D-Link DFL-800-AV-12 User Manual - Page 202
Blacklisting Hosts and Networks, Certain NetDefendOS modules
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 202 highlights
6.7. Blacklisting Hosts and Networks Chapter 6. Security Mechanisms 6.7. Blacklisting Hosts and Networks NetDefendOS implements a Blacklist of host or network IP addresses which can be utilized to protect against traffic coming from specific Internet sources. Certain NetDefendOS modules, specifically the Intrusion Detection and Prevention (IDP) module, as well as Threshold Rules, can make use of the Blacklist when certain conditions are encountered, such as traffic triggering a Threshold Limit rule. Adding a host or network to the Blacklist can be enabled in IDP and in Threshold Rules by specifying the Protect action for when a rule is triggered. Once enabled there are three Blacklisting options: Time to Block Host/Network in seconds Block only this Service Exempt already established connections from Blacklisting The host or network which is the source of the traffic will stay on the blacklist for the specified time and then be removed. If the same source triggers another entry to the blacklist then the blocking time is renewed to its original, full value (in other words, it is not cumulative). By default Blacklisting blocks all Services for the triggering host. If there are established connections that have the same source as this new Blacklist entry then they won't be dropped if this option is set. IP addresses or networks are added to the list and the traffic from these sources is then blocked for a period of time. The Blacklist is maintained even if the D-Link Firewall shuts down or reboots. Whitelisting To ensure that "good" Internet traffic sources are not blacklisted under any circumstances, a Whitelist is also maintained by NetDefendOS. Tip It is advisable to add the D-Link Firewall itself to the Whitelist as well as the IP addresses of the management workstation. It is important to understand that although whitelisting prevents a source of network traffic being blacklisted, it still doesn't mechanisms such as Threshold Rules from dropping or denying connections from that source. All whitelisting does is prevent a source being added to a blacklist if that is the action a rule has specified. For further details on usage see Section 6.5.7, "IDP Actions", Section 10.2.8, "Threshold Rule Blacklisting" and Section 10.2, "Threshold Rules". Note Content filtering blacklisting is a separate subject and uses a separate logical list (see Section 6.3, "Web Content Filtering"). 202