|
|
SysMaster and Denial of Service
Prevention |
|
|
|
Key Features
- Denial of Service online attacks based on TCP, UDP, IP and
ICMP protocols such as SYN flood, IP spoofing, Ping-of-Death,
and others are thwarted.
- SysMaster DoS prevention reduces server downtime.
- Powerful firewall capable of filtering a wide range of traffic
based on an extensive set of traffic characteristics.
- Specially designed core software for advanced security.
- Administration through Access Control Lists for enhanced security.
- Ability to drop idle connections.
- Ability to map well known ports to any port in NAT configuration.
Why Denial of Service
Prevention?
|
Ensuring a high level of security
and protection against malicious attacks is extremely critical
for every business on the Internet. Conventional equipment is
not capable of handling this task as new powerful technology
is required to thwart malicious traffic. Denial of Service floods
are the most common type of online attacks. These attacks attempt
to consume all the bandwidth or computational server resources
at the expense of the useful traffic. |
|
The SysMaster platform's Network Operating
system and the QoS module, together with the Firewall module
can provide comprehensive protection against malicious online
attacks. During a typical DoS attack, SysMaster effectively
filters out all "redundant" data packets, thus protecting
both the corporate/web site WAN bandwidth and the computational
resources of the servers. In addition, SysMaster provides
online attack protection against SYN Flood, UDP Flood, Teardrop
Attack, Ping-of-Death, Mail-bomb attack, broadcast amplification
and more.
|
Type of Attacks SysMaster Prevents
SysMaster is capable of filtering traffic based
on source/destination IP addresses, IP network masks, IP/TCP/UDP
ports, packet types and more. It can be configured to accept limited
traffic from specific addresses or completely prohibit all access.
In addition, specific TCP/UDP traffic, or any application based
on these protocols can be restricted. Advanced mechanism for flood
detection, such as SYN flood, PING flood and others, allows for
quick isolation of malicious attacks.
Additional Security Capabilities
SysMaster as a gateway in SNAT mode
SysMaster can protect networks from external attacks
by acting as a network gateway in SNAT mode. All enterprise computers
are protected, because they share internal IP address space, while
SysMaster provides all external connectivity. This feature helps
to improve overall security.
Fail-over setup
SysMaster delivers additional security by allowing
for redundant setups where a redundant device takes control in the
event the primary device breaks down.
|
|