Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
11121314151617181920
5
comprehensive and effective solution against common ARP attacks, such as user and gateway spoofing
attacks and flood attacks.
ND attack defense
The IPv6 ND protocol provides rich functions, but does not provide any security mechanisms. Attackers
can easily exploit the ND protocol to attack hosts and gateways by sending forged packets. To defend
against such attacks, the device provides multiple ND attack detection technologies, such as source MAC
consistency check for ND packets and ND Detection.
IP source guard
IP source guard uses binding entries to improve port security by blocking illegal packets. For example, it
can prevent illegal hosts from using a valid IP address to access the network. It is applied on an interface
connected to the user side.
IP source guard can filter packets according to the packet source IP address, source MAC address, and
VLAN ID. An IP source guard entry can be statically configured or dynamically added through DHCP or
ND.
URPF
URPF protects a network against source address spoofing attacks, such as DoS and DDoS attacks.
Attack detection and protection
Attack detection and protection is an important network security feature. It determines whether received
packets are attack packets according to the packet contents and behaviors and, if detecting an attack,
take measures to deal with the attack, such as outputting alarm logs, dropping packets, and blacklisting
the source IP address. The attack protection function can detect network attacks such as single-packet
attacks, scanning attacks, and flood attacks.
TCP attack protection
Attackers can attack the device during the process of TCP connection establishment. To prevent such
attacks, the device provides the following features:
SYN Cookie
Protection against Naptha attacks
Web filtering
Web filtering can help devices prevent internal users from accessing unauthorized websites and block
Java applets and ActiveX objects from webpages to improve internal network security.
Other security technologies
The device also provides other network security technologies to implement a multifunctional and full
range of security protection for users.
User profile
A user profile provides a configuration template to save predefined configurations, such as a CAR policy
or a QoS policy. Different user profiles are applicable to different application scenarios.
The user profile supports working with PPPoE, 802.1X and portal authentications. It is capable of
restricting authenticated users' behaviors. After the authentication server verifies a user, it sends the
device the name of the user profile that is associated with the user.