SMC Networks SMC7008ABR manual Intrusion Detection, Stateful Packet Inspection

Models: SMC7008ABR

1 46
Download 46 pages 41.76 Kb
Page 27
Image 27

7008ABR – Manual

Intrusion Detection

The Intrusion Detection feature of the Barricade limits the access of the incoming traffic from the WAN port. When the SPI feature is turned on, all the incoming packets will be blocked unless certain types of traffic types are checked by the users. When the user checks certain types of traffic, only the particular type of traffic initiated from the Internal LAN will be allowed. For example, if the user only checks “FTP service” from the Stateful Packet Inspection page, all the incoming traffic will be blocked except the FTP connection initiated from the local LAN.

oStateful Packet Inspection

This option allows you to select different application types that are using dynamic port numbers. If you need to use the Stateful Packet Inspection (SPI) for blocking packets, click on the “Yes” radio button in the “Enable SPI and Anti-DoS firewall protection” field and then check the inspection type that you need, such as Packet Fragmentation, TCP Connection, UDP Session, FTP Service, H.323 Service and TFTP Service.

oHacker Prevention Feature

The Barricade firewall inspects packets at the application layer, and maintains TCP and UDP session information, including timeouts and number of active sessions, provides the ability to detect and prevent certain types of network attacks such as DoS attacks. Network attacks that deny access to a network device are called denial- of-service (DoS) attacks. Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to the network resource.

By using the above inspected information and timeout/threshold criteria, the Barricade provides the following DoS attack preventions: Ping of Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack etc.

NOTE: The firewall does not significantly affect system performance, so we advise enabling the prevention features to protect your network users.

27

Page 27
Image 27
SMC Networks SMC7008ABR manual Intrusion Detection, Stateful Packet Inspection, Hacker Prevention Feature