Product Overview; About D-Link Netdefendos - D-Link NetDefend DFL-210 User Manual

Chapter 1. Product Overview
This chapter outlines the key features of NetDefendOS.
• About D-Link NetDefendOS, page 1
• NetDefendOS Architecture, page 3
• NetDefendOS Packet Flow, page 6

1.1. About D-Link NetDefendOS

D-Link NetDefendOS is the firmware, the software engine that drives and controls all D-Link Fire-
wall products.
Designed as a network security operating system, NetDefendOS features high throughput perform-
ance with high reliability plus super-granular control. In contrast to products built on standard oper-
ating systems such as Unix or Microsoft Windows, NetDefendOS offers seamless integration of all
subsystems, in-depth administrative control of all functionality as well as a minimal attack surface
which helps negate the risk of being a target for security attacks.
From the administrator's perspective the conceptual approach of NetDefendOS is to visualize opera-
tions through a set of logical building blocks or objects, which allow the configuration of the
product in an almost limitless number of different ways. This granular control allows the adminis-
trator to meet the requirements of the most demanding network security scenario.
NetDefendOS is an extensive and feature-rich network operating system. The list below presents the
most essential features:
IP Routing
Address Translation
Firewalling
Intrusion Detection and Preven-
tion
NetDefendOS provides a variety of options for IP routing in-
cluding static routing, dynamic routing, multicast routing and
advanced virtual routing capabilities. In addition, NetDefen-
dOS supports features such as Virtual LANs, Route Monitor-
ing, Proxy ARP and Transparency. For more information,
please see Chapter 4, Routing.
For functionality as well as security reasons, NetDefendOS
supports policy-based address translation. Dynamic Address
Translation (NAT) as well as Static Address Translation
(SAT) is supported, and resolves most types of address trans-
lation needs. This feature is covered in Chapter 7, Address
Translation.
At the heart of the product, NetDefendOS features stateful in-
spection-based firewalling for common protocols such as
TCP, UDP and ICMP. As an administrator, you have the pos-
sibility to define detailed firewalling policies based on source
and destination network and interface, protocol, ports, user
credentials, time-of-day and much more. Section 3.5, "The IP
Rule-Set", describes how to use the firewalling aspects of
NetDefendOS.
To mitigate application-layer attacks towards vulnerabilities
in services and applications, NetDefendOS provides a power-
ful Intrusion Detection and Prevention (IDP) engine. The IDP
engine is policy-based and is able to perform high-
performance scanning and detection of attacks and can per-
form blocking and optional black-listing of attacking hosts.
1