beautypg.com

Chapter 1. product overview, About d-link netdefendos, Product overview – D-Link DFL-2500 User Manual

Page 14

background image

Chapter 1. Product Overview

This chapter outlines the key features of NetDefendOS.

About D-Link NetDefendOS, page 14

NetDefendOS Architecture, page 16

NetDefendOS State Engine Packet Flow, page 19

1.1. About D-Link NetDefendOS

D-Link NetDefendOS is the firmware, the software engine that drives and controls all D-Link
Firewall products.

Designed as a network security operating system, NetDefendOS features high throughput
performance with high reliability plus super-granular control. In contrast to products built on
standard operating systems such as Unix or Microsoft Windows, NetDefendOS offers seamless
integration of all subsystems, in-depth administrative control of all functionality as well as a
minimal attack surface which helps negate the risk of being a target for security attacks.

From the administrator's perspective the conceptual approach of NetDefendOS is to visualize
operations through a set of logical building blocks or objects, which allow the configuration of the
product in an almost limitless number of different ways. This granular control allows the
administrator to meet the requirements of the most demanding network security scenario.

NetDefendOS is an extensive and feature-rich network operating system. The list below presents the
most essential features:

IP Routing

NetDefendOS provides a variety of options for IP routing
including static routing, dynamic routing, as well as multicast
routing capabilities. In addition, NetDefendOS supports
features such as Virtual LANs, Route Monitoring, Proxy ARP
and

Transparency.

For

more

information,

please

see

Chapter 4, Routing.

Address Translation

For functionality as well as security reasons, NetDefendOS
supports policy-based address translation. Dynamic Address
Translation (NAT) as well as Static Address Translation
(SAT) is supported, and resolves most types of address
translation needs. This feature is covered in Chapter 7,
Address Translation.

Firewalling

At the heart of the product, NetDefendOS features stateful
inspection-based firewalling for common protocols such as
TCP, UDP and ICMP. As an administrator, you have the
possibility to define detailed firewalling policies based on
source and destination network and interface, protocol, ports,
user credentials, time-of-day and much more. Section 3.5,
“The IP Rule Set”, describes how to use the firewalling
aspects of NetDefendOS.

Intrusion Detection and
Prevention

To mitigate application-layer attacks towards vulnerabilities
in services and applications, NetDefendOS provides a
powerful Intrusion Detection and Prevention (IDP) engine.
The IDP engine is policy-based and is able to perform
high-performance scanning and detection of attacks and can
perform blocking and optional black-listing of attacking

14