Smtp - D-Link NetDefend DFL-210 User Manual

6.2.5. SMTP

TFTP is widely used in enterprise environments for updating software and backing up
configurations on network devices. TFTP is recognised as being an inherently insecure protocol and
its usage is often confined to internal networks. The NetDefendOS ALG provides an extra layer of
security to TFTP in being able to put restrictions on its use.
General TFTP Options
Allow/Disallow Read
Allow/Disallow Write
Remove Request Option
Block Unknown Options
TFTP Request Options
As long as the Remove Request Option described above is set to false (options aren't removed)
then the following request option settings can be applied:
Maximum Blocksize
Maxiumum File Size
Allow Directory Traversal
Allowing Request Timeouts
The NetDefendOS TFTP ALG blocks the repetition of an TFTP request coming from the same
source IP address and port within a fixed period of time. The reason for this is that some TFTP
clients might issue requests from the same source port without allowing an appropriate timeout
period.
6.2.5. SMTP
Simple Mail Transfer Protocol (SMTP) is a text based protocol used for transferring email between
mail servers over the Internet. Typically the local SMTP server will be located on a DMZ so that
mail sent by remote SMTP servers will traverse the D-Link Firewall to reach the local server (this
setup is illustrated later in Section 6.2.5.1, "DNSBL SPAM Filtering"). Local users will then use
email client software to retrieve their email from the local SMTP server.
SMTP ALG Options
Key features of the SMTP ALG are:
The TFTP GET function can be disabled so that files cannot
be retrieved by a TFTP client. The default value is Allow.
The TFTP PUT function can be disabled so that files cannot
be written by a TFTP client. The default value is Allow.
Specifies if options should be removed from request. The
default is False which means "don't remove".
This option allows the blocking of any option in a request
other than the blocksize, the timeout period and the file
transfer size. The default is False which means "don't block".
The maximum blocksize allowed can be specified. The
allowed range is 0 to 65464 bytes. The default value is 65464
bytes.
The maximum size of a file transfer can be restricted. By
default this is the absolute maximum allowed which 999,999
KBytes.
This option can disallow directory traversal through the use of
filenames contaning consecutive periods ("..").
146
Chapter 6. Security Mechanisms