1. Home
    2. /
  2. Manuals
    3. /
  3. Nokia
    4. /
  4. IP45
    5. /
  5. 36
Page 176 / 342 Scroll up to view Page 171 - 175
8
Setting Up the Nokia IP45 Security Platform Security Policy
176
Nokia IP45 Security Platform User’s Guide v4.0
You can set the SynDefender by using the command-line interface. For more information about
SynDefender commands, see the
Nokia IP45 Security Platform CLI Reference Guide Version
4.0.
Port Scan
An attacker can perform a port scan to determine whether ports are open and vulnerable to an
attack. This is most commonly done by attempting to access a port and waiting for a response.
The response indicates whether or not the port is open.
Table 42
TCP - fields for SynDefender
Field
Action
Action
Choose the action to be taken when a packet is smaller than the
Minimal MTU Size threshold.
Options:
Block: blocks the packet
None: no action is required
Default value: None
Track
Specify whether to issue logs for packets that are smaller than the
Minimal MTU Size threshold.
Options:
Log: issues logs
None: does not issue logs
Default value: Log
Log Mode
When more than 5 incomplete TCP handshakes are detected
within 10 seconds, an attack is made. We can set the mode
whether to log per attack or for each unfinished handshake.
Options:
Log per attack: logs every attack
Log each unfinished handshakes: logs each unfinished
handshake
None:does not log
Maximum
Time for
Completing
the
Handshake
Allows to fine tune the amount of time (in seconds) after which a
TCP handshake is considered incomplete.
Protect
external
interfaces only
Specifies whether SynDefender should be enabled for all the
firewall interfaces, or for external (WAN) interfaces only.
Page 177 / 342
SmartDefense
Nokia IP45 Security Platform User’s Guide v4.0
177
This option includes the following types of port scans:
±
Host Port Scan
—the attacker scans ports of specific host to determine which of the ports
are open.
±
Sweep Scan
—the attacker scans various hosts to determine where a specific port is open.
The following table depicts the fields of Port Scan.
Table 43
Fields for Port Scan
Field
Action
Number of
ports
accessed
SmartDefense detects ports scans by measuring the number of
ports accessed over a period of time. The number of ports
accessed must exceed the Number of ports accessed value,
within the number of seconds specified by the In a period of
[seconds] value, in order for SmartDefense to consider the activity
a scan.
Type the minimum number of ports that must be accessed within
the In a period of [seconds] value, in order for SmartDefense to
consider the activity a scan.
For example, if this value is 30, and 40 ports are accessed within a
specified period of time. SmartDefense will detect the activity as a
port scan.
For Host Port Scan, the default value is 30. For Sweep Scan, the
default value is 50.
In a period of
[seconds]
SmartDefense detects ports scans by measuring the number of
ports accessed over a period of time. The number of ports
accessed must exceed the Number of ports accessed value,
within the number of seconds specified by the In a period of
[seconds] value, in order for SmartDefense to consider the activity
a scan.
Type the maximum number of seconds that can elapse, during
which the Number of ports accessed threshold is exceeded, in
order for SmartDefense to detect the activity as a port scan.
For example, if this value is 20, and the Number of ports accessed
threshold is exceeded for 15 seconds, SmartDefense will detect
the activity as a port scan. If the threshold is exceeded for 30
seconds, SmartDefense will not detect the activity as a port scan.
Default value: 20 seconds
Page 178 / 342
8
Setting Up the Nokia IP45 Security Platform Security Policy
178
Nokia IP45 Security Platform User’s Guide v4.0
FTP
This option allows you to configure various protections related to the FTP protocol.
It includes the following protections:
±
FTP Bounce
—when connecting to an FTP server, the client sends a PORT command
specifying the IP address and port to which the FTP server should connect and send data. An
FTP Bounce attack is when an attacker sends a PORT command specifying the IP address of
a third party instead of attacker’s own IP address. The FTP server then sends the data to the
victim machine.
Note
To select values for FTP Bounce, expand the FTP, click FTP Bounce and select the values
from the drop-down list by using the information provided in
Table 44
.
Track
Specify whether to issue logs for scans.
Log: issues logs
None: does not issue logs
Default value: Log
Detect scans
from Internet
only
Specify whether to detect scans originating only from Internet.
True: detects only scans from the Internet
False: does not detect only scans from the Internet
Table 43
Fields for Port Scan
Field
Action
Table 44
Fields for FTP Bounce
Field
Action
Action
Choose the action to be taken against the FTP Bounce attacks.
Options:
Block: blocks the attack
None: no action is required
Default value: Block
Track
Specify whether to log the FTP Bounce attacks.
Options:
Log: logs the attack
None: does not log the attack
Default value: Log
Page 179 / 342
SmartDefense
Nokia IP45 Security Platform User’s Guide v4.0
179
±
Block Known Ports
—you can choose to block the FTP server from connecting to well-
known ports. This provides a second layer of protection against FTP bounce attacks, by
preventing such attacks from reaching well-known ports.
Note
To select values for Block Known Ports, expand the FTP, click Block Known Ports and select
the values from the drop-down list by using the information provided in
Table 45
.
±
Block Port Overflow
—FTP clients send PORT commands when connecting to the FTP
server. A PORT command consists of a series of numbers between 0 and 255, separated by
commas. To enforce compliance to the FTP standard and prevent potential attacks against
the FTP server, you can block PORT commands that contain a number greater than 255.
Note
To select values for Block Port Overflow, expand the FTP tree, click Block Port Overflow and
select the values from the drop-down list by using the information provided in
Table 46
.
±
Blocked FTP Commands
—some seldom-used FTP commands may compromise FTP
server security and integrity. You can specify which FTP commands should be allowed to
pass through the security server, and which should be blocked.
Table 45
Fields for Block Known Ports
Field
Action
Action
Choose the action to be taken when the FTP server attempts to
connect to a well-known port.
Options:
Block: blocks the connection
None: no action is required
Default value: None
Table 46
Fields for Block Port Overflow
Field
Action
Action
Choose the action to be taken against the PORT commands
containing a number greater than 255.
Options:
Block: blocks the PORT command
None: no action is required
Default value: Block
Page 180 / 342
8
Setting Up the Nokia IP45 Security Platform Security Policy
180
Nokia IP45 Security Platform User’s Guide v4.0
To manage FTP commands
1.
Choose Security > SmartDefense > FTP > Blocked FTP Commands.
The following page opens.
2.
From the Action drop-down list, select any one of the following options:
±
Block
—to enable FTP command blocking
The FTP commands listed in the Blocked Commands list box will be blocked.
Note
FTP command blocking is enabled by default.
±
None
—to disable FTP command blocking
configuring smartdefense: All FTP commands are allowed including those in the
Blocked Commands list box.
3.
To block particular FTP command, select the command from the Allowed Commands list
box and do the following:
a.
Click Block.
The FTP command appears in the Blocked Commands list box.
b.
Click Apply.
When FTP command blocking is enabled, the FTP command will be blocked.

Rate

3.5 / 5 based on 2 votes.

Popular Nokia Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top