P a g e
|
23
UCM Security Manual
FIREWALL
The firewall functionality provided by UCM model consists of Static defense, Dynamic defense and Fail2ban.
User could manually configure each of the three options to block certain malicious attack.
Static Defense
It can be configured from Web UI
System Settings
Security Settings
Static Defense. One main purpose
of static defense is using pre-configured filtering rules. Three type of filtering rules are supported, ACCEPT,
REJECT, and DROP. UCM administrator can configure filtering rules based on source/destination IP
addresses and ports. For example, if a remote host allowed to connect to a certain service using port X is
known with IP x.x.x.x, the administrator can create an ACCEPT rule to allow traffic from IP x.x.x.x destined
to port X on UCM.
The options to configure static defense rule are as follows:
•
Rule Name: Created by user to identify this rule.
•
Action: Accept, Reject or Drop depending on how the user would like the rule to perform.
•
Type: In/out indicates the traffic direction.
•
Interface: Select network interface where the traffic will go through.
•
Service: Users can select the pre-defined service (FTP/SSH/Telnet/TFTP/HTTP/LDAP) or “Custom”
which allows a specific restriction. If “Custom” is selected, please define source and destination IP
a Port. Users need to select “Protocol” as TCP, UDP or Both.
In addition, Static Defense also provides three pre-configured defense mechanisms:
1. Ping Defense
Once enabled, ICMP response will not be allowed for Ping request. This is a predefined mechanism in
order to protect flooding Ping attack.
2. SYN-Flood Defense
Once enabled, UCM can response to the SYN flood denial-of-service (DOS) attack.
3. Ping-of-Death defense
Once enabled, UCM can response to the Ping packet that is greater than 65,536 bytes.
