The recommendation is to restrict the interfaces which allow management access and to always use
the HTTPS protocol to ensure that management communication is encrypted.
The only advantage in using HTTP for management access is to avoid the issue with certificates.
NetDefendOS sends an unsigned certificate to the browser when using HTTPS and this means there
is an extra, small step involved to tell the browser to accept the certificate (the interaction to do this
is slightly different depending on the browser).
Enabling Ping Requests
Another option in the management settings is to determine which interfaces will receive and respond
to an ICMP ping request. Ping requests are a simple means to establish if a host is "alive" and
consist of a simple sequence of an "are you there" ping request to an IP address followed by a "yes I
am" response by the host.
It is often best to disallow responses to ping requests received from the public internet on the WAN
interface which is why ping responses on WAN are disabled by default. Potential intruders often use
pings to scan the internet for potential target IP addresses and it is therefore not recommended to
expose the DFL-160s public IP address to this probing.
For troubleshooting purposes, however, it may be desirable to temporarily enable ping responses on
the WAN interface.
B. Administrator Settings
By default, the administrator username admin with a password admin exists when a brand new
DFL-160 is started for the first time. It is recommended, at a minimum, to change the password
of this user as one of the first steps during initial setup.
If desired, the username admin can also be changed and this will also boost security for
administrator access.
A second user with username audit is also defined but must be explicitly enabled by ticking the
checkbox on the web interface page. The audit user has read-only access to the NetDefendOS. They
can see the entire NetDefendOS web interface but cannot make any configuration changes. The
default password for the audit user is audit and this also, as a minimum, should be changed as soon
as possible if the audit user is enabled. If desired, the audit username can also be changed from audit
to something else.
C. Management Ports
The default port numbers for HTTP and HTTPS management access can be changed. This must be
done if normal inbound traffic is enabled for the same protocol that is used for management
access.
3.1. Administration
Chapter 3. The System Menu
24
Summary of Contents for NetDefend SOHO DFL-160
Page 11: ...1 3 The LED Indicators Chapter 1 Product Overview 11...
Page 22: ...2 4 Console Port Connection Chapter 2 Initial Setup 22...
Page 39: ...3 7 Dynamic DNS Settings Chapter 3 The System Menu 39...
Page 76: ...4 10 Schedules Chapter 4 The Firewall Menu 76...
Page 78: ...5 1 Ping Chapter 5 The Tools Menu 78...
Page 93: ...6 11 DHCP Server Status Chapter 6 The Status Menu 93...
Page 102: ...7 6 Technical Support Chapter 7 The Maintenance Menu 102...