Lancom-systems LCOS 3.50 Manuel d'utilisateur Page 165
- Page / 346
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
165
Firewall
8.5.2 Configuration of DoS blocking
LANconfig
Parameters against DoS attacks are set in the LANconfig in the configuration
tool 'Firewall/QoS' on the register card 'DoS':
In order to drastically reduce the susceptibility of the network for DoS
attacks in advance, packets from distant networks may be only
accepted, if either a connection has been initiated from the internal
network, or the incoming packets have been accepted by an explicit
filter entry (source: distant network, destination: local area network).
This measure already blocks a multitude of attacks.
For all permitted accesses explicitly connection state, source addresses and
correctness of fragments are tracked in a LANCOM. This happens for incoming
and for outgoing packets, since an attack could be started also from within
the local area network.
This part is configured centrally in order not to open a gate for DoS attacks by
incorrect configuration of the Firewall. Apart from specifying the maximum
number of half-open connections, fragment action and possible notification
mechanisms, also these more extensive possibilities of reaction exist:
- Reference Manual 1
- LANCOM LCOS 3.50 1
- Contents 3
- 1Preface 10
- 2 System design 13
- System design 14
- Configuration and manage 15
- 3.2 Configuration software 16
- LANCAPI 21
- 3.5.1 How to start a trace 26
- 3.5.2 Overview of the keys 27
- 3.5.4 Combination commands 28
- 3.5.5 Examples 29
- 3.8 Command line interface 32
- 3.8.1 Command line reference 33
- 3.9 Scheduled Events 34
- 4 Management 37
- 4.1.1 Application examples 38
- Management 39
- 4.1.2 Configuration 42
- 5 Diagnosis 46
- Diagnosis 47
- 5.2.1 How to start a trace 48
- 5.2.2 Overview of the keys 49
- 5.2.4 Combination commands 50
- 5.2.5 Examples 51
- 6 Security 52
- Security 53
- 6.1.2 Login barring 54
- 6.2.1 Identification control 58
- 6.2.2 Callback 60
- 6.3 The security checklist 61
- 7 Routing and WAN connections 64
- 7.2 IP routing 66
- 7.2.2 Local routing 68
- Configuration tool Menu/table 72
- 7.2.4 SYN/ACK speedup 73
- 7.3.1 Simple masquerading 74
- Source IP Port 75
- 7.3.2 Inverse masquerading 78
- 7.4 N:N mapping 80
- 7.4.1 Application examples 81
- 7.4.2 Configuration 85
- 7.5.1 Name list 89
- 7.5.2 Layer list 90
- Parameter Meaning 91
- 7.6.1 The protocol 92
- In this column of 97
- 7.8 Callback functions 98
- Routing and WAN 100
- With this 100
- 8Firewall 104
- 8.1.3 The methods 105
- 8.1.4 The victims 106
- 8.2 What is a Firewall? 107
- Firewall 108
- 8.3 The LANCOM Firewall 114
- 8.3.2 Special protocols 119
- Configuration tool Run 132
- Firewall wizard 141
- Condition Description Object 148
- Limit Description Object 148
- Measure Description Object 150
- 8.3.9 Firewall diagnosis 151
- Configuration tool 152
- Element Element meaning 153
- Entry Description 155
- Flag Flag meaning 158
- 8.3.10 Firewall limitations 159
- Detection 160
- 9 Quality of Service 168
- Quality of Service 169
- 9.3 The queue concept 172
- Packet size in bytes 180
- 1 64 128 256 512 1024 1500 180
- 9.7 QoS configuration 183
- Transfer External 188
- 10 Virtual LANs (VLANs) 192
- 10.2.1 Frame tagging 193
- Virtual LANs (VLANs) 194
- 10.2.3 Application examples 195
- 10.3 Configuration of VLANs 198
- 10.3.2 The port table 199
- 11 Wireless LAN – WLAN 203
- Wireless LAN – WLAN 204
- 11.2.1 Some basic concepts 214
- 11.2.2 WEP 215
- 11.2.3 WEPplus 219
- 11.2.4 EAP and 802.1x 220
- 11.2.5 TKIP and WPA 223
- 11.2.6 AES and 802.11i 230
- 11.2.7 Summary 231
- 11.4.1 WLAN security 234
- Configuration tool Menu/Table 235
- 11.4.2 General WLAN settings 243
- √ (λ * d) 257
- 11.5.2 Antenna power 258
- Maximum distance [km] 262
- Mbps P2P P2mP 262
- Assumed cable loss: 9 dB 263
- Antenna gain: 8.5 dBi 263
- Assumed cable loss: 6 dB 263
- Office communications with 265
- 12.3 How to use the LANCAPI 270
- 12.4 The LANCOM CAPI Faxmodem 270
- 13.1.1 The DHCP server 272
- Server services for the LAN 273
- 13.2 DNS 277
- 13.2.2 DNS forwarding 279
- Configuration tool Run/Table 280
- 13.2.4 URL blocking 283
- 13.2.5 Dynamic DNS 284
- 13.3 Call charge management 285
- 13.4 The SYSLOG module 287
- Source Meaning Facility 289
- /etc/syslog.conf 290
- /var/log/lancom.log 290
- 14.1 What does VPN offer? 291
- Virtual Private Networks— 292
- 14.2 LANCOM VPN: an overview 295
- 14.2.3 LANCOM VPN functions 297
- 14.3.1 LAN-LAN coupling 298
- 14.5.3 Inspect VPN rules 309
- 14.6.1 Static/static 323
- 14.6.2 Dynamic/static 323
- Branch_office 324
- 14.7 How does VPN work? 326
- 14.7.2 Alternatives to IPSec 328
- 14.8.5 Key management – IKE 335
- 16 Index 338
© 2020, manymanuals.fr. Tous droits réservés | 0.056 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels