Gateway—how to configure the ws 2000 firewall, Always on firewall filters – Symbol Technologies WS 2000 User Manual

Gateway—How to Configure the WS 2000 Firewall

Gateway—How to Configure the WS 2000 Firewall

The WS 2000 Wireless Switch provides a secure firewall / Network Address Translation
(NAT) solution for the WAN uplink. The firewall includes a proprietary CyberDefense
Engine to protect internal networks from known Internet attacks. It also provides additional
protection by performing source routing, IP unaligned timestamp, and sequence number
prediction. The firewall uses a collection of filters to screen information packets for known
types of system attacks. Some of the switch’s filters are always enabled, and others are
configurable.

To view or change the firewall settings, select Network Configuration --> WAN -->
Firewall from the left menu.

Always On Firewall Filters

The filters that are permanently enabled prevent unauthorized and potentially damaging
access checks for IP spoofing, land attack, ping of death, and reassembly attack.

• IP spoofing is the creation of TCP/IP packets that illegitimately use (or “spoof” ) the

source IP address of a trusted host when sent.

• A land attack is the creation of a packet that uses the same IP address for both the

source-host port and destination-host port when sent.

• The “ping of death” is a type of denial of service attack in which a packet is sent that

exceeds the packet size (in bytes) allowed by the IP protocol.

• A reassembly attack uses a reassembly algorithm for sending packets that result in

overlapping fragments (overwritten data).

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

52

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004