EasyManua.ls Logo

Stormshield SN series - Netbios CIFS; Profiles Screen; Netbios SSN; EPMAP Protocol

Stormshield SN series
448 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
NetBios CIFS
NetBios is a protocol that is used for sharing files/printers, generally by Microsoft systems.
Profiles screen
“IPS” tab
Automatically detect
and inspect the
protocol
If this protocol has been enabled, it will automatically be used for discovering
corresponding packets in filter rules.
Maximum size of elements (bytes)
Name of files (SMB2
format)
This number has to be between 1 and 65536 bytes. This file name size (SMB2 - ioctl
referral request) is set by default to 61640 to protect the system from the
vulnerability CVE 2009-2526.
Microsoft RPC (DCE/RPC)
Inspect Microsoft RPC
(DCE/RPC) protocol
As the DCE/RPC protocol can be encapsulated in this protocol, this option allows
enabling or disabling its inspection.
Authentication
Verify user legitimacy
If this option is selected, you will be enabling user authentication via the CIFS header.
The CIFS plugin will therefore be capable of extracting the user ID and comparing it
against the list of users authenticated on the firewall.
When no authenticated users match, the packet will be blocked.
Support
Disable intrusion
prevention
When this option is selected, the scan of the NetBios CIFS protocol will be disabled
and traffic will be authorized if the filter policy allows it.
NetBios SSN
The screens are the same as for the previous protocol, except that they allow configuring the
NetBios SSN protocol, making it possible to exchange messages in connected mode.
EPMAP protocol
This protocol allows launching procedures that are remotely hosted (bootstrap) through the
distribution of an MS-RPC service’s IP address and protocol. The options of this module may
restrict the use of these relays. Dynamic connections can be opened on EPMAP (portmapper).
Automatically detect
and inspect the
protocol
If this protocol has been enabled, it will automatically be used for discovering
corresponding packets in filter rules.
Dynamic connections
As this protocol is used for relaying access to Microsoft services, the following options allow
restricting the services and options relayed by the EPMAP server.
Page 280/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
PROTOCOLS

Table of Contents

Other manuals for Stormshield SN series

Preview: Product Presentation And Installation
Product Presentation And Installation66 pages

Related product manuals