beautypg.com

RAD Data comm BLW-04EX User Manual

Page 27

background image

46

BLW-04EX

45

BLW-04EX

Stateful Packet Inspection

This option all ows you to sel ect di fferent application types that are using

dynami c port numbers. If you need to use t he St ateful Packet Inspect ion

(SPI) for blocking packets, check the radio button in the “Enable SPI and

Anti-DoS firewall protection” field and then check the inspection type that

you need, such as Packet Fragmentation, TCP Connection, UDP Session,

FTP Service, H.323 Service and TFTP Service.

Hacker Prevention Feature

The BLW-04 EX firewal l i nspect s packet s at the ap plicati on layer, and

main tains TCP and UDP sess ion i nformati on, i ncludi ng ti meout s and

number of active sessions, provides the ability to detect and prevent certain

types of network attacks such as DoS attacks.

Network attacks that deny access to a network device are called denial-of-

service (DoS) attacks. Denials of Service (DoS) attacks are aimed at devices

and networks with a connection to the Internet. Their goal is not t o st eal

informati on, but to disable a device or net work so users no l onger have

access to network resource.

By using the above inspected information and timeout/threshold critieria,

the BLW-04EX provides the foll owing DoS attack prevent ions: Ping of

Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop

Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero

length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack

etc.

Note:

The firewall does not significantly affect system performance, so we advise

enabling the prevention features to protect your network users.

When hackers attempt to enter your network, we can alert you by e-mail

Enter your E-mail address for alerting hacker access. Specify your E-mail

servers, user name and password.

Connection Policy Enter the appropriate values for TCP/UDP sessions

DoS Criteria and Port Scan Criteria Setup DoS and port scan criteria in the

spaces provided.

DMZ (Demilitarized Zone)

If you have a client PC that cannot run an Internet application properly from

behind the firewall, then you can open the client up to unrestricted two-way

Internet access. Enter the IP address of a DMZ host to this screen. Adding a

client to the DMZ (Demilitarized Zone) may expose your local network to a

variety of security risks, so only use this option as a last resort.