4
Connection limits
To protect internal network resources (hosts or servers) and correctly allocate system resources on
the device, you can configure connection limit policies to collect statistics and limit the number of
connections, connection establishment rate, and connection bandwidth.
Attack detection and protection
ARP attack protection
Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network
attacks. An attacker can exploit ARP vulnerabilities to attack network devices. Hewlett Packard
Enterprise has provided a comprehensive and effective solution against common ARP attacks, such
as user and gateway spoofing attacks and flood attacks.
IP source guard
IP source guard uses binding entries to improve port security by blocking illegal packets. For
example, it can prevent illegal hosts from using a valid IP address to access the network. It is applied
on an interface connected to the user side.
IP source guard can filter packets according to the packet source IP address, source MAC address,
and VLAN ID. An IP source guard entry can be statically configured or dynamically added through
DHCP.
URPF
URPF protects a network against source address spoofing attacks, such as DoS and DDoS attacks.
Attack detection and protection
Attack detection and protection is an important network security feature. It determines whether
received packets are attack packets according to the packet contents and behaviors and, if detecting
an attack, take measures to deal with the attack, such as outputting alarm logs, dropping packets,
and blacklisting the source IP address. The attack protection function can detect network attacks
such as single-packet attacks, scanning attacks, and flood attacks.
TCP attack protection
Attackers can attack the device during the process of TCP connection establishment. To prevent
such attacks, the device provides the following features:
• SYN Cookie
• Protection against Naptha attacks
Other security technologies
The device also provides other network security technologies to implement a multifunctional and full
range of security protection for users.
User profile
A user profile provides a configuration template to save predefined configurations, such as a CAR
policy or a QoS policy. Different user profiles are applicable to different application scenarios.
The user profile supports working with PPPoE, 802.1X and portal authentications. It is capable of
restricting authenticated users' behaviors. After the authentication server verifies a user, it sends the
device the name of the user profile that is associated with the user.
Password control
Password control is a set of functions for enhancing the local password security. It controls user login
passwords, super passwords, and user login status based on predefined policies. Those policies
To Next Page
Loading...
Need help?
General
