- 1
- 2
- < previous
Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
As an example, we probed Server Message Block ports on each server, an action that correctly triggered signature messages of several attack types. Additionally, we had one server pound the DNS ports of another hosted server to trigger the identification of a User Datagram Protocol (UDP) flood attack.
It's also possible to set custom policies, and the one we found most interesting was an alert-and-deny policy for packet flooding that fits the profile of a denial-of-service (DoS) attack. SYN, Fragment, UDP, TCP and Internet Control Messaging Protocol flooding can be detected and automatically denied and/or otherwise spawn a high concern alert. Alas, distributed DoS attacks (we tried could not be filtered (we used more than 10,000 unique IP addresses in our attack)).
Each host can then be tuned for a detection-sensitivity level (corresponding to the number of packets flooded) before the filter turns on for each packet type. You can select a single host or a 24 IP address range of VM hosts to be protected in this way. We tried to turn sensitivity to its highest level for our distributed DoS attack but RCC failed to keep up with the floods, in this, our most dastardly of attacks. RCC simply started to halt traffic, slowing packets flowing through the RCC link between the virtual network card in the VMware host, and its targeted/attacked server, until the attack was over.
The rules set can also be modified by protocol type using RCC's ProtoEval tool. Like the flood evaluation, RCC looks at packets for conformity, allowing either alerts or automatic filters to be applied when it 'sees' malformed packets. Administrators can also define RCC topology constraints, meaning the ability for RCC to include/exclude traffic from specific addresses when evaluating traffic.
RCC can send SNMP traps to a larger reporting system and e-mail alerts to designated IT staff. Administrators can rate limit the number of e-mails per alert to prevent a million repetitive messages. Anti-Virus and SpyWare detection can also be enabled, but this wasn't tested.
What we love about RCC is that it's configurable (including new attack-signature updates), has a sophisticated but rapidly discernible user interface that's easy to understand, although it does tend to lean toward listing too many alerts rather than missing one. We saw only small amounts of latency under very high traffic loads to numerous servers. As a virtual appliance, it takes up only virtual room, but it's an important consideration for any virtual network.
- 1
- 2
- < previous
ARN Member Login
D-Link Australia & New Zealand
D-Link is the global leader in connectivity for small, medium and large enterprise business networking. The company is an award-winning designer, developer and manufacturer of networking, broadband, digital electronics, voice and video communication.
To Find out more about D-Link solutions visit www.dlink.com.au
D-Link Australia & New Zealand
Featured Products
- GREEN ETHERNET WEBSMART
DGS-1200 Series Managed Switch
D-Link has integrated its Eco-friendly Green Ethernet technology into the WebSmart switch family. WebSmart switches also known as the DGS-1200 series are ideal for the small organisations that wants high speed Gigabit connectivity and don't need many major management features. - DIGITAL HOME
DSM-330 HD Media Player
Leverage your PC power and enjoy fast, smooth, stutter-free video, music and photo playback in a rich, remote-controlled TV interface. The new generation D-Link DivX Connected™ HD media play is now available. - NETWORK ATTACHED STORAGE
DNS-343, 4-Bay NAS Box
The highly anticipated 4-bay NAS box has just arrived. Following the great success of its brother 2-bay NAS box the DNS-323. This unit is versatile and can be used in the home to share multi-media with the family or even in the office to store and share files.
New Products
-
BUSINESS GRADE FIBRE SWITCH
DGS-3100-24TG Managed L2 Gigabit Stackable SFP Switch
Providing 8 Gigabit Ethernet ports, 16 SFP ports and 2 HDMI ports for high speed switch stacking. This is the ideal device for WAN aggregation and use in commercial environments requiring fibre links. - POWER OVER ETHERNET SWITCH
DES-1008P, 8-Port PoE Switch
D-Links entry level PoE switch. Featuring 4 PoE Ports users can easily connect and supply power up to 15.4 Watts, a total PoE budget of 56 Watts. Ideal to be used with a variety of PoE clients such as D-Links IP Camera's or wireless access points. - SOHO VPN ROUTER
DIR-130, 8-Port Broadband VPN Router
DIR-130 is an easy-to-deploy routing 10/100 switching, VPN, and firewall designed specifically for the small office home office.
Download
- Product Selection Guide Issue 3, 08 (3.2MB PDF)
- D-Lifestyle Magazine Issue 11 (3.7MB PDF)
- D-Link Power Up Your Business Poster (1.7MB PDF)
Case Studies
- Commercial Grade Wireless - Four Points Sheraton Hotel Case Study (300K PDF)
- Business Class Switching - Microsoft Campus Case Study (800K PDF)
- High Bandwidth Networking Solution - Team Emirates New Zealand Case Study (751K PDF)
Whitepapers
D-Link TV
Watch videos about D-Link products and much morehttp://www.dlinktv.com
D-Link Training
Find out more about D-Link products trainings and certification programhttp://training.dlink.com.au
Dimension Data, La Trobe University and Windows Server 2008 partner to improve compliance
La Trobe University partnered with Dimension Data to deploy Windows Server 2008 and Network Access Protection technology to improve their existing network security solution.
Subscribe to ARN
