Zonedefense; Overview - D-Link NetDefend DFL-210 User Manual

Chapter 12. ZoneDefense
This chapter describes the D-Link ZoneDefense feature.
• Overview, page 298
• ZoneDefense Switches, page 299
• ZoneDefense Operation, page 300

12.1. Overview

ZoneDefense allows a D-Link Firewall to control locally attached switches. It can be used as a
counter-measure to stop a virus-infected computer in a local network from infecting other
computers.
When hosts or clients on a network become infected with viruses or another form of malicious code,
this can often show its presence through anomalous behaviour, often by large numbers of new
connections being opened to outside hosts.
By setting up Threshold Rules, hosts or networks that are exceeding a defined connection threshold
can be dynamically blocked using the ZoneDefense feature. Thresholds are based on either the
number of new connections made per second, or on the total number of connections being made.
The connections may be made by either a single host or all hosts within a specified CIDR network
range (an IP address range specified by a combination of an IP address and its associated network
mask).
When NetDefendOS detects that a host or a network has reached the specified limit, it uploads
Access Control List (ACL) rules to the relevant switches and this blocks all traffic for the host or
network displaying the unusual behaviour. Blocked hosts and networks remain blocked until the
system administrator manually unblocks them using the Web or Command Line interface.
Note
ZoneDefense is available on the D-Link DFL-800/860/1600/2500 models.
298