LANCOM 1811n Wireless – LANCOM 1821n Wireless
Chapter 8: Security settings
83
EN
ter as a gateway and are not visible themselves. The router separates the
Internet from the intranet like a wall. The application of IP masquerading
is set in the routing table for every route individually. The routing table can
be found in the LANconfig in the configuration area 'IP router' on the
'Routing' tab.
Have you used filters to close critical ports?
The firewall filters in LANCOM devices offer filter functions for individual
computers or entire networks. It is possible to set up source and destina-
tion filters for individual ports or port ranges. Furthermore, filters can be
set for individual protocols or any combination of protocols (TCP/UDP/
ICMP). It is especially convenient to set up the filters with the aid of
LANconfig. Under 'Firewall/QoS', the 'Rules' tab contains the functions for
defining and editing filter rules.
Have you excluded certain stations from accessing the device?
A special filter list can be used to limit access to the device's internal func-
tions via TCP/IP. The phrase "internal functions" refers to configuration
sessions via LANconfig, WEBconfig, Telnet or TFTP. As standard this table
contains no entries, meaning that computers with any IP address can use
TCP/IP and Telnet or TFTP to commence accessing the device. The first time
an IP address is entered with its associated netmask, the filter is activated
and only the IP addresses contained in this entry are entitled to make use
of internal functions. Further entries can be used to extend the circle of
authorized parties. The filter entries can describe individual computers or
even entire networks. The access list can be found in the LANconfig in the
configuration area 'TCP/IP' on the 'General' tab.
Do you store your saved LANCOM configuration to a safe location?
Protect your saved configurations in a location that is safe from unautho-
rized access. Otherwise, byway of example, an unauthorized person may
load your stored configuration file into another device and they can access
the Internet at your expense.
Concerning the exchange of your particularly sensitive data via
wireless LAN; have you set up the functions offered by IEEE
802.1x?
If you move especially sensitive data via wireless LAN you can provide
even stronger security by using the IEEE 802.1x technology. To check or
activate the IEEE 802.1x settings in LANconfig select the configuration
area '802.1x'.