Manualshelf

User guide

ManualsBrandsAllied Telesis ManualsComputer equipmentAT-iMG634 - R2
701702703704705706707708709710
RG Internet Profile Creating RG Profiles with Field Descriptions
7-37
AlliedView NMS Administration Guide (Provisioning the iMG/RG)
DOS (Denial of Service) attacks - a DOS attack is an attempt by an attacker to prevent legitimate hosts from access-
ing a service.
Port Scanning - an attacker scans a system in an attempt to identify any open ports.
Web Spoofing - an attacker creates a 'shadow' of the World Wide Web on their own machine, however legitimate
host sees this as the 'real' WWW. The attacker uses the shadow WWW to monitor the host's activities and send false
data to and from the host's machine.
There are parameters that are filled out to configure each type.
Network Address Translation (NAT) - The basic NAT feature is that the devices in the internal network have their own
IP addresses and yet access the external network using a separate internet address, and this is the only address devices on
the external network. Doing this provides both a conservation of public IP addresses and security. Security is provided
by keeping an internal table of the source IP address and source port as well as a substitute source port number. Packets
coming from the external network must include the substitute port number or the packet is dropped.
In some cases, the user needs to set up static IP addresses/port mappings. This is done using Global Pools and Reserved
Mappings.
A Global Pool is a range of external IP addresses that are available, rather than one. The reason global pools are used
is so that you can map an outside address to a specific internal interface. This is called reserve mapping.
Reserved Mapping is used for mapping an IP address from the Global Pool to an individual address of a device in
the internal network. When NAT receives a message, it uses its internal interface to forward the packet to the same
port number on a selected internal computer, as well as any responses from the internal computer that are forwarded
to the requesting external computer. Reserved mappings can also be used so that different internal hosts can share the
same global address by mapping different ports to different hosts. For example, Host A is an FTP server and Host B
is a Web server, and by mapping the FTP port to host A and an http port on Host B, both hosts can use the same exter-
nal address.
Internet Key Exchange (IKE) - To supports NAT IPSec traversal, you specify how Internet Key Exchange (IKE)
packets are translated. IKE establishes a shared security policy and authenticates keys for services that require keys,
such as IPSec. Before any IPSec traffic can be passed, each router/firewall/host must verify the identity of its peer.
The user specifies whether the source port will be translated for IKE packets, or IKE cookies are used to identify IKE
sessions.
7.4.3.2 General Internet Info Tab
This form controls whether a Bridged or Routed Service is to be configured. Refer to the following figure.