HGIGA Service Docs 
» 遊客:  註冊 | 登錄 | 統計 | 幫助
RSS 訂閱當前論壇  

上一主題 下一主題
       
標題: PS網路介面優先權其他設定選項說明  
 
service.support





UID 14
精華 0
積分 0
帖子 523
閱讀權限 200
註冊 2006-10-2
狀態 離線
PS網路介面優先權其他設定選項說明

Log Access Attempts

If administrators would like to log all access attempts via a

system interface (whether to PowerStation itself or via

PowerStation), the logging can be enabled here.

Under 「View Logs」→ 「Connection History」shows a list of connections

recorded based on the setting of 「Security Policy」and 「Interface Priority」

紀錄連線存取嘗試

如果開啟此功能的話,所有的連線都會紀錄在「View Logs」→ 「Connection History」







Intrusion Detection

This is to enable Intrusion Detection function on a system

interface. The relevant IDS parameters are configured from

[MultiHoming] -> [Parameters] -> [Intrusion Detection].

入侵偵測防禦

將此網孔啟動snort入侵偵測功能

[MultiHoming] -> [參數設定] -> [入侵偵測].







Data Access Control

If an interface is enabled DAC, users might be authenticated first

before given access to Internet.

DAC 網路認證

預設disable由DAC模組控管





Check TCP 3-Way Handshake

For TCP connections, 3-Way handshake is a required stage. By

default, PowerStation drops any TCP packets (connections) that

fail to complete the 3-Way handshake stage. It is recommended

that this option is enabled all the time.

檢查 TCP 三方交握

PowerStation drops any TCP packets (connections) that

fail to complete the 3-Way handshake stage.





Check Spoofed Source

In most cases, the routing is symmetric, which means replied

packets are forwarded via the same interface (or link) from which

the original packets (requests) are received. The option is

sometimes called “Reverse Packet Filter”. However if a network

is in asymmetric routing, be sure to disable the option.

檢查偽造來源

檢查路由是否對稱,意指返回的封包經由一樣的介面,如果網路路由不對稱的話,因該關閉此選項。







Drop Pkts of Private Sources

Private addresses are defined as three IP subnets, “10.0.0.0/8”,

“172.16.0.0/12” and “192.168.0.0/16”. If the option is enabled,

PowerStation drops packets whose sources are within the three

private address spaces. The option is often enabled on WAN

interfaces since it is very unlikely that packets of private sources

are received from WAN links.

禁止來自私有網段

Drop私有網段封包從此網孔通過,此選項通常在WAN Interfaces才會開啟,私有網段封包不可能從WAN links.



Strict Address Verification

If the option is enabled on a system interface, any packets from

the system interface must be within the same IP subnet of the

system interface. For example, if a system interface is

configured with the IP 192.168.1.254 and subnet mask

255.255.255.0, PowerStation only allows packets whose sources

are within 192.168.1.0/24, any other packets, such as

192.168.2.0/24 etc, will be dropped. The option is feasible for a

very simple network.

嚴格路由檢查

如果此介面開啟這個選項後,任何封包經過此網路介面因該有ㄧ樣的IP Subnet

舉例來說系統介面設定IP 192.168.1.254 and subnet mask

255.255.255.0 PowerStation 只允許來自192.168.1.0/24, 其他的封包一率drop,用於簡單的網路環境。
2008-6-12 11:07#1
查看資料  Blog  發短消息  Yahoo!  頂部
       


  可打印版本 | 推薦給朋友 | 訂閱主題 | 收藏主題  


 

   Powered by Discuz! 4.1.0  © 2001-2006 Transformed by wxxslt for HGIGA Inc. / Service Support
Processed in 0.016905 second(s), 8 queries , Gzip enabled

所有時間為 GMT+8, 現在時間是 2024-11-23 12:08