background image

5

Stateful Packet Inspection

The Wireless Cable Modem Gateway Family maintains

stateful information for every TCP/IP session at both the

network and transport layers. It monitors all incoming and

outgoing packets, applying policies to each one while

screening for improper packets and intrusion attempts. The

Motorola SBG1000 inspects and analyzes the state of each

traffic flow and offers programmable filters so authorized

users have the flexibility to optionally enforce specific rules

for port usage, blocking specific domains or implementing

customized security levels. The firewall within the SBG1000

Wireless Cable Modem Gateway analyzes the relationships

of the newly created session so new protocols can be

added to the firewall configuration. This allows maximum

flexibility for supporting additional protocols and new

services while maintaining a secure LAN connected to 

the Internet.

The Motorola SBG1000 Wireless Cable Modem 

Gateway comes pre-configured but users can also

customize stateful packet inspection to address the

following parameters:

• IP address and port numbers

• Packet count and byte count

• Sequence and acknowledgement number

• Time stamps

• Payload modification history

• Dynamic association

• Other identifying information requested 

by the LAN administrator

Intrusion Detection

Attempts to infiltrate the LAN are monitored and repelled

by the Motorola SBG1000, which includes extensive

intrusion detection features to prevent unauthorized access.

If the system suspects that an external party has attempted

to crash through the firewall, it will attempt to identify the

IP address of the potential culprit, prevent access, log the

event and automatically generate an e-mail to the LAN

administrator with information about the intrusion event.

This information can even be shared with the cable

operator to help identify hackers and filter them off 

the cable access network. 

White Paper

The firewall within the SBG1000 

Wireless Cable Modem Gateway 

analyzes the relationships 

of the newly created session 

so new protocols

can be added to the firewall configuration.

Summary of Contents for SURFBOARD SBG1000

Page 1: ...nt unauthorized access to or from a private network and also warns that PCs without firewalls can be accessed through their Internet connection Without firewall protection users can lose valuable personal or corporate information and they risk permanent damage to PCs and peripherals Multi PC households small businesses and corporate telecommuters can all benefit from easy to use firewalls that all...

Page 2: ...y LANSecurity with the Motorola Wireless Cable Modem Gateway Family The Motorola Wireless Cable Modem Gateway Family allows cable subscribers to easily secure LAN resources The SBG1000 includes a robust flexible and easy to use integrated firewall This Data Over Cable Service Interface Specification DOCSIS cable modem provides unprecedented functionality in a single platform Subscribers can deploy...

Page 3: ...reate secure tunneled connections to corporate resources For more information please download the VPN whitepaper available at http www motorola com broadband whitepapers html 3 WhitePaper SURFboard HIGH SPEED CABLE MODEM Wireless ACCESS POINT Firewall ADVANCED SECURITY Print Server WINDOWS MAC LINUX Router 5 PORT 10 100 SWITCH Printer Laptops PDAs Desktop Computers Firewall High Speed Internet Acc...

Page 4: ... local to global IP address mapping The use of NAT allows increased security since different levels of security can be defined for each IP address on the LAN Private IP addresses within the LAN are hidden from the public Internet because external users only see the IP address of the SBG1000 The Motorola SBG1000 Wireless Cable Modem Gateway s implementation of NAT supports multi session IPSec VPN p...

Page 5: ...ateway comes pre configured but users can also customize stateful packet inspection to address the following parameters IP address and port numbers Packet count and byte count Sequence and acknowledgement number Time stamps Payload modification history Dynamic association Other identifying information requested by the LAN administrator Intrusion Detection Attempts to infiltrate the LAN are monitor...

Page 6: ...e will be innumerable ping replies that flood the LAN so it can no longer receive or distinguish valid Internet traffic The Motorola Wireless Cable Modem Gateway Family comes pre configured with extensive features for preventing DoS attacks Stateful packet inspection features monitor traffic flows in real time for both LAN sessions and Internet access sessions The SBG1000 Wireless Cable Modem Gate...

Page 7: ...ay allows secure LAN connections to shared broadband networks It is a complete out of the box firewall solution that combines vigorous security with compact full featured wired and wireless networking This plug n play solution comes with default settings including a firewall that addresses the needs of most users but can be easily configured and customized to support even more rigorous levels of s...

Page 8: ...es are the property of their respective owners Motorola Inc 2002 Specifications subject to change 5419 402 5K Residential users SOHO customers and SME businesses alike can deploy secure wireless and wired LANs while managing the safety of computing resources and the privacy of personal and business information Integrated firewall capabilities allow users to secure LANs while gaining the peace of m...

Reviews: