Denial Of Service Prevention - Cisco 500 series Administration Manual
Stackable managed switch
Hide thumbs
Also See for 500 series:
- Configuration manual (1140 pages) ,
- Administration manual (653 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
Configuring Security
Denial of Service Prevention
Denial of Service Prevention
Cisco 500 Series Stackable Managed Switch Administration Guide
Denial of Service
(DoS) Prevention increases network security by preventing
packets with certain IP address parameters from entering the network.
In addition, DoS Prevention eliminates packets with headers or contents known to
be signals of malicious intent.
Denial of Service Prevention enables network managers to:
•
Deny packets that contain reserved IP addresses (Martian Addresses
page)
•
Prevent TCP connections from a specific interface (SYN Filtering page) and
rate limit the packets (SYN Rate Protection page)
•
Configure the blocking of certain ICMP packets (ICMP Filtering page)
•
Discard fragmented IP packets from a specific interface (IP Fragments
Filtering page)
•
Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back
Orifice Trojan (Security Suite Settings page).
SCT
The Cisco switch is an advanced switch that handles the following types of traffic,
in addition to end-user traffic:
•
Management traffic
•
Protocol traffic
•
Snooping traffic
Unwanted traffic burdens the CPU, and might prevent normal switch operation.
The switch uses the Secure Core Technology (SCT) feature, which ensures that
the switch receives and processes management and protocol traffic, no matter
how much total traffic is received
SCT is enabled by default on the device and cannot be disabled.
There are no interactions with other features.
SCT can be monitored in the
Security Suite Settings
.
Denial of Service > Denial of Service Prevention >
page (Details button).
18
331
Advertisement
Table of Contents
