Home > SMC Networks > Router > SMC Networks Router SMCWBR14-G2 User Manual

SMC Networks Router SMCWBR14-G2 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual SMC Networks Router SMCWBR14-G2 User Manual. The SMC Networks manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 81

    Page 81 SECURITY 4-35 Intrusion Detection The Barricade’s firewall inspects packets at the application layer, maintains TCP and UDP session information including timeouts and number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as Denial-of-Service (DoS) attacks. 
    SECURITY
4-35
Intrusion Detection
The Barricade’s firewall inspects packets at the application layer, maintains 
TCP and UDP session information including timeouts and number of 
active sessions, and provides the ability to detect and prevent certain types 
of network attacks such as Denial-of-Service (DoS) attacks.

    Page 82

    Page 82 CONFIGURING THE BAR RICADE 4-36 Network attacks that deny access to a network device are called DoS attacks. DoS attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The Barricade protects against DoS attacks including: Ping of Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP... 
    CONFIGURING THE BAR RICADE
4-36
Network attacks that deny access to a network device are called DoS 
attacks. DoS attacks are aimed at devices and networks with a connection 
to the Internet. Their goal is not to steal information, but to disable a 
device or network so users no longer have access to network resources.
The Barricade protects against DoS attacks including: Ping of Death (Ping 
flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), 
Brute-force attack, Land Attack, IP...

    Page 83

    Page 83 SECURITY 4-37 The table below lists the Intrusion Detection parameters and their descriptions. Parameter Defaults Description Intrusion Detection Feature SPI and Anti-DoS firewall protectionNo The Intrusion Detection feature of the Barricade limits the access of incoming traffic at the WAN port. When the Stateful Packet Inspection (SPI) feature is turned on, all incoming packets are blocked except those types marked with a check in the SPI section at the top of the screen. RIP Defect Disabled If... 
    SECURITY
4-37
The table below lists the Intrusion Detection parameters and their 
descriptions.
Parameter Defaults Description
Intrusion Detection 
Feature
SPI and Anti-DoS 
firewall protectionNo The Intrusion Detection feature of the Barricade 
limits the access of incoming traffic at the WAN 
port. When the Stateful Packet Inspection (SPI) 
feature is turned on, all incoming packets are 
blocked except those types marked with a check in 
the SPI section at the top of the screen. 
RIP Defect Disabled If...

    Page 84

    Page 84 CONFIGURING THE BAR RICADE 4-38 Stateful Packet InspectionEnabled This option allows you to select different application types that are using dynamic port numbers. If you wish to use Stateful Packet Inspection (SPI) for blocking packets, click on the Yes radio button in the “Enable SPI and Anti-DoS firewall protection” field and then check the inspection type that you need, such as Packet Fragmentation, TCP Connection, UDP Session, FTP Service and TFTP Service. It is called a “stateful” packet... 
    CONFIGURING THE BAR RICADE
4-38
Stateful Packet 
InspectionEnabled This option allows you to select different 
application types that are using dynamic port 
numbers. If you wish to use Stateful Packet 
Inspection (SPI) for blocking packets, click on the 
Yes radio button in the “Enable SPI and Anti-DoS 
firewall protection” field and then check the 
inspection type that you need, such as Packet 
Fragmentation, TCP Connection, UDP Session, 
FTP Service and TFTP Service.
It is called a “stateful” packet...

    Page 85

    Page 85 SECURITY 4-39 Password Enter your email account password. Connection Policy Fragmentation half-open wait10 secs Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the unassembled packet, freeing that structure for use by another packet. TCP SYN wait 30 secs Defines how long the software will wait for a TCP session to reach an established state before dropping the session. TCP FIN wait 5 secs Specifies how long a TCP... 
    SECURITY
4-39
Password Enter your email account password.
Connection Policy
Fragmentation 
half-open wait10 secs Configures the number of seconds that a packet 
state structure remains active. When the timeout 
value expires, the router drops the unassembled 
packet, freeing that structure for use by another 
packet. 
TCP SYN wait 30 secs Defines how long the software will wait for a TCP 
session to reach an established state before 
dropping the session. 
TCP FIN wait 5 secs Specifies how long a TCP...

