Introduction
With the rapid growth and variety of technology in today’s market, most business
activities rely heavily on network communication. In this highly competitive
environment, businesses have to not only weather and withstand business challenges,
but also threats to their internal infrastructure from hacker attacks and the spread of
viruses.
To respond to the threats from hackers and viruses, traditional network security
technologies rely on a single appliance, which identifies abnormal packets or denies
connections which violate certain access rules, all according to the network
administrator’s pre-defined configurations. However, traditional security devices
cannot effectively block massive network connections from the infected victim
computers.
D-Link Network Security Solution
This white paper will begin by briefly outlining the functionality of the traditional network
security technology. D-Link’s ‘New Proactive Network Security Architecture’,
ZoneDefense, will be subsequently discussed, to give an insight into how this new
network security for enterprises can enhance and improve upon the foundations
provided by traditional network security technologies. Finally, a concise test case has
been included to illustrate how ZoneDefense enables enterprises to pro-actively
defend against hackers or virus attacks.
Traditional Network Security Technologies
Traditionally, network security technologies mainly focus on the following
control mechanisms: application layer controls, ACLs (Access Control Lists)
and packet filters. Nearly all network security appliances, including switches,
routers and firewalls, are equipped with the above functionality. Enterprises
benefit from these protection mechanisms, preventing internal users or external
visitors from being able to access confidential or private documents, as well as
securing the internal network against intruders. These technologies however do
not provide pre-emptive measures.
In a traditional network security environment, when businesses suffer from
2
D-Link Corporation
D-Link Network Security Solution
virus or hacker attacks activated from internal victim computers, network
administrators must firstly monitor and analyse traffic between network
elements, to identify the source of the threat. They also need to configure ACL
rules on network security appliances, such as switches, routers or firewalls, in
order to prevent hacker invasions or viruses from spreading. In the event that
there are many victim computers on the network, network administrators have
to logon to different network security devices and set-up a number of rules to
guard their network against the outbreak.
There is evidently, as seen above, a lack of interaction between the network
security appliances, thus these devices cannot communicate with each other in
a timely fashion to effectively prevent hostile attacks, such as Denial of Service.
This succinctly pinpoints the inadequacies of traditional network security
technologies.
Businesses however, can be furnished with the tools to defend their internal
network with D-Link’s ZoneDefense, which will be introduced in the next
section.
ZoneDefense
ZoneDefense, D-Link’s proactive network security, enables D-Link’s next
generation of firewalls to integrate with D-Link’s managed switches, to construct
a network security architecture that effectively blocks any malicious host when
detected. Therefore, if a host computer displays any abnormal network
behaviour, the computer can be timely disconnected from the network without
disrupting general network services. Consequently, this countermeasure can
further avoid the spread of viruses to the same subnet or other subnets, as well
as preventing a start of hacker attacks that will paralyze critical servers within
enterprises.
ZoneDefense is triggered when abnormal network traffic conditions meet
pre-configured thresholds on the firewall. When this happens, the firewall
immediately and automatically contacts the D-Link switches and issues
commands to them, that result in blocking any traffic to and from the suspicious
3
D-Link Corporation