Firewall Features - Service Blocking

By Scott Sidel, published on July 29, 2004
Source: Tom's Guide US | Keywords: , , , ,
Contents

4. Firewall Features - Service Blocking

Assuming that you are going to use the SMC2804WBRP-G as a home router, SMC does a fairly good job providing the kind of features you would need to keep your home network safe and your home users from seeing things you might not want them to see. By default the SMC2804WBRP-G's firewall comes disabled. I don't think this is such a stellar decision and believe that firewalls should come enabled by default. Once the firewall is activated, a set of additional options is made available.

To block services, you use the Access Control (port filtering) functions for blocking standard protocols or user defined protocols for a single IP or range of IP addresses (Figure 7 and 8).

Figure 7: Access Control helps keep users from running unacceptable applications

Figure 8: Common services have been pre-defined

The SMC2804WBRP-G's firewall also includes Intrusion Detection features that control aspects of its Stateful Packet Inspection (SPI). For example, the Denial of Service (DoS) protection blocks a type of attack - such as pinging the external IP of your router rapidly in succession - that can disable an Internet connection by using all available bandwidth.

While DoS protection prevents offending packets from reaching LAN clients, it cannot prevent your Internet connection's bandwidth from being eaten up by attacking computers because it works at the receiving end of the attack.

Figure 9: The Barricade g can block common Internet attacks

During testing, I inadvertently got a taste of how the intrusion detection function works. I had hooked a client PC up to the WAN port to test UDP streaming from the WAN to a LAN-based PC. With the intrusion detection feature turned on, the router saw this as a type of UDP flood and immediately suspended communication with the offending PC. Only by checking the Security Log was I able to realize why I had been suddenly cut off from the LAN PC.

I also liked that SMC also provides control of various Connection Policy timings such as TCP SYN and FIN waits and connection idle timeouts as part of the router's SPI controls.

Comments | Print | Send to a friend

Related albums

  World of Warcraft expansion pack beta test: Update 4 - Silvermoon City (High resolution gallery)  
World of Warcraft expansion pack beta test:1
  World of Warcraft expansion pack beta test: Update 4 - Silvermoon City (High resolution gallery)  
World of Warcraft expansion pack beta test:1
  World of Warcraft expansion pack beta test: Update 4 - Silvermoon City (High resolution gallery)  
World of Warcraft expansion pack beta test:1
  High-Power LED Lights Brightening Up Car Interiors  
High-Power LED Lights Brightening Up Car1

Sponsored links

Comments

Comments are closed on this page.

Sponsored links