Chapter 10 Firewalls
AMG1302-T10A User’s Guide
150
For example, you may create rules to:
• Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
• Allow certain types of traffic, such as Lotus Notes database synchronization, from specific hosts
on the Internet to specific hosts on the LAN.
• Allow everyone except your competitors to access a web server.
• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.
These custom rules work by comparing the source IP address, destination IP address and IP
protocol type of network traffic to rules set by the administrator. Your customized rules take
precedence and override the Device’s default rules.
10.4.2 Guidelines For Enhancing Security With Your Firewall
1
Change the default password via web configurator.
2
Think about access control before you connect to the network in any way.
3
Limit who can access your router.
4
Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could
present a potential security risk. A determined hacker might be able to find creative ways to misuse
the enabled services to access the firewall or the network.
5
For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the
services at specific interfaces.
6
Protect against IP spoofing by making sure the firewall is active.
7
Keep the firewall in a secured (locked) room.
10.4.3 Security Considerations
Note: Incorrectly configuring the firewall may block valid access or introduce security
risks to the Device and your protected network. Use caution when creating or
deleting firewall rules and test your rules after you configure them.
Consider these security ramifications before creating a rule:
1
Does this rule stop LAN users from accessing critical resources on the Internet? For example, if IRC
is blocked, are there users that require this service?
2
Is it possible to modify the rule to be more specific? For example, if IRC is blocked for all users, will
a rule that blocks just certain users be more effective?
3
Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN,
Internet users may be able to connect to computers with running FTP servers.
4
Does this rule conflict with any existing rules?
Summary of Contents for AMG1302-T10A
Page 4: ...Contents Overview AMG1302 T10A User s Guide 4 ...
Page 12: ...Table of Contents AMG1302 T10A User s Guide 12 ...
Page 13: ...13 PART I User s Guide ...
Page 14: ...14 ...
Page 20: ...Chapter 1 Introduction AMG1302 T10A User s Guide 20 ...
Page 52: ...Chapter 4 Tutorials AMG1302 T10A User s Guide 52 ...
Page 53: ...53 PART II Technical Reference ...
Page 54: ...54 ...
Page 126: ...Chapter 8 Wireless LAN AMG1302 T10A User s Guide 126 ...
Page 140: ...Chapter 9 Network Address Translation NAT AMG1302 T10A User s Guide 140 ...
Page 158: ...Chapter 11 Filters AMG1302 T10A User s Guide 158 ...
Page 162: ...Chapter 12 Static Route AMG1302 T10A User s Guide 162 ...
Page 166: ...Chapter 13 Port Binding AMG1302 T10A User s Guide 166 ...
Page 176: ...Chapter 15 Quality of Service QoS AMG1302 T10A User s Guide 176 ...
Page 198: ...Chapter 18 Universal Plug and Play UPnP AMG1302 T10A User s Guide 198 ...
Page 202: ...Chapter 19 CWMP AMG1302 T10A User s Guide 202 ...
Page 206: ...Chapter 20 System Settings AMG1302 T10A User s Guide 206 ...
Page 216: ...Chapter 21 Logs AMG1302 T10A User s Guide 216 ...
Page 266: ...Appendix C Pop up Windows JavaScripts and Java Permissions AMG1302 T10A User s Guide 266 ...
Page 280: ...Appendix D Wireless LANs AMG1302 T10A User s Guide 280 ...
Page 290: ...Appendix E IPv6 AMG1302 T10A User s Guide 290 ...
Page 322: ...Appendix G Legal InformationSafety Warnings AMG1302 T10A User s Guide 322 ...