Security
Denial of Service Prevention
Cisco Small Business 200 Series Smart Switch Administration Guide 264
19
Defense Against DoS Attacks
The Denial of Service (DoS) Prevention feature assists the system administrator in resisting DoS attacks in
the following ways:
• Enable TCP SYN protection. If this feature is enabled, reports are issued when a SYN packet attack is
identified. A SYN attack is identified if the number of SYN packets per second exceeds a user-
configured threshold.
• SYN-FIN packets can be blocked.
Dependencies Between Features
There is no dependency between this feature and other features.
Default Configuration
The DoS Prevention feature has the following defaults:
• The DoS Prevention feature is disabled by default.
• SYN-FIN protection is enabled by default (even if DoS Prevention is disabled).
• If SYN protection is enabled, the default is Report.The default threshold is 30 SYN packets per
second.
• All other DoS Prevention features are disabled by default.
Configuring DoS Prevention
The following pages are used to configure this feature.
Security Suite Settings
To configure DoS Prevention global settings and monitor SCT:
STEP 1 Click Security > Denial of Service Prevention > Security Suite Settings. The
Security Suite Settings displays.
CPU Protection Mechanism: Enabled indicates that SCT is enabled.
STEP 2 Click Details beside CPU Utilization to go to the CPU Utilization page and view
CPU resource utilization information.
To Next Page
Loading...
Need help?
General