local network. While the virus scanning firewall takes care of blocking inbound infected files from
reaching the local network, ZoneDefense can be used for stopping viruses to spread from an
already infected local host to other local hosts. When the NetDefendOS virus scanning engine
has detected a virus, the NetDefend Firewall will upload blocking instructions to the local
switches and instruct them to block all traffic from the infected host or server.
Since ZoneDefense blocking state in the switches is a limited resource, the administrator has the
possibility to configure which hosts and servers that should be blocked at the switches when a
virus has been detected.
For example: A local client downloads an infected file from a remote FTP server over the Internet.
NetDefendOS detects this and stops the file transfer. At this point, NetDefendOS has blocked the
infected file from reaching the internal network. Hence, there would be no use in blocking the
remote FTP server at the local switches since NetDefendOS has already stopped the virus.
Blocking the server's IP address would only consume blocking entries in the switches.
For NetDefendOS to know which hosts and servers to block, the administrator has the ability to
specify a network range that should be affected by a ZoneDefense block. All hosts and servers
that are within this range will be blocked.
The feature is controlled through the anti-virus configuration in the ALGs. Depending on the
protocol used, there exist different scenarios of how the feature can be used.
For more information about this topic refer to
6.5.3. Anti-Virus Options
When configuring anti-virus scanning in an ALG, the following parameters can be set:
General options
Mode
This must be one of:
i.
Disabled - Anti-virus is switched off.
ii.
Audit - Scanning is active but logging is the only action.
iii.
Protect - Anti-virus is active. Suspect files are dropped and
logged.
Fail mode behavior
If a virus scan fails for any reason then the transfer can be dropped,
or allowed with the event being logged. If this option is set to
Allow
then a condition such as the virus database not being available or
the current subscription expiring will not cause files to be dropped.
Instead, they will be allowed through and a log message will be
generated to indicate a failure has occurred.
Scan Exclude Option
Certain filetypes may be explicitly excluded from virus-scanning if that is desirable. This can
increase overall throughput if an excluded filetype is a type which is commonly encountered in a
particular scenario, such as image files in HTTP downloads.
NetDefendOS performs MIME content checking on all the filetypes listed in
to establish the file's true filetype and then look for that filetype in the excluded
list. If the file's type cannot be established from its contents (and this may happen with filetypes
not specified in
Appendix C, Verified MIME filetypes
) then the filetype in the file's name is used
Chapter 6: Security Mechanisms
545
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...