Filter
Top Products
SIP Release Notes 132 Document #: LTRT-26901
CPE SIP Products
2.4.3 Data Security
The device supports the following new data security features:
1. Zero Configuration Firewall wizard with three security levels:
• Minimum (Inbound and Outbound policies set to ‘Accept’)
• Typical (Inbound policy set to ‘Reject’; Outbound Policy to ‘Accept’)
• Maximum (only selected applications are allowed in Outbound policy)
2. Access Control for pinpoint security policy.
3. Extensive list of ALG-modules combined with SPI for error-free configuration and
maximum security.
4. Port-forwarding and DMZ support for local applications and hosts.
5. Website Restriction allows static URL-based blocking of public/extranet websites.
6. Advanced Filtering allows full control on Inbound/Outbound Rules per interface/device.
7. Site-to-Site VPN:
• Supports two IPSec use-cases:
♦ Site-to-Site (Gateway-to-Gateway) VPN
♦ Teleworker (User-to-Gateway) VPN
• Fully compliant with IPSec RFCs:
♦ RFC 2401 - Security Architecture for IP
♦ RFC 2402 - IP Authentication Header
♦ RFC 2406 – ESP
♦ RFC 2403 and RFC 2404 for Authentication
8. PPTP/L2TP Client-Server VPN:
• Supports two VPN use-cases:
♦ Server support for remote Teleworker VPN access
♦ Client-to-Gateway support with PPTP/L2TP
• Point-to-Point Tunneling Protocol - RFC 2637
• Layer Two Tunneling Protocol - RFC 2661 (with L2TP/IPSec)
• Support all WiN OS versions as well as Linux
9. DoS and IDS/IPS:
• Denial of Service (DoS) protection: TCP RST, Ping Flood, ICMP Echo storm,
UDP snork attack, ICMP Smurf, UDP fraggle and more
• IP spoofing attacks: FTP bounce, Broadcast/multicast source IP attack
• Intrusion and scanning attacks:
♦ IP source route, ICMP Echo reply without request, ICMP Ping sweep, TCP
Stealth
♦ Scan (FIN, XMAS, NULL), UDP port, FTP passive attack, loopback/Echo
chargen, Block security hazard ICMP messages
• IP fragment overlap, Ping of Death, Fragmentation attacks and more