Configuring Security
Denial of Service Prevention
Cisco Small Business 300 Series Managed Switch Administration Guide 225
16
Denial of Service Prevention
Denial of Service
(DoS) Prevention increases network security by preventing
packets with certain IP address parameters from entering the network. Denial of
Service eliminates packets with headers or contents known to be signals of
malicious intent.
Denial of Service Prevention enables network managers to:
• Deny packets that contain reserved IP addresses (Martian Addresses
Page)
• Prevent TCP connections from a specific interface (SYN Filtering Page) and
rate limit the packets (SYN Rate Protection Page)
• Configure the blocking of certain ICMP packets (ICMP Filtering Page)
• Discard fragmented IP packets from a specific interface (IP Fragments
Filtering Page)
• Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back Office
Trojan.
Denial of Service Security Suite Settings
The Denial of Service Prevention feature is a set of predefined rules that protect
the network from malicious attacks. The
Denial of Service
Security Suite Settings
enables activating the security suite.
The Denial of Service pages enable filtering of traffic. This protects the network
from a Denial of Service and Distributed Denial of Service attacks.
NOTE Before activating Denial of Service Prevention, you must unbind all Access Control
Lists (ACLs) or advanced QoS policies that are bound to a port. ACL and advanced
QoS policies are not active when a port has Denial of Service Protection.
To Next Page
Loading...
