3 data security – AudioCodes MEDIAPACK VERSION 6.2 User Manual
Page 132
SIP Release Notes
132
Document #: LTRT-26901
CPE SIP Products
2.4.3
Data Security
The device supports the following new data security features:
1.
Zero Configuration Firewall wizard with three security levels:
•
Minimum (Inbound and Outbound policies set to ‘Accept’)
•
Typical (Inbound policy set to ‘Reject’; Outbound Policy to ‘Accept’)
•
Maximum (only selected applications are allowed in Outbound policy)
2.
Access Control for pinpoint security policy.
3.
Extensive list of ALG-modules combined with SPI for error-free configuration and
maximum security.
4.
Port-forwarding and DMZ support for local applications and hosts.
5.
Website Restriction allows static URL-based blocking of public/extranet websites.
6.
Advanced Filtering allows full control on Inbound/Outbound Rules per interface/device.
7.
Site-to-Site VPN:
•
Supports two IPSec use-cases:
♦
Site-to-Site (Gateway-to-Gateway) VPN
♦
Teleworker (User-to-Gateway) VPN
•
Fully compliant with IPSec RFCs:
♦
RFC 2401 - Security Architecture for IP
♦
RFC 2402 - IP Authentication Header
♦
RFC 2406 – ESP
♦
RFC 2403 and RFC 2404 for Authentication
8.
PPTP/L2TP Client-Server VPN:
•
Supports two VPN use-cases:
♦
Server support for remote Teleworker VPN access
♦
Client-to-Gateway support with PPTP/L2TP
•
Point-to-Point Tunneling Protocol - RFC 2637
•
Layer Two Tunneling Protocol - RFC 2661 (with L2TP/IPSec)
•
Support all WiN OS versions as well as Linux
9.
DoS and IDS/IPS:
•
Denial of Service (DoS) protection: TCP RST, Ping Flood, ICMP Echo storm,
UDP snork attack, ICMP Smurf, UDP fraggle and more
•
IP spoofing attacks: FTP bounce, Broadcast/multicast source IP attack
•
Intrusion and scanning attacks:
♦
IP source route, ICMP Echo reply without request, ICMP Ping sweep, TCP
Stealth
♦
Scan (FIN, XMAS, NULL), UDP port, FTP passive attack, loopback/Echo
chargen, Block security hazard ICMP messages
•
IP fragment overlap, Ping of Death, Fragmentation attacks and more