LANCOM 3850 UMTS
Chapter 7: Security settings
71
EN
Have you activated the IP masquerading?
IP masquerading is the hiding place for all local computers for connection
to the Internet. Only the router module of the unit and its IP address are
visible on the Internet. The IP address can be fixed or assigned dynami-
cally by the provider. The computers in the LAN then use the router as a
gateway so that they themselves cannot be detected. The router separates
Internet and intranet, as if by a wall. The use of IP masquerading is set
individually for each route in the routing table. The routing table can be
found in the LANconfig in the 'IP router' configuration section on the
'Routing' tab.
Have you closed critical ports with filters?
The firewall filters of the LANCOM Router devices offer filter functions for
individual computers or entire networks. Source and target filters can be
set for individual ports or for ranges of ports. In addition, individual pro-
tocols or any combinations of protocols (TCP/UDP/ICMP) can be filtered.
It is particularly easy to set up the filters with LANconfig. The 'Rules' tab
under 'Firewall/QoS' can assist you to define and change the filter rules.
Have you excluded certain stations from access to the router?
Access to the internal functions of the devices can be restricted using a
special filter list. Internal functions in this case are configuration sessions
via LANconfig, WEBconfig, Telnet or TFTP. This table is empty by default
and so access to the router can therefore be obtained by TCP/IP using Tel-
net or TFTP from computers with any IP address. The filter is activated
when the first IP address with its associated network mask is entered and
from that point on only those IP addresses contained in this initial entry
will be permitted to use the internal functions. The circle of authorized
users can be expanded by inputting further entries. The filter entries can
describe both individual computers and whole networks. The access list
can be found in LANconfig in the 'TCP/IP' configuration section on the
'General' tab.
Is your saved LANCOM configuration stored in a safe place?
Protect the saved configurations against unauthorized access in a safe
place. A saved configuration could otherwise be loaded in another device
by an unauthorized person, enabling, for example, the use of your Inter-
net connections at your expense
.