DefensePro User Guide
Security Configuration
Document ID: RDWR-DP-V0602_UG1201
121
To include DoS Shield protection in the network-protection policy
1. In the Configuration perspective Network Protection tab navigation pane, select Network
Protection Rules.
2. In the Add New Network Protection Rule dialog box, from the Signature Protection Profile
drop-down list, select All-DoS-Shield.
For more information, see
Configuring the Network Protection Policy, page 145
.
Configuring Global Behavioral DoS Protection
Behavioral DoS (Behavioral Denial of Service) Protection, which you can use in your network-
protection policy, defends your network from zero-day network-flood attacks. These attacks fill
available network bandwidth with irrelevant traffic, denying use of network resources to legitimate
users. The attacks originate in the public network and threaten Internet-connected organizations.
The Behavioral DoS profiles detect traffic anomalies and prevent zero-day, unknown, flood attacks
by identifying the footprint of the anomalous traffic.
Network-flood protection types include:
•
TCP floods—which include TCP Fin + ACK Flood, TCP Reset Flood, TCP SYN + ACK Flood, and
TCP Fragmentation Flood
•
UDP flood
•
ICMP flood
•
IGMP flood
The main advantage of BDoS Protection is the ability to detect statistical traffic anomalies and
generate an accurate DoS-attack footprint based on a heuristic protocol information analysis. This
ensures accurate attack filtering with minimal risk of false positives. The default average time for a
new signature creation is between 10 and 18 seconds. This is a relatively short time, because flood
attacks can last for minutes and sometimes hours.
Table 55: DoS Shield Parameters
Parameter
Description
Enable DoS Shield
Specifies whether the DoS Shield feature is enabled.
Note:
If the protection is disabled, enable it before configuring the
protection profiles.
Sampling Time
How often, in seconds, DoS Shield compares the predefined thresholds
for each dormant attack to the current value of packet counters
matching the attack.
Default: 5
Note:
If the sampling time is very short, there are frequent
comparisons of counters to thresholds, so regular traffic bursts
might be considered attacks. If the sampling time is too long,
the DoS Shield mechanism cannot detect real attacks quickly
enough.
Packet Sampling Ratio
The packet-sampling frequency. For example, if the specified value is
5001, the DoS Shield mechanism checks 1 out of 5001 packets.
The default value depends on the device model. For x016 and x412
modules, the value is 5001.
Содержание DefensePro 6.02
Страница 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Страница 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Страница 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Страница 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Страница 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Страница 256: ...DefensePro User Guide Managing Device Operations and Maintenance 256 Document ID RDWR DP V0602_UG1201 ...
Страница 274: ...DefensePro User Guide Monitoring DefensePro Devices and Interfaces 274 Document ID RDWR DP V0602_UG1201 ...
Страница 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Страница 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Страница 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...