Product introduction:

Kingdon 2000 + firewall hardware firewalls, uses SFP modules, support electric port, single-mode / multi-mode optical access port in various forms; supports multi-segment protection, cross-routing mode, cross-segment model, and cross-VLAN mode; single 2G module protection capacity could reach more than 1800m; Kingdon launches new scalable cluster model - Extensible Firewall Cluster Mode, a leading data diversion technique, enables a number of firewalls comnied to form the main protection, providing massive attack protective solutions; Kingdon scalable cluster mode has no restriction in its numbers, it has multi-point processing capability, to avoid single point of failure, failure of a single firewall will not cause network outages, distributed defense and diversion's combination ensuring the effectiveness of treatment while reducing latency.

Technological advantages

1. Patent pending protection algorithm. Product can detect and effectively deal with and blockingSYN Flood, UDP Flood, ICMP Flood, IGMP Flood, Fragment Flood, HTTP Proxy Flood, CC Proxy Flood, Connection Exhausted and other common attacks to protect the service host from losses caused by attacks. And built a dedicated plug-in, special protected mode for WEB and Game, providing more efficient means of defense;

2. General Packet filtering rules. Products to provide a common message-oriented rule matching function for address, port, flag, keyword matching, etc. ability to enhance the usability and protection efforts. At the same time, built-in a few pre-defined rules of intervention, involving LAN protection, vulnerability detection, such as a number of features, make it easy to use.

3 Professional connection tracing mechanism. Products internally implementes a complete TCP / IP protocol, with a strong connection tracing capabilities and connectivity classification, for effective detection and protection of connect-type attacks;

4. Complete means of port defense methods. Products aim at TCP / UDP ports, set up a complete defense mode, and have many optional settings set, ensure specialty while provides maximum convenience;

5. Concise management. Product has abandant management features, based on the WEB , support remote upgrade. It also provides a feature rich audit function, the log can be analyzed and the report issued about attacks

6. A wide range of deployment capabilities. Products for different customers and different network environment, can be customerized at deployment. In the mean time, the interface module based on the STP form, providing maximum flexibility.

Protection Principle:

Kingdon anti-denial of service 2000 + Product is based on embedded system design, implementing the defense system and denial of service attack algorithmat the core level, efficiently defends all kinds of DOS / DDOS attacks. For input traffic flow, layer separation, layer-by-layer filter were performed to ensure that normal traffic is submitted to the server.

1.peusdo source flow protection. Static and dynamic filter combination, probing the validity of the source address and to add dynamic filter array, which can effectively remove the source of counterfeit traffic;

2.Attack rules filtering. Use static keyword rules, which can effectively remove a variety of known exploits;

3.Protocol detection. Connection tracing module matches incoming traffic flow in accordance with the parameters of the port, carrying out classification testing and behavioral assessment, screening out the malicious traffic and stop them;

4.Active Defense. Protective plug in send the verification code to the client to complete further authentication.