R2511-HP MSR Router Series Security Configuration Guide(V5)
5
TCP attack protection
Attackers can attack the device during the process of TCP connection establishment. To prevent such
attacks, the device provides the following features:
• SYN Cookie
• Protection against Naptha attacks
Other security technologies
The device also provides other network security technologies to implement a multifunctional and full
range of security protection for users.
User profile
A user profile provides a configuration template to save predefined configurations, such as a CAR policy
or a QoS policy. Different user profiles are applicable to different application scenarios.
The user profile supports working with PPPoE, 802.1X and portal authentications. It is capable of
restricting authenticated users' behaviors. After the authentication server verifies a user, it sends the
device the name of the user profile that is associated with the user.
Password control
Password control is a set of functions for enhancing the local password security. It controls user login
passwords, super passwords, and user login status based on predefined policies. Those policies include
minimum password length, minimum password update interval, password aging, and early notice on
pending password expiration.
RSH
RSH allows users to execute OS commands on a remote host that runs the RSH daemon. The RSH
daemon supports authentication of the privileged port on a trusted host. The device works as an RSH
client, and you can use the rsh command on the device to execute an OS command on a remote host.