Zonedefense; Overview - D-Link DFL-260E User Manual

Chapter 12. ZoneDefense
This chapter describes the D-Link ZoneDefense feature.
• Overview, page 504
• ZoneDefense Switches, page 505
• ZoneDefense Operation, page 506

12.1. Overview

ZoneDefense Controls Switches
ZoneDefense allows a NetDefend Firewall to control locally attached switches. It can be used as a
counter-measure to stop a virus-infected computer in a local network from infecting other
computers.
When hosts or clients on a network become infected with viruses or another form of malicious code,
this can often show its presence through anomalous behavior, often by large numbers of new
connections being opened to outside hosts.
Using Thresholds
By setting up Threshold Rules, hosts or networks that are exceeding a defined connection threshold
can be dynamically blocked using the ZoneDefense feature. Thresholds are based on either the
number of new connections made per second, or on the total number of connections being made.
These connections may be made by either a single host or all hosts within a specified CIDR network
range (an IP address range specified by a combination of an IP address and its associated network
mask).
ACL Upload
When NetDefendOS detects that a host or a network has reached the specified limit, it uploads
Access Control List (ACL) rules to the relevant switches and this blocks all traffic for the host or
network displaying the unusual behavior. Blocked hosts and networks remain blocked until the
system administrator manually unblocks them using the Web or Command Line interface.
Note: ZoneDefense is not available on all NetDefend models
The ZoneDefense feature is only available on the D-Link NetDefend DFL-800, 860,
860E, 1600, 1660, 2500, 2560 and 2560G.
504