Page 181 / 342
Scroll up to view Page 176 - 180
SmartDefense
Nokia IP45 Security Platform User’s Guide v4.0
181
4.
To allow a specific FTP command, select the command from the Blocked Commands list
box and do the following:
a.
Click Accept.
The FTP command appears in the Allowed Commands list box.
b.
Click Apply.
The FTP command will be allowed, regardless of whether the FTP command blocking is
enabled or disabled.
HTTP
This option provides various protection mechanisms to stop the exploits of HTTP headers and to
block the worms that take advantage of the vulnerabilities of the HTTP protocol. It includes:
±
Header Rejection
—some exploits use the HTTP headers to cause damage. The exploit can
be carried in standard headers with custom values or in custom headers. This protection
allows you to reject HTTP requests that contain specific headers and header values.
Note
To select values for Header Rejection, expand the HTTP tree, click Header Rejection and
select the values from the drop-down list by using the information provided in
Table 47
.
Table 47
Fields for Header Rejection
Field
Description
Action
Choose the action to be taken when particular HTTP requests that
contain specific headers and header values are made.
Options:
•
Block: blocks such requests
•
None: no action is required
Default value: None
Page 182 / 342
8
Setting Up the Nokia IP45 Security Platform Security Policy
182
Nokia IP45 Security Platform User’s Guide v4.0
±
Worm Catcher
—a worm is a self-replicating malware that propogates by actively sending
itself to new machines. Some worms propogate by using security vulnerabilities in the
HTTP protocol. This protection allows you to detect and block worms based pre-defined
patterns.
Note
To select values for Worm Catcher, expand the HTTP tree, click Worm Catcher and select
the values from the drop-down list by using the information provided in
Table 48
.
Track
Specify whether to issue logs for the malicious HTTP requests.
Options:
•
Log: logs the malicious HTTP requests
•
None: does not log the malicious HTTP requests
Default value: None
You can also see a list.
180 Solutions
AltNet Peer Point Manager
Atwola
BearShare
Gator
Google Desktop Search
Grokster Ads
QuickTime Plugin
QuickTime
RealOne Player
Shoutcast
Target Saver
and few more.
Table 47
Fields for Header Rejection
Field
Description
Page 183 / 342
SmartDefense
Nokia IP45 Security Platform User’s Guide v4.0
183
Microsoft Networks
This category includes File and Print Sharing.
±
File and Print Sharing
—Microsoft operating systems and Samba clients rely on Common
Internet File System (CIFS), a protocol for sharing files and printers. However, this protocol
is also widely used by worms as a means of propagation.
Table 48
Fields for Worm Catcher
Field
Description
Action
Choose the action to be taken when worms are detected.
Options:
•
Block: blocks the worms
•
None: no action required
Default value: None
Track
Specify whether to issue logs for the worms that are detected.
Options:
•
Log: logs the detection of worms
•
None: does not log the detection of worms
Default value: None
You can also see a list of worms. Check or uncheck the worms to
be detected.
Apache Tomcat Malicious Request
Apache Tomcat RealPath
Apache Tomcat path disclosure 1
Apache Tomcat path disclosure 2
Apache Tomcat path disclosure 3
Apache Tomcat sample code
BizTalk Buffer Overrun
CodeRed
Frontpage Extensions Buffer Overrun
Htr Overflow
MDAC Overflow
Nimda
Sanity.A Worm
Page 184 / 342
8
Setting Up the Nokia IP45 Security Platform Security Policy
184
Nokia IP45 Security Platform User’s Guide v4.0
The following table depicts the fields of Microsoft Networks.
IGMP
This category includes the IGMP protocol.
±
IGMP
—IGMP is used by hosts and routers to dynamically register and discover multicast
group membership. Attacks on the IGMP protocol usually target a vulnerability in the
multicast routing software/hardware used, by sending specially crafted IGMP packets.
Note
To select values for IGMP, expand the IGMP tree, click IGMP and select the values from the
drop-down list by using the information provided in
Table 50
.
Table 49
Fields for Microsoft Networks
Field
Action
Action
Choose the action to be taken when the CIFS worm attacks are
detected.
•
Block: blocks the attack
•
None: no action is required
Default value: None
Track
Specify whether to log the CIFS worm attacks.
•
Log: logs the attack
•
None: does not log the attack
Default value: None
Select the worm patterns to detect from the CIFS worm patterns
lists.
Patterns are matched against file names (including file paths but
excluding the disk share name) that the client is trying to read or
write from the server.
Page 185 / 342
SmartDefense
Nokia IP45 Security Platform User’s Guide v4.0
185
Peer to Peer
SmartDefense can block peer-to-peer traffic by identifying the proprietary protocols and
preventing the initial connection to the peer-to-peer networks. This prevents the search
operations too in addition to downloads.
This category includes the following connection types:
±
Kazaa
—a distributed peer-to-peer file sharing service that runs on the port 1214.
Note
To select values for Kazaa, expand the Peer to Peer tree, click Kazaa and select the values
from the drop-down list by using the information provided in
Table 51
.
Table 50
Fields for IGMP
Field
Action
Action
Choose the action to be taken against the IGMP attacks.
Options:
•
Block: blocks the attack
•
None: no action is required
Default value: Block
Track
Specify whether to log the IGMP attacks.
Options:
•
Log: logs the attack
•
None: does not log the attack
Default value: Log
Enforce IGMP
to multicast
addresses
According to the IGMP specification, IGMP packets must be sent
to multicast addresses. Sending IGMP packets to a unicast or
broadcast address might constitute an attack. So IP45v4.0 blocks
such packets.
Specify whether to allow or block the IGMP packets that are sent
to non-multicast addresses.
Options:
•
Block: blocks the IGMP packets that are sent to non-multicast
addresses.
•
None: no action is required
Default value: Block
19216811.live