Here in this article we will configure Sophos XG firewall accordingly to prevent DOS attack to the internal network. Before going to configure DOS configuration in Sophos XG firewall, let us understand what is DOS and DDOS attacks then we will understand how to prevent that type of attack using Sophos XG firewall.
What Are DOS And DDOS Attacks?
Denial Of Service Attack:
DOS attack is an attempt to make a machine or network unavailable for intended users. Most common type of this attack, is to flood that victim or machine network with many requests, so that it will not be available for intended users.
DOS attack categorized to multiple attacks:
ICMP Flood: In this type of attack, attackers will send huge number of IP packets to the victim machine or network and make that machine down or they will make it non responsive to legitimate traffic.
SYN/TCP Flood: SYN flood is a type of attack, where attacker will send huge number of SYN packets with forged senders. Each request will act as connection request to server, so it will respond with SYN ACK packet. Server will never receive the ACK packet since sender address is forged. By this way attacker will consume all the bandwidth and make server in responsive to legitimate requests.
UDP Flood: In UDP flood attack, sender will send huge number of UDP packets to different ports of the victim machine and victim machine will respond with destination host unreachable message. Requests will consume complete bandwidth eventually it leads to unresponsive message to original clients.
The main difference between DOS and DDOS attack is DOS attack happens from one compromised machine but DDOS attack happens from hundreds of compromised machine. Attackers will multiply the requests from all compromised machines and make the victim machine down.
Protecting Your Network From DOS Attack:
You can protect internal network from DOS attack using sophos XG firewall by configuring DOS settings accordingly under intrusion prevention system >> DOS and spoof prevention tab. Sophos Firewall will prevent different types of DOS attacks like SYN flood, UDP flood, TCP flood and ICMP flood.
The Sophos XG Firewall will allow tcp traffic for a particular source or destination if packets are coming below the rate given, otherwise it will be dropped.
- The Sophos XG Firewall will allow this amount of packets initially without checking the packet rate.
- The DoS protection works per source/destination base, so packet rate and burst rate will apply to per source/destination.
- The Sophos XG Firewall will check for a bypass rule first and then apply DoS protection for the remaining traffic.
As shown in the above image, we can configure DOS settings under intrusion prevention system >> DOS and spoof protection.
Under packet rate per source, you can give some value based on your network traffic. This value defines hoe much traffic can be accepted from specific source in one minute.
Under Burst rate per source, you can define specific value, sophos firewall will allow this amount of traffic before checking for packet rate.
Click on enable flag beside all protection. Click on Apply to save all the settings in the sophos firewal.
Hope this article helps you.