Page 106 / 270
Scroll up to view Page 101 - 105
Unified Services Router
User Manual
104
Figure 65: Two truste d domains adde d to the Approve d URLs List
5.9.3 Blocked Keywords
Advanced > Website Filter > Blocked Keywords
Keyword blocking allows you to block all website URL’s or site content that contains
the keywords in the configured list. This is lower priority than the Approved URL
List; i.e. if the blocked keyword is present in a site allowed by a Trusted Domain in
the Approved URL List, then access to that site will be allowed. Import/export from a
text or CSV file for keyword blocking is also supported.
Page 107 / 270
Unified Services Router
User Manual
105
Figure 66: One ke yword adde d to the block list
5.9.4
Export Web Filter
Advanced > Website Filter > Export
Export Approved URLs: Feature enables the user to export the URLs to be allowed to
a csv file which can then be downloaded to the local host. The user has to click the
export button to get the csv file.
Export Blocked Keywords: This feature enables the user to export the keywords to be
blocked to a csv file which can then be downloaded to the local host. The user has to
click the export button to get the csv file .
Page 108 / 270
Unified Services Router
User Manual
106
Figure 67: Export Approve d URL list
5.10 IP/MAC Binding
Advanced > IP/MAC Binding
Another available security measure is to only allow outbound traffic (from the LAN to
WAN) when the LAN node has an IP address matching the MAC address bound to it.
This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic’s
IP address with the unique MAC Address of the configured LAN node, the
administrator can ensure traffic from that IP address is not spoofed. In the event of a
violation (
i.e. the traffic’s source IP address doesn’t match up with the expected MAC
address having the same IP address) the packets will be dropped and can be logged for
diagnosis.
Page 109 / 270
Unified Services Router
User Manual
107
Figure 68: The following e xample binds a
LAN host’s
MAC Addre ss to an
IP addre ss se rve d by DSR. If the re is an IP/MAC Binding
violation, the violating packe t will be droppe d and logs will be
capture d
5.11 Intrusion Prevention (IPS)
Advanced > Advanced Network > IPS
The gateway’s Intrusion Prevention System (IPS)
prevents malicious attacks from the
internet from accessing the private network. Static attack signatures loaded to the
DSR allow common attacks to be detected and prevented. The checks can be enabled
between the WAN and DMZ or LAN, and a running counter w ill allow the
administrator to see how many malicious intrusion attempts from the WAN have been
detected and prevented.
DSR-150/150N does not support Intrusion Prevention System.
Page 110 / 270
Unified Services Router
User Manual
108
Figure 69: Intrusion Pre ve ntion fe ature s on the route r
5.12 Protecting from Internet Attacks
Advanced > Advanced Network > Attack Checks
Attacks can be malicious security breaches or unintentional network issues that
render the router unusable. Attack checks allow you to manage WAN security
threats such as continual ping requests and discovery via ARP scans. TCP and UDP
flood attack checks can be enabled to manage extreme usage of WAN resources.
Additionally certain Denial-of-Service (DoS) attacks can be blocked. These attacks,
if uninhibited, can use up processing power and bandwidth and prevent regular
network services from running normally. ICMP packet flooding, SYN traffic
flooding, and Echo storm thresholds can be configured to temporarily suspect traffic
from the offending source.
19216811.live