Detection of illegal Access to Network

Ø          In order to protect your network from illegal access, you have to provide detailed settings in IP-guard, ToolsàIntrusion Detection. The default is no any settings (see Figure 1)

 

Figure 1

 

Ø          In the Intrusion Detection windows, select OperationàSetting from the toolbar (Figure 2)

Figure 2

 

Ø          From the Setting windows, click the option Enable Intrusion Detection, and then add a IP address range

 

Ø          The following is a example to describe how to block a illegal computer to access specified server

 

Scenario 1:

 

n          Company A has IT departments (192.168.2.x). In order to protect the IT department¡¦s servers e.g. Firewall, the system administrator enables the IP-guard intrusion detection function ¡V input its subnets IP address ranges (see Figure 3)

Figure 3

 

n          As the IT department does not some computers to access their server, the system administrator enables the intrusion block to block their access (see Figure 4)

Figure 4

 

n          After 2-3 minutes, you can see the computers within the above IP address ranges are scanned and show in the Intrusion Detection main windows (see Figure 5). The computer marked with red flag means the computer is responsible for protecting the computers/subnets against the illegal access of other computers/networks, the type of computer marked with red flag should be set to Normal

 

Figure 5

 

n          There are 3 types of access that we can set with corresponding computer: Protected, Authorized and Illegal, the abilities of communications among with the 3 types are as followings:

u        Computers set with Protected can communicate with Authorized computers.

u        Computers set with Authorized can communicate with illegal computers

u        Computers set with illegal cannot communicate with Protected computers

 

n          We recommend to set the gateway 192.168.2.1 to Authorized type because now we just want to block the specific computer cannot access protected computer but still allow the computer can access Internet through the gateway 192.168.2.1 (see Figure 6)

Figure 6

 

n          Now we want to protect our server named INet-Services that not allowed to be accessed by the general staff to access, we set this computer to Protected type, and set the general staff¡¦s computer e.g. DANUEL-PC to Illegal type (see Figure 7)

Figure 7

 

n          Before applied the above settings, the computer 192.168.2.30 can ping 192.168.2.50 computers and the shared folder can be accessed (see Figure 6a and 6b)

Figure 6a 192.168.2.30 can ping to 192.168.2.50

 

Figure 6b the shared folder in 192.168.2.30 can be accessed by 192.168.2.50

 

Ø          After the intrusion detection settings are applied, you can see that the protected computers cannot be ping and the shared resources are also protected. (see Figure 7a & 7b)

 

Figure 7a 192.168.2.30 cannot ping 192.168.2.50

 

Figure 7b the 192.168.2.50¡¦s shared folder cannot be accessed by 192.168.2.30