D-Link DFL-860-AV-12 Product Manual - Page 331
Blacklisting Hosts and Networks, Overview, Blacklisting Options, Whitelisting
View all D-Link DFL-860-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 331 highlights
6.7. Blacklisting Hosts and Networks Chapter 6. Security Mechanisms 6.7. Blacklisting Hosts and Networks Overview NetDefendOS implements a Blacklist of host or network IP addresses which can be utilized to protect against traffic coming from specific Internet sources. Certain NetDefendOS subsystems have the ability to optionally blacklist a host or network when certain conditions are encountered. These subsystems are: • Intrusion Detection and Prevention (IDP). • Threshold Rules. (Available on certain NetDefend models only - see Section 10.3, "Threshold Rules" for details.) Blacklisting Options The automatic blacklisting of a host or network can be enabled in IDP and in threshold rules by specifying the Protect action for when a rule is triggered. Once enabled there are three blacklisting options: Time to Block Host/Network in seconds The host or network which is the source of the traffic will stay on the blacklist for the specified time and then be removed. If the same source triggers another entry to the blacklist then the blocking time is renewed to its original, full value (in other words, it is not cumulative). Block only this Service By default Blacklisting blocks all services for the triggering host. Exempt already established connections from Blacklisting If there are established connections that have the same source as this new Blacklist entry then they will not be dropped if this option is set. IP addresses or networks are added to the list then the traffic from these sources is then blocked for the period of time specified. Note: Restarts do not effect the blacklist The contents of the blacklist is not lost if the NetDefend Firewall shuts down and restarts. Whitelisting To ensure that Internet traffic coming from trusted sources, such as the management workstation, are not blacklisted under any circumstances, a Whitelist is also maintained by NetDefendOS. Any IP address object can be added to this whitelist Tip: Important IP addresses should be whitelisted It is recommended to add the NetDefend Firewall itself to the whitelist as well as the IP address or network of the management workstation since blacklisting of either could have serious consequences for network operations. It is also important to understand that although whitelisting prevents a particular source from being 331