}
Enable Port Scanning Prevention:
If selected, the Device will be effectively
protected against port scanning attack. After you enable this feature, if a LAN
host continuously sends the SYN packets to different ports on a remote host, and
the number of ports exceeds 10 at the specified time interval (set by the
Threshold)
, the Device will consider that the LAN host is performing port
scanning attack, and then randomly discard the further SYN packets from it to
that destination host. In most cases, leave the
Threshold
the default value.
9.1.1.2 External Attack Prevention
In this page you can enable or disable WAN ping respond. As ping is often used by
malicious Internet users to locate active networks or hosts, in most cases, it is
recommended that you disable WAN ping respond for added security. Only in some
special cases, such as network debugging, you need enable this feature.
Figure 9-2 External Attack Defense Settings
Block WAN Ping:
It allows you to enable or disable WAN ping respond. If you
select the check box to block WAN ping respond, all the Device
’s WAN interfaces
will not respond to ping requests from the outside hosts.
9.2
Access Control
The development of Internet has brought some
side effects, such as the emergence of gambling, pornography, and other illegal
websites which are contrary to the state laws and regulations; broadband network
provide fast surfing to the Internet users, while fast spreading worms cause great
threat to the Internet users. So if an organization wants to access the Internet, it needs
specific Internet access rules. Such as, a government organization wants to block the
civil servants from accessing stock websites, using IM messenger applications; a
business wants to block the employees from accessing game websites and other
services which are unrelated to work during working time; parents want to control their
children
’s online time; an network administrator wants to block the worms and hacker
attacks.
To achieve these purposes, we develop and implement access control feature on the
Device. By utilizing access control feature flexibly, you can not only assign different
Internet access privileges to different LAN users, but also assign different Internet
access privileges to the same users based on schedules. In practice, you can set
appropriate access control rules according to the actual requirements of your
organization. Such as, for a school, you can block the students to access game
websites; for a family, you can only allow your children to access the Internet during
the specified period of time; for a business, you can block the Financial Department
’s
employees from accessing the Internet.
