Start Programs Accessories Command Prompt 2. In the Command Prompt window, type ipconfig and then press ENTER If you are using BiGuard 30’s default settings, your PC should haveAn IP address between 192.168.1.1 and A subnet mask of 3.4.4 Windows 98 / Me 3.4.4.1 Installing ComponentsYou must have the following installed If you need to install a new Ethernet adapter, follow these steps An Ethernet adapter TCP/IP protocol Client for Microsoft Networksa. Click Add b. Select Adapter, then Add If you need TCP/IP a. Click Add b. Select Protocol, then click Add If you need Client for Microsoft Networks a. Click Add c. Select Microsoft. Æ TCP/IP, then OK3.4.4.2 Configuring 1. Select Start Settings Control Panel b. Select Client, then click Add3. Restart your PC to apply your changes Page Page 6. Click OK to apply the configuration 3. From the drop-down box, select your Ethernet adapter 3.4.4.3 Verifying SettingsTo check the TCP/IP configuration, use the winipcfg.exe utility 1. Select Start Run 2. Type winipcfg, and then click OKAn IP address between 192.168.1.1 and A subnet mask of 3.5 Factory Default SettingsA default gateway of Web Interface Username admin Password admin LAN Device IP SettingsWAN Port IP address Subnet Mask3.6 Information From Your ISP LAN PortDHCP Static IP PPPoE PPTP Big Pond 1. Select Start Settings Control Panel 3.6.2.1 Windows2. Double-click the Network icon 4. Select Internet Protocol TCP/IP and click Properties Page 7. Click OK to save your changes server address automatically radio buttonBiGuard 30 includes a Web Configuration Interface for easy administration via virtually any browser on your network. To access this interface, open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click Go. A user name and password window prompt will appear. Enter your user name and password the default user name and password are admin and admin to access the Web Configuration Interface 3.7 Web Configuration InterfaceChapter 4 Router Configuration 4.1 Overview4.2.1 ARP Table 4.2 Status4.2.2 Routing Table Sessions 4.2.5 IPSec Status 4.2.7 Traffic Statistics 4.2.6 PPTP Status4.2.9 IPSec Log 4.2.8 System Log4.3.1 DHCP 4.3 Quick Start4.3.3 PPPoE 4.3.2 Static IP4.3.5 Big Pond 4.3.4 PPTP4.4 Configuration Subnet Mask Enter the subnet mask 255.255.255.0 by default RIP RIP v2 Broadcast and RIP v2 Multicast. Check to enable RIPAddress Mapping 4.4.1.1 Ethernet 4.4.1.2 DHCP Server WAN IP Alias 4.4.1.3 LAN Address MappingPlease click Create to create a LAN Address Mapping rule IP Alias 4.4.2.1 ISP Settings 4.4.2.1.1 DHCP 4.4.2.1.2 Static IP 4.4.2.1.3 PPPoE 4.4.2.1.4 PPTP Settings 4.4.2.1.5 Big Pond Settings 4.4.2.2 Bandwidth Settings 4.4.2.3 WAN IP Alias 4.4.3 Dual WAN 4.4.3.1 General Settings4.4.3.2 Outbound Load Balance Choose one by clicking the corresponding radio button 1. By session mechanism 2. By IP address hash mechanism4.4.3.3 Inbound Load Balance Retry Interval The interval retries are done. Denoted in seconds Admin. Mail Box The administrator’s email account.e.gadmin@abc.comSerial Number It is the version number that keeps in the SOA record Refresh Interval The interval refreshes are done. Denoted in secondsPrivate IP Address The IP address of the local host To add a host mapping URL to the list, click CreateDomain Name The domain name of the local host Host URL The URL to be mapped4.4.3.4 Protocol Binding All Destination IP Click it to specify all source IPs Interface Choose which WAN port to use WAN1, WAN2Source IP Range All Source IP Click it to specify all source IPs Destination IP Range4.4.4.1 Time Zone 4.4.4.2 Remote Access Allow Remote Access By Only the PC Please specify the IP Address that is allowed to access4.4.4.3 Firmware Upgrade 4.4.4.4 Backup / Restore 4.4.4.5 Restart 4.4.4.6 Password4.4.4.7 System Log Server Click Reset to reset to the default administration password admin4.4.4.8 E-mail Alert 4.4.5.1 Packet Filter When the entry is