Chapter 6: security mechanisms, Access rules, Overview – Amer Networks E5Web GUI User Manual

Chapter 6: Security Mechanisms

This chapter describes cOS Core security features.

• Access Rules, page 380

• ALGs, page 384

• Web Content Filtering, page 443

• Anti-Virus Scanning, page 462

• Intrusion Detection and Prevention, page 469

• Denial-of-Service Attacks, page 481

• Blacklisting Hosts and Networks, page 486

6.1. Access Rules

6.1.1. Overview

One of the principal functions of cOS Core is to allow only authorized connections access to
protected data resources. Access control is primarily addressed by the cOS Core IP rule set in
which a range of protected LAN addresses are treated as trusted hosts, and traffic flow from
untrusted sources is restricted from entering trusted areas.

Before a new connection is checked against the IP rule set, cOS Core checks the connection
source against a set of Access Rules. Access Rules can be used to specify what traffic source is
expected on a given interface and also to automatically drop traffic originating from specific
sources. AccessRules provide an efficient and targeted initial filter of new connection attempts.

The Default Access Rule

Even if the administrator does not explicitly specify any custom Access Rules, an access rule is
always in place which is known as the Default Access Rule.

This default rule is not really a true rule but operates by checking the validity of incoming traffic
by performing a reverse lookup in the cOS Core routing tables. This lookup validates that the
incoming traffic is coming from a source that the routing tables indicate is accessible via the
interface on which the traffic arrived. If this reverse lookup fails then the connection is dropped

380