    Page 86

    Page 86 CONFIGURING THE BAR RICADE 4-40 Note:We do not recommend modifying the default parameters shown above. Click Save Settings to proceed, or Cancel to change your settings. Incomplete TCP/UDP sessions detect sensitive time period300 msecs Length of time before an incomplete TCP/UDP session is detected as incomplete. Maximum half-open fragmentation packet number from same host30 sessionsMaximum number of half-open fragmentation packets from the same host. Half-open fragmentation detect... 
    CONFIGURING THE BAR RICADE
4-40
Note:We do not recommend modifying the default parameters shown 
above.
Click Save Settings to proceed, or Cancel to change your settings.
Incomplete 
TCP/UDP 
sessions detect 
sensitive time 
period300 msecs Length of time before an incomplete TCP/UDP 
session is detected as incomplete.
Maximum 
half-open 
fragmentation 
packet 
number from 
same host30 
sessionsMaximum number of half-open fragmentation 
packets from the same host.
Half-open 
fragmentation 
detect...

    Page 87

    Page 87 SECURITY 4-41 DMZ If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. Enter the IP address of a DMZ (Demilitarized Zone) host on this screen. Adding a client to the DMZ may expose your local network to a variety of security risks, so only use this option as a last resort. 
    SECURITY
4-41
DMZ
If you have a client PC that cannot run an Internet application properly 
from behind the firewall, you can open the client up to unrestricted 
two-way Internet access. Enter the IP address of a DMZ (Demilitarized 
Zone) host on this screen. Adding a client to the DMZ may expose 
your local network to a variety of security risks, so only use this option 
as a last resort.

    Page 88

    Page 88 CONFIGURING THE BAR RICADE 4-42 Wireless The Barricade can be quickly configured for roaming clients by setting the Service Set Identifier (SSID) and channel number. It supports data encryption and client filtering. To use the wireless feature, check the Enable check box and click Save Settings. To begin configuring your wireless security settings, click Wireless Encryption. 
    CONFIGURING THE BAR RICADE
4-42
Wireless
The Barricade can be quickly configured for roaming clients by setting the 
Service Set Identifier (SSID) and channel number. It supports data 
encryption and client filtering.
To use the wireless feature, check the Enable check box and click Save 
Settings.
To begin configuring your wireless security settings, click Wireless 
Encryption.

    Page 89

    Page 89 SECURITY 4-43 Wireless Encryption The Barricade can transmit your data securely over a wireless network. Matching security mechanisms must be set up on your Barricade and your wireless client devices. Select the most suitable security mechanism from the drop-down list on this screen. Click Save Settings to proceed, or Cancel to change your settings. Parameter Description No WEP, No WPA/WPA2 Disables all wireless security. To make it easier to set up your wireless network, we recommend enabling this... 
    SECURITY
4-43
Wireless Encryption
The Barricade can transmit your data securely over a wireless network. 
Matching security mechanisms must be set up on your Barricade and your 
wireless client devices. Select the most suitable security mechanism from 
the drop-down list on this screen.
Click Save Settings to proceed, or Cancel to change your settings.
Parameter Description
No WEP, No WPA/WPA2 Disables all wireless security. To make it easier to 
set up your wireless network, we recommend 
enabling this...

    Page 90

    Page 90 CONFIGURING THE BAR RICADE 4-44 Access Control For a more secure wireless network you can specify that only certain wireless clients can connect to the Barricade. Up to 32 MAC addresses can be added to the MAC Filtering Table. When enabled, all registered MAC addresses are controlled by the Access Rule. By default, this MAC filtering feature is disabled. 
    CONFIGURING THE BAR RICADE
4-44
Access Control
For a more secure wireless network you can specify that only certain 
wireless clients can connect to the Barricade. Up to 32 MAC addresses can 
be added to the MAC Filtering Table. When enabled, all registered MAC 
addresses are controlled by the Access Rule.
By default, this MAC filtering feature is disabled.
    Start reading SMC Networks Router SMCWBR14-G2 User Manual

    Related Manuals for SMC Networks Router SMCWBR14-G2 User Manual

    All SMC Networks manuals