Zonedefense; Overview - D-Link NetDefend DFL-210 User Manual

Chapter 12. ZoneDefense
This chapter describes the D-Link ZoneDefense feature.
• Overview, page 235
• ZoneDefense Switches, page 236
• ZoneDefense Operation, page 237

12.1. Overview

ZoneDefense allows a D-Link Firewall to control locally attached switches. It can be used as a
counter-measure to stop a virus-infected computer in a local network from infecting other com-
puters.
When hosts or clients on a network become infected with viruses or another form of malicious code,
this can often show its presence through anomalous behaviour, often by large numbers of new con-
nections being opened to outside hosts.
By setting up Threshold Rules, hosts or networks that are exceeding a defined connection threshold
can be dynamically blocked using the ZoneDefense feature. Thresholds are based on either the num-
ber of new connections made per second, or on the total number of connections being made. The
connections may be made by either a single host or all hosts within a specified CIDR network range
(an IP address range specified by a combination of an IP address and its associated network mask).
When NetDefendOS detects that a host or a network has reached the specified limit, it uploads Ac-
cess Control List (ACL) rules to the relevant switches and this blocks all traffic for the host or net-
work displaying the unusual behaviour. Blocked hosts and networks remain blocked until the sys-
tem administrator manually unblocks them using the Web or Command Line interface.
Note
ZoneDefense is available on the D-Link DFL-800/860/1600/2500 models.
235