Home > SMC Networks > Router > SMC Networks Router SMCWBR14-G2 User Manual

SMC Networks Router SMCWBR14-G2 User Manual

    Download as PDF Print this page Share this page

    Have a look at the manual SMC Networks Router SMCWBR14-G2 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 10 SMC Networks manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							SECURITY
    4-35
    Intrusion Detection
    The Barricade’s firewall inspects packets at the application layer, maintains 
    TCP and UDP session information including timeouts and number of 
    active sessions, and provides the ability to detect and prevent certain types 
    of network attacks such as Denial-of-Service (DoS) attacks.
       
    						
    							CONFIGURING THE BAR RICADE
    4-36
    Network attacks that deny access to a network device are called DoS 
    attacks. DoS attacks are aimed at devices and networks with a connection 
    to the Internet. Their goal is not to steal information, but to disable a 
    device or network so users no longer have access to network resources.
    The Barricade protects against DoS attacks including: Ping of Death (Ping 
    flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), 
    Brute-force attack, Land Attack, IP Spoofing attack, IP with zero length, 
    TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack.
    Note:The firewall does not significantly affect system performance, so 
    we advise enabling the prevention features to protect your 
    network. 
    						
    							SECURITY
    4-37
    The table below lists the Intrusion Detection parameters and their 
    descriptions.
    Parameter Defaults Description
    Intrusion Detection 
    Feature
    SPI and Anti-DoS 
    firewall protectionNo The Intrusion Detection feature of the Barricade 
    limits the access of incoming traffic at the WAN 
    port. When the Stateful Packet Inspection (SPI) 
    feature is turned on, all incoming packets are 
    blocked except those types marked with a check in 
    the SPI section at the top of the screen. 
    RIP Defect Disabled If the router does not reply to an IPX RIP request 
    packet, it will stay in the input queue and not be 
    released. Accumulated packets could cause the 
    input queue to fill, causing severe problems for all 
    protocols. Enabling this feature prevents the 
    packets accumulating. 
    Discard Ping to 
    WANDon’t 
    discardPrevents a ping on the router’s WAN port from 
    being routed to the network. 
    						
    							CONFIGURING THE BAR RICADE
    4-38
    Stateful Packet 
    InspectionEnabled This option allows you to select different 
    application types that are using dynamic port 
    numbers. If you wish to use Stateful Packet 
    Inspection (SPI) for blocking packets, click on the 
    Yes radio button in the “Enable SPI and Anti-DoS 
    firewall protection” field and then check the 
    inspection type that you need, such as Packet 
    Fragmentation, TCP Connection, UDP Session, 
    FTP Service and TFTP Service.
    It is called a “stateful” packet inspection because it 
    examines the contents of the packet to determine 
    the state of the communication; i.e., it ensures that 
    the stated destination computer has previously 
    requested the current communication. This is a 
    way of ensuring that all communications are 
    initiated by the recipient computer and are taking 
    place only with sources that are known and trusted 
    from previous interactions. In addition to being 
    more rigorous in their inspection of packets, 
    stateful inspection firewalls also close off ports 
    until a connection to the specific port is requested.
    When particular types of traffic are checked, only 
    the particular type of traffic initiated from the 
    internal LAN will be allowed. For example, if the 
    user only checks FTP Service in the Stateful Packet 
    Inspection section, all incoming traffic will be 
    blocked except for FTP connections initiated from 
    the local LAN.
    When hackers 
    attempt to enter 
    your network, 
    we can alert you 
    by email
    Your E-mail 
    AddressEnter your email address.
    SMTP Server 
    AddressEnter your SMTP server address (usually the part 
    of the email address following the “@” sign).
    POP3 Server 
    AddressEnter your POP3 server address (usually the part 
    of the email address following the “@” sign).
    User Name Enter your email account user name. Parameter Defaults Description 
    						
