D-Link NetDefendOS User Manual page 264

Risk Guidelines
The following are guidelines for how the risk parameter for each application control signature
should be viewed by the administrator:
• Risk Level 5
Very high risk. This traffic should be blocked unless special circumstances or requirements
exist. For example, PHP-, CGI-, HTTPS-proxies; known attack sites.
• Risk Level 4
High risk. This traffic should be reviewed and a block or allow action taken. Site-to-site
tunneling should be used where possible. For example, SSH, LDAP, RADIUS, Dropbox and
similar.
• Risk Level 3
Medium risk. Signatures with this risk level can affect network security, bandwidth usage and
company integrity if care is not taken. For example, Facebook and other social networks,
Google Analytics and similar aggregators, P2P/filesharing
• Risk Level 2
Moderate risk. Signatures with this risk level can affect network security and/or affect
bandwidth usage. For example, video streaming sites, Java/Flash game sites
• Risk Level 1
Low-risk. Signatures that could be candidates for blocking. Typically not a threat. For
example, E-commerce sites, news portals.
Application Control Subscription Expiry
As mentioned previously, application control requires a subscription to be purchased for the
feature to function.
If the subscription expires, the following will happen if application control has been configured
on any IP Policy objects:
• A console message is generated at system startup or on reconfiguration to indicate
subscription expiry.
• Application control will continue to function so that traffic continues to flow through
NetDefendOS but, whenever it triggers, the data type will be set to Unknown.
For example, if the administrator had configured BitTorrent traffic to be dropped, it will no
longer be dropped because it has been recognized and then reclassified as Unknown traffic.
• Whenever application control triggers, the log message application_identified will be
generated as usual but the traffic type will be marked as Unknown. Similarly, the type
Unknown will also appear in the application_end log message.
• In addition, the log message application_control_disabled will also be generated when
application control triggers.
The current status of the application control subscription can be viewed with the Web Interface
by going to Status > Maintenance > License.
264
Chapter 3: Fundamentals