6.7. Blacklisting Hosts and Networks
Overview
NetDefendOS implements a Blacklist of host or network IP addresses which can be utilized to
protect against traffic coming from specific Internet sources.
Certain NetDefendOS subsystems have the ability to optionally blacklist a host or network when
certain conditions are encountered. These subsystems are:
•
Intrusion Detection and Prevention (IDP).
•
Threshold Rules. (Available on certain NetDefend models only - see Section 10.3, “Threshold
Rules” for details.)
Blacklisting Options
The automatic blacklisting of a host or network can be enabled in IDP and in threshold rules by
specifying the Protect action for when a rule is triggered. Once enabled there are three blacklisting
options:
Time to Block Host/Network in
seconds
The host or network which is the source of the traffic will
stay on the blacklist for the specified time and then be
removed. If the same source triggers another entry to the
blacklist then the blocking time is renewed to its original, full
value (in other words, it is not cumulative).
Block only this Service
By default Blacklisting blocks all services for the triggering
host.
Exempt already established
connections from Blacklisting
If there are established connections that have the same source
as this new Blacklist entry then they will not be dropped if
this option is set.
IP addresses or networks are added to the list then the traffic from these sources is then blocked for
the period of time specified.
Note: Restarts do not effect the blacklist
The contents of the blacklist is not lost if the NetDefend Firewall shuts down and
restarts.
Whitelisting
To ensure that Internet traffic coming from trusted sources, such as the management workstation,
are not blacklisted under any circumstances, a Whitelist is also maintained by NetDefendOS. Any IP
address object can be added to this whitelist
Tip: Important IP addresses should be whitelisted
It is recommended to add the NetDefend Firewall itself to the whitelist as well as the
IP address or network of the management workstation since blacklisting of either
could have serious consequences for network operations.
It is also important to understand that although whitelisting prevents a particular source from being
6.7. Blacklisting Hosts and Networks
Chapter 6. Security Mechanisms
337
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...