    							SECURITY
    4-39
    Password Enter your email account password.
    Connection Policy
    Fragmentation 
    half-open wait10 secs Configures the number of seconds that a packet 
    state structure remains active. When the timeout 
    value expires, the router drops the unassembled 
    packet, freeing that structure for use by another 
    packet. 
    TCP SYN wait 30 secs Defines how long the software will wait for a TCP 
    session to reach an established state before 
    dropping the session. 
    TCP FIN wait 5 secs Specifies how long a TCP session will be managed 
    after the firewall detects a FIN-exchange. 
    TCP connection 
    idle timeout3600 secs 
    (1 hour)The length of time for which a TCP session will be 
    managed if there is no activity. 
    UDP session idle 
    timeout30 secs The length of time for which a UDP session will 
    be managed if there is no activity.
    DoS Detect Criteria
    Total incomplete 
    TCP/UDP 
    sessions HIGH300 
    sessionsDefines the rate of new unestablished sessions that 
    will cause the software to start deleting half-open 
    sessions.
    Total incomplete 
    TCP/UDP 
    sessions LOW250 
    sessionsDefines the rate of new unestablished sessions that 
    will cause the software to stop deleting half-open 
    sessions.
    Incomplete 
    TCP/UDP 
    sessions (per min.) 
    HIGH250 
    sessionsMaximum number of allowed incomplete 
    TCP/UDP sessions per minute.
    Incomplete 
    TCP/UDP 
    sessions (per min.) 
    LOW200 
    sessionsMinimum number of allowed incomplete 
    TCP/UDP sessions per minute.
    Maximum 
    incomplete 
    TCP/UDP 
    sessions number 
    from same host10 
    sessionsMaximum number of incomplete TCP/UDP 
    sessions from the same host.  Parameter Defaults Description 
    						
    							CONFIGURING THE BAR RICADE
    4-40
    Note:We do not recommend modifying the default parameters shown 
    above.
    Click Save Settings to proceed, or Cancel to change your settings.
    Incomplete 
    TCP/UDP 
    sessions detect 
    sensitive time 
    period300 msecs Length of time before an incomplete TCP/UDP 
    session is detected as incomplete.
    Maximum 
    half-open 
    fragmentation 
    packet 
    number from 
    same host30 
    sessionsMaximum number of half-open fragmentation 
    packets from the same host.
    Half-open 
    fragmentation 
    detect sensitive 
    time period1 sec Length of time before a half-open fragmentation 
    session is detected as half-open.
    Flooding cracker 
    block time300 secs Length of time from detecting a flood attack to 
    blocking the attack. Parameter Defaults Description 
    						
    							SECURITY
    4-41
    DMZ
    If you have a client PC that cannot run an Internet application properly 
    from behind the firewall, you can open the client up to unrestricted 
    two-way Internet access. Enter the IP address of a DMZ (Demilitarized 
    Zone) host on this screen. Adding a client to the DMZ may expose 
    your local network to a variety of security risks, so only use this option 
    as a last resort. 
    						
    							CONFIGURING THE BAR RICADE
    4-42
    Wireless
    The Barricade can be quickly configured for roaming clients by setting the 
    Service Set Identifier (SSID) and channel number. It supports data 
    encryption and client filtering.
    To use the wireless feature, check the Enable check box and click Save 
    Settings.
    To begin configuring your wireless security settings, click Wireless 
    Encryption. 
    						
    							SECURITY
    4-43
    Wireless Encryption
    The Barricade can transmit your data securely over a wireless network. 
    Matching security mechanisms must be set up on your Barricade and your 
    wireless client devices. Select the most suitable security mechanism from 
    the drop-down list on this screen.
    Click Save Settings to proceed, or Cancel to change your settings.
    Parameter Description
    No WEP, No WPA/WPA2 Disables all wireless security. To make it easier to 
    set up your wireless network, we recommend 
    enabling this setting initially. By default, wireless 
    security is disabled.
    WEP Only Once you have your wireless network in place, the 
    minimum security we recommend is to enable the 
    legacy security standard, Wired Equivalent Privacy 
    (WEP). See “WEP” on page 4-45.
    WPA/WPA2 Only For maximum wireless security, you should enable 
    the WPA/WPA2 option. See “WPA/WPA2” on 
    page 4-47. 
    						
    							CONFIGURING THE BAR RICADE
    4-44
    Access Control
    For a more secure wireless network you can specify that only certain 
    wireless clients can connect to the Barricade. Up to 32 MAC addresses can 
    be added to the MAC Filtering Table. When enabled, all registered MAC 
    addresses are controlled by the Access Rule.
    By default, this MAC filtering feature is disabled. 
    						
    All SMC Networks manuals Comments (0)

    Related Manuals for SMC Networks Router SMCWBR14-G2 User Manual