OfficeServ 7100 System Description
© SAMSUNG Electronics Co., Ltd.
4-7
4.3.3 Security
NAT/PT (In/Out/Exclusive/Redirect)
The security function supports the conversion function between the private IP address and
public IP address in the network where security is required.
The Inbound, Outbound, Exclusive, and Redirect functions are supported.
In bound: This function performs the forwarding process for the packet coming from
the WAN to the IP and port of the LAN specified in the NAT/PT conversion table.
Outbound: This function converts the IP address of the transmitter into the global IP
address according to the NAT/PT conversion table for transmitting the packet from the
LAN to the WAN.
Exclusive: This function is used for the IP address that is not applied by the
NAT/PT conversion.
Redirect: When the Domain Name Server (DNS) server IP in the data server
management sector is changed, each IP terminal uses the pre-DNS IP and the this
function changes the DNS IP by registering the post-DNS IP into the Redirect table
Firewall
Access filtering
This function prevents the access to disallowed IP address to control the access for the
resource non-disclosed to the outside and to control the external resource for which the
membership in the LAN may access.
DMZ function
This function is used for connecting the web server and mail server, which are
firewall-protected LAN networks but need to be freely accessed from the outside, to
the subnet separated from the LAN network where the firewall blocking is not applied.
In this way, the access from the outside can be more smoothly with the access control
service through the firewall.
Port Forwarding
This function is almost the same as the DMZ function but is used for connecting to
specific network without the separately divided DMZ port. This function is used for
the Extra network services as well as the DMZ function. The Extra network is
configured for the party out of the office to access Intranet in the office through
Internet. In this network, the user should take care of security on Intranet.
Intrusion Detection System (IDS)
This function monitors the packets on the network and detects the packets, which can
damage the network operation, making the network more stably operate.
The IDS is divided into various types from a detection type where a specific-type attack is
detected to the abnormal traffic detecting type, which are based on the Snort Rule
(www.snort.org) defining the intrusion pattern and types. The detected packets are sorted
and processed into Close connection/port or service disable/Alarm/log based on the
intrusion pattern and the level and processed. In the case of the alarm, the system will
notify to the system administrator immediately.