service.support
UID 14
精華
0
積分 0
帖子 523
閱讀權限 200
註冊 2006-10-2
狀態 離線
|
PS網路介面優先權其他設定選項說明
Log Access Attempts
If administrators would like to log all access attempts via a
system interface (whether to PowerStation itself or via
PowerStation), the logging can be enabled here.
Under 「View Logs」→ 「Connection History」shows a list of connections
recorded based on the setting of 「Security Policy」and 「Interface Priority」
紀錄連線存取嘗試
如果開啟此功能的話,所有的連線都會紀錄在「View Logs」→ 「Connection History」
Intrusion Detection
This is to enable Intrusion Detection function on a system
interface. The relevant IDS parameters are configured from
[MultiHoming] -> [Parameters] -> [Intrusion Detection].
入侵偵測防禦
將此網孔啟動snort入侵偵測功能
[MultiHoming] -> [參數設定] -> [入侵偵測].
Data Access Control
If an interface is enabled DAC, users might be authenticated first
before given access to Internet.
DAC 網路認證
預設disable由DAC模組控管
Check TCP 3-Way Handshake
For TCP connections, 3-Way handshake is a required stage. By
default, PowerStation drops any TCP packets (connections) that
fail to complete the 3-Way handshake stage. It is recommended
that this option is enabled all the time.
檢查 TCP 三方交握
PowerStation drops any TCP packets (connections) that
fail to complete the 3-Way handshake stage.
Check Spoofed Source
In most cases, the routing is symmetric, which means replied
packets are forwarded via the same interface (or link) from which
the original packets (requests) are received. The option is
sometimes called “Reverse Packet Filter”. However if a network
is in asymmetric routing, be sure to disable the option.
檢查偽造來源
檢查路由是否對稱,意指返回的封包經由一樣的介面,如果網路路由不對稱的話,因該關閉此選項。
Drop Pkts of Private Sources
Private addresses are defined as three IP subnets, “10.0.0.0/8”,
“172.16.0.0/12” and “192.168.0.0/16”. If the option is enabled,
PowerStation drops packets whose sources are within the three
private address spaces. The option is often enabled on WAN
interfaces since it is very unlikely that packets of private sources
are received from WAN links.
禁止來自私有網段
Drop私有網段封包從此網孔通過,此選項通常在WAN Interfaces才會開啟,私有網段封包不可能從WAN links.
Strict Address Verification
If the option is enabled on a system interface, any packets from
the system interface must be within the same IP subnet of the
system interface. For example, if a system interface is
configured with the IP 192.168.1.254 and subnet mask
255.255.255.0, PowerStation only allows packets whose sources
are within 192.168.1.0/24, any other packets, such as
192.168.2.0/24 etc, will be dropped. The option is feasible for a
very simple network.
嚴格路由檢查
如果此介面開啟這個選項後,任何封包經過此網路介面因該有ㄧ樣的IP Subnet
舉例來說系統介面設定IP 192.168.1.254 and subnet mask
255.255.255.0 PowerStation 只允許來自192.168.1.0/24, 其他的封包一率drop,用於簡單的網路環境。
|
|
