Samsung 7200 5.3 SECURITY, DHCP, DSMI, NAT/PT, Firewall, Virtual Private Network (VPN), Intrusion Detection System (IDS), SIP Aware ALG (SIP Application Gateway)

5.3 SECURITY

This security function supports the conversion between private IP addresses and public IP addresses. Network Address Translation and Port Address Translation services protect devices on the private internal LAN from being exposed on the Public Network. This service also allows a single public IP address to be shared among multiple hosts on the internal LAN.

•Access Filtering: Access lists and policies can be implemented to control access to internal resources.

•DMZ Function: Hosts connected to the DMZ port can bypass the network firewall making it easier for external clients to access their services. Applications such as web servers and mail servers are typically connected to the DMZ ports. The private LAN is still protected behind the firewall.

•Port Forwarding:This feature allows external hosts on the public network to access hosts and services on the internal private LAN by forwarding the Public WAN address to a private LAN address based on a spe- cific port.

This function monitors all packets on the network to provide an additional level of security. This feature will prevent various types of attacks and intrusion attempts on the data network. Detection is based on “Snort Rules” which define specific intrusion patterns (can be updated at www.snort.org).

The VPN (Virtual Private Network) feature allows external hosts and networks to access the local private LAN as if they were virtually part of the local LAN. This feature is implemented using the IPSEC (authentication: RSA key, Pre-shared key, x.509 cert) or PPTP (Point to Point Tunnelling Protocol).

The OfficeServ 7200 can function as a DHCP server. This service dynamically can assign IP addresses to all hosts connected to the private LAN.

This feature takes SIP packets coming at the WAN interface and redirects them to any SIP user agents connected to the private LAN.

This service automatically configures the router to allow for VoIP applications such as remote IP phones and IP networking, IP Trunking, etc.

5.4