•
A. Infected clients that need to be blocked.
•
B. Infected servers that need to be blocked.
A. Blocking infected clients.
The administrator configures the network range to include the local hosts of the network. If a
local client tries to upload a virus infected file to an FTP server, NetDefendOS notices that the
client belongs to the local network and will therefore upload blocking instructions to the local
switches. The host will be blocked from accessing the local network and can no longer do any
harm.
Note: ZoneDefense will not block infected servers
If a client downloads an infected file from a remote FTP server on the Internet, the server
will not be blocked by ZoneDefense since it is outside of the configured network range.
The virus is, however, still blocked by the NetDefend Firewall.
B. Blocking infected servers.
Depending on the company policy, an administrator might want to take an infected FTP server
off-line to prevent local hosts and servers from being infected. In this scenario, the administrator
configures the address of the server to be within the range of the network to block. When a client
downloads an infected file, the server is isolated from the network.
The steps to setting up ZoneDefense with the FTP ALG are:
•
Configure the ZoneDefense switches to be used with ZoneDefense in the ZoneDefense
section of the Web Interface.
•
Set up the FTP ALG to use Anti-Virus scanning in enabled mode.
•
Choose the ZoneDefense network in the Anti-Virus configuration of the ALG that is to be
affected by ZoneDefense when a virus is detected.
For more information about this topic refer to
Example 6.3. Protecting an FTP Server with an ALG
An FTP Server is connected to a NetDefend Firewall on a DMZ and has a private IPv4, as
illustrated below. This example shows how to protect the server using an FTP ALG object.
Chapter 6: Security Mechanisms
440
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...