upper, the priority is higher Source IP Select Any, Subnet, IP Range or Single Address Destination IP Select Any, Subnet, IP Range or Single Address4.4.5.2 URL Filter URL Filtering You can choose to Enable or Disable this feature Domains Filtering Click the top checkbox to enable this feature. You can also choose to disable all web traffic except for trusted sites by clicking the bottom checkbox. To edit the list of filtered domains, click Details 4.4.5.3 LAN MAC Filter 4.4.5.4 Block WAN Request 4.4.5.5 Intrusion Detection You can find two items under the VPN section IPSec and PPTP 4.4.6.1 IPSec4.4.6.1.1 IPSec Wizard Connection Name A user-defined name for the connection Back Back to the Previous page Next Go to the next page Back Back to the Previous page Next Go to the next page Next Go to the next page Done Click Done to apply the rule Back Back to the Previous page Next Go to the next page4.4.6.1.2 IPSec Policy Configuring a New VPN ConnectionConnection Name A user-defined name for the connection interface if Auto is selected Any Local Address Will enable any local address on the network DPD Setting DPD, Dead Peer Detection Peer Encryption Mode Only Stateless or Allow Stateless and Stateful Click Create to create a new PPTP VPN connection account4.4.6.2 PPTP 4.4.7 QoS WAN1 Outbound Creating a New QoS Rule For IP Address Bandwidth TypeFor MAC Address 4.4.8 Virtual Server4.4.8.1 DMZ 4.4.8.2 Port Forwarding Table 4.4.9 Advanced 4.4.9.1 Static Route 4.4.9.2 Dynamic DNS Wildcard Select this check box to enable the DYNDNS Wildcard Device Name Web Server SettingsSNMP Access Control 4.4.9.3 Device ManagementSNMP V1 and SNMP4.4.9.4 IGMP 4.4.9.5 VLAN Bridge 4.6 Logout 4.5 Save Configuration To Flash5.1.2 LEDs Never Turn Off Chapter 5 Troubleshooting5.1 Basic Functionality 5.1.1 Router Won’t Turn On5.2.2 Can’t Ping Any PC on the LAN 5.1.4 Forgot My Password5.2.1 Can’t Access BiGuard 30 from the LAN 5.2 LAN InterfaceCheck the corresponding LAN LEDs on your PC’s Ethernet device are on 4. Click OK under Internet Options to close the dialogue 5.2.3.1 Pop-up Windows Disabling All Pop-upsEnabling Pop-up Blockers with Exceptions If you only want to allow pop-up windows with your BiGuard5.2.3.3 Java Permissions 4. Ensure that Scripting of Java applets is set to Enabled5.4 ISP Connection 5.3 WAN Interface4. Click OK to close the dialogue If an IP address cannot be obtained 5.5 Problems with Date and Time 5.6 Restoring Factory DefaultsIf an IP address can be obtained, but your PC cannot load any web pages from the Internet Appendix A Product Specifications Availability and ResilienceVirtual Private Network Firewall Content FilteringQuality of Service Control Network Protocols and FeaturesOperating Environment Physical SpecificationsPower Requirement Physical InterfaceContact Billion Appendix B Customer SupportThis device may not cause harmful interference Appendix C FCC Interference StatementAppendix D Network, Routing, and Firewall Basics D.1 Network BasicsD.1.1.1 Net mask D.1.1.2 Subnet Addressing D.1.1.3 Private IP Addresses10.0.0.0 172.16.0.0 192.168.0.0 from these ranges D.2 Router Basics Routers can vary in performance and scale, the types of physical WAN connection they support, and the number of routing protocols supported. BiGuard 30 offers a convenient and powerful way for small-to-medium businesses to connect their networksD.3.1.2 Denial of Service DoS Attack D.3 Firewall BasicsD.3.1.1 Stateful Packet Inspection With a LAN connected to the Internet through a router, there is a chance for hackers to access or disrupt your network. A simple NAT router provides a basic level of protection by shielding your network from the outside Internet. Still, there are ways for more dedicated hackers to either obtain information about your network or disrupt your network’s Internet access. Your BiGuard 30 provides an extra level of protection from such attacks with its built-in firewall VPNs are traditionally used three ways E.1 What is a VPN?E.2 What is IPSec? Appendix E Virtual Private NetworkingThere are three major functions of IPSec E.2.1.1 Authentication Header AHESP divides its fields into three components… E.2.1.2 Encapsulating Security Payload ESPSA is identified by 3 parameters E.2.1.3 Security Associations SAAH/E E.2.3 Tunnel Mode AHAH/E TC DatESP Authentication Quick Mode Without PFS Main ModeAggressive Mode Quick Mode With PFSencryption algorithm, hash algorithm, and authentication method F.1 IPSec Log Event CategoriesF.2 IPSec Log Event Table encryption algorithm, hash algorithm, and authentication methodReceived Aggressive mode first Sending the third message of main mode. Done for authenticationReceived the third message of main mode. Done for authentication Send Aggressive mode firstIKE Negotiated Status Messages Rejected IKE MessagesMain/Aggressive mode peer ID is identifier string Received Delete SA payload Deleting ISAKMP State integerISAKMP SA Established IPsec SA Established Appendix G Bandwidth Management with QoS G.2 What is Quality of Service?G.1 Overview G.3 How Does QoS Work?G.4.1 Home Users G.4 Who Needs QoS?Application ApplicationData Ratio % PriorityAppendix H Router Setup Examples H.1 Outbound Fail OverPage H.2 Outbound Load Balancing Step 2 Configure your WAN2 ISP settings and click Apply Step 6 Click Save Config to save all changes to flash memory General Settings. Select the Fail Over radio button H.3 Inbound Fail OverStep 2 Configure Fail Over options if necessary Step 5 Click Save Config to save all changes to flash memory Step 4 From the same menu, set the WAN2 DDNS settings1st connection H.4 DNS Inbound Fail OverBefore Fail Over After Fail OverStep 3 Input DNS Server 1 settings and click Apply Enable radio button and configure DNS Server 1 by clicking EditDNS Request H.5 DNS Inbound Load BalancingHeavy load on WAN Heavy load on WANBalance radio button Step 3 Go to Configuration Dual WAN Inbound Load Balance Host URLMapping and configure your FTP mapping Step 4 Next configure your HTTP mappingStep 5 Click Save Config to save all changes to flash memory HTTP H.6 Dynamic DNS Inbound Load BalancingRemote Access from Internet inbound and outbound bandwidthStep 2 Go to Configuration Dual WAN General Settings and enable Load Balance mode. You may then decide whether to enable Service Detection or not WAN1 Page H.7.1 LAN to LAN H.7 VPN ConfigurationRemote Branch OfficeHead Office LocalH.7.2 Host to LAN Single clientHead Office Proposal H.8 IP Sec Fail Over Gateway to GatewayBefore Fail Over After Fail OverPage Page BiGuard H.9 VPN ConcentratorBiGuard Branch Aand configure the and configure the H.10 Protocol Binding Step 5 Click Save Config to save all changes to flash memoryBalancing radio button Step 2 Go to Configuration Dual WAN Protocol Binding and configure settings for WAN1 Internet H.11 Intrusion DetectionH.12 PPTP Remote Access by Windows XP InternetApply Step2 Click Create to create a PPTP AccountStep3 Click Apply, you can see the account is successfully created Step5 In Windows XP, go Start Settings Network Connections Step4 Click Save Config to save all changes to flash memoryStep7 Select Connect to the network at my workplace and press Next Step6 In Network Tasks, Click Create a new connection, and press NextStep9 Input the user-defined name for this connection and press Next Step8 Select Virtual Private Network connection and press NextStep11 Please press Finish Step10 Input PPTP Server Address and press NextStep12 Double click the connection, and input Username and Password that defined in BiGuard PPTP Account Settings Branch Office H.13 PPTP Remote Access by BiGuardInternet InternetStep4 Click Save Config to save all changes to flash memory Step2 Click Create to create a PPTP AccountStep3 Click Apply, you can see the account is successfully created Step6 Click Apply, and Save CONFIG