Security-default, Security-default -57 – Carrier Access Adit 3000 Series and Multi-Service Router (MSR) Card none User Manual

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

4-57

Global Configuration Mode

Global Configuration Commands

security-default

Use the security-default command to configure the security policy.

Syntax:

(config)# security-default {maximum|minimum|typical}

[block-ip-frag]

Example:

(config)# security-default maximum

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

Field

Definition

The following security levels are described in detail.

Requests Originating in the
WAN

Requests Originating in the LAN

maximum

Blocked: No access to network
from Internet, except as
configured in the Local Servers,
DMZ host and Remote Access
screens.

Limited: Only commonly-used
services, such as Web-browsing and
e-mail, are permitted. These
services include Telnet, FTP,
HTTP, HTTPS, DNS, IMAP,
POP3, Ping and SNMP

minimum

Blocked: No access to network
from Internet, except as
configured in the local Servers,
DMZ host and Remote Access
screens.

Unrestricted: All services are
permitted, except as configured in
the Access Control screen.

typical (default)

Unrestricted: Permits full
access from Internet to network;
all connection attempts
permitted.

Unrestricted: All services are
permitted, except as configured in
the Access Control screen.

block-ip-frag

Block IP Fragments
Checking this option will protect your network from a common type of
hacker attack that could make use of fragmented data packets to
sabotage your network. Note that VPN over IPSec and some UDP-
based services make legitimate use of IP fragments. You will need to
allow IP fragments to pass into the home network in order to make use
of these selected services.