D-Link DFL-1100 Product Manual - Page 36

Intrusion Detection / Prevention, Traffic Shaping, Policy Routing

Get D-Link DFL-1100 - Security Appliance PDF manuals and user guides
UPC - 790069270239
View all D-Link DFL-1100 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 36 highlights

Intrusion Detection / Prevention The DFL-1100 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion detection and prevention sensor that identifies and takes action against a wide variety of suspicious network activity. The IDS uses intrusion signatures, stored in the attack database, to identify the most common attacks. In response to an attack, the IDS will protect the networks behind the DFL-1100 by dropping the traffic. To notify responsible parties of the malicious attack, the IDS will send e-mails to the system administrators if e-mail alerting is enabled and configured. D-Link updates the attack database periodically. There are two modes that can be configured, either Inspection Only or Prevention. Inspection Only will only inspect the traffic, and if the DFL-1100 detects anything it will log, e-mail an alert (if configured), and pass on the traffic. If Prevention is used the traffic will be dropped and logged and if configured, an e-mail alert will be sent. Traffic Shaping The simplest way to obtain quality of service in a network, seen from a security as well as a functionality perspective, is to have the components in the network, not the applications, be responsible for network traffic control in well-defined choke points. Traffic shaping works by measuring and queuing IP packets, in transit, with respect to a number of configurable parameters. Differentiated rate limits and traffic guarantees based on source, destination and protocol parameters can be created; much the same way firewall policies are implemented. There are three different priorities when configuring the traffic shaping, Normal, High and Critical. Limit works by limiting the inbound and outbound traffic to the specified speed. This is the maximum bandwidth that can be used by traffic using this policy. Note however that if you have other policies using limit; which in total is more then your total internet connection and have configured the traffic limits on the WAN interface this limit is sometimes lowered to allow traffic with higher priorities to have precedence. By using Guarantee, you can traffic using a policy a minimum bandwidth, this will only work if the traffic limits for the WAN interface are configured correctly. Policy Routing Normal routing can be said to be a simple form of policy based routing; the "policy" is the routing table, and the only data that can be filtered on is the destination IP address of the packet. What is commonly referred to as policy based routing, is, simply put, an extension of what fields of the packet we look at to determine the routing decision. In the DFL-1100, each rule in the firewall policy can specify its own routing decision; in essence, we route according to the source and destination IP addresses and ports. Policy based routing can for example be used to route certain protocols through transparent proxies such as web caches and anti-virus scanners, without adding another point of failure for the network as a whole. It's very important to know that the proxy must support this also for it to work. 36

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
36
Intrusion Detection / Prevention
The DFL-1100 Intrusion Detection/Prevention System (IDS/IDP) is a real-time intrusion
detection and prevention sensor that identifies and takes action against a wide variety of
suspicious network activity. The IDS uses intrusion signatures, stored in the attack database,
to identify the most common attacks. In response to an attack, the IDS will protect the
networks behind the DFL-1100 by dropping the traffic. To notify responsible parties of the
malicious attack, the IDS will send e-mails to the system administrators if e-mail alerting is
enabled and configured. D-Link updates the attack database periodically. There are two
modes that can be configured, either
Inspection Only
or
Prevention
. Inspection Only will
only inspect the traffic, and if the DFL-1100 detects anything it will log, e-mail an alert (if
configured), and pass on the traffic. If Prevention is used the traffic will be dropped and
logged and if configured, an e-mail alert will be sent.
Traffic Shaping
The simplest way to obtain quality of service in a network, seen from a security as well as
a functionality perspective, is to have the components in the network, not the applications, be
responsible for network traffic control in well-defined choke points.
Traffic shaping works by measuring and queuing IP packets, in transit, with respect to a
number of configurable parameters. Differentiated rate limits and traffic guarantees based on
source, destination and protocol parameters can be created; much the same way firewall
policies are implemented.
There are three different priorities when configuring the traffic shaping,
Normal
,
High
and
Critical
.
Limit
works by limiting the inbound and outbound traffic to the specified speed. This is the
maximum bandwidth that can be used by traffic using this policy. Note however that if you
have other policies using limit; which in total is more then your total internet connection and
have configured the traffic limits on the WAN interface this limit is sometimes lowered to allow
traffic with higher priorities to have precedence.
By using
Guarantee
, you can traffic using a policy a minimum bandwidth, this will only
work if the traffic limits for the WAN interface are configured correctly.
Policy Routing
Normal routing can be said to be a simple form of policy based routing; the "policy" is the
routing table, and the only data that can be filtered on is the destination IP address of the
packet. What is commonly referred to as policy based routing, is, simply put, an extension of
what fields of the packet we look at to determine the routing decision. In the DFL-1100, each
rule in the firewall policy can specify its own routing decision; in essence, we route according
to the source and destination IP addresses
and
ports.
Policy based routing can for example be used to route certain protocols through
transparent proxies such as web caches and anti-virus scanners, without adding another point
of failure for the network as a whole. It’s very important to know that the proxy must support
this also for it to work.