Page 22

Chapter 2. Getting to Know the Internet Security Router

Internet Security Router User

’s Manual

Flooder

Port Scans

TCP XMAS Scan, TCP Null Scan

TCP SYN Scan, TCP Stealth Scan

TCP Attacks

TCP sequence number prediction, TCP

out-of sequence attacks

Protection with PF Rules

Echo-Chargen, Ascend Kill

Miscellaneous Attacks

IP Spoofing, LAND, Targa, Tentacle

MIME Flood, Winnuke, FTP Bounce, IP

unaligned time stamp attack

2.4.1.4

Application Command Filtering

The Internet Security Router Firewall allows network administrators to block, monitor, and report on network

users access to non-business and objectionable content. This high-performance content access control results

in increased productivity, lower bandwidth usage and reduced legal liability.

The Internet Security Router Firewall has the ability to handle active content filtering on certain application

protocols such as HTTP, FTP, SMTP and RPC.

„ HTTP – You can define HTTP extension based filtering schemes for blocking

„ ActiveX

„ Java Archive

„ Java Applets

„ Microsoft Archives

„ URLs based on file extensions.

„ FTP – allows you to define and enforce the file transfer policy for the site or group of users

„ SMTP – allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information

about the recipient.

„ RPC – allows you to filter programs based on the assigned RPC program numbers.

2.4.1.5

Application Level Gateway (ALG)

Applications such as FTP, games etc., open connections dynamically based on the respective application

parameter. To go through the firewall on the Internet Security Router, packets pertaining to an application,

require a corresponding allow rule. In the absence of such rules, the packets will be dropped by the Internet

Security Router Firewall. As it is not feasible to create policies for numerous applications dynamically (at the

same time without compromising security), intelligence in the form of Application Level Gateways (ALG), is

built to parse packets for applications and open dynamic associations. The Internet Security Router Firewall

provides a number of ALGs for popular applications such as FTP, H.323, RTSP, Microsoft Games, SIP, etc.

2.4.1.6

URL Filtering

A set of keywords that should not appear in the URL (Uniform Resource Locator, e.g. www.yahoo.com) can be

defined. Any URL containing one or more of these keywords will be blocked. This is a policy independent

feature i.e. it cannot be associated to ACL rules. This feature can be independently enabled or disabled, but

works only if firewall is enabled.

2.4.1.7

Log and Alerts

Events in the network, that could be attempts to affect its security, are recorded in the Internet Security Router

System log file. Event details are recorded in WELF (WebTrends Enhanced Log Format ) format so that

statistical tools can be used to generate custom reports. The Internet Security Router Firewall can also forward

Syslog information to a Syslog server on a private network.

The Internet Security Router Firewall supports: