Prestige 652H/HW Series User’s Guide
Firewalls
12-11
work properly, this connection must be allowed to pass through even though a connection from the Internet
would normally be rejected.
In order to achieve this, the Prestige inspects the application-level FTP data. Specifically, it searches for
outgoing "PORT" commands, and when it sees these, it adds a cache entry for the anticipated data
connection. This can be done safely, since the PORT command contains address and port information, which
can be used to uniquely identify the connection.
Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web
configurator’s Custom Ports feature to do this.
12.6 Guidelines For Enhancing Security With Your Firewall
1. Change the default password via SMT or web configurator.
2. Think about access control
before
you connect a console port to the network in any way, including
attaching a modem to the port. Be aware that a break on the console port might give unauthorized
individuals total control of the firewall, even with access control configured.
3. Limit who can telnet into your router.
4. Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could
present a potential security risk. A determined hacker might be able to find creative ways to misuse the
enabled services to access the firewall or the network.
5. For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the services
at specific interfaces.
6. Protect against IP spoofing by making sure the firewall is active.
7. Keep the firewall in a secured (locked) room.
12.6.1 Security In General
You can never be too careful! Factors outside your firewall, filtering or NAT can cause security breaches.
Below are some generalizations about what you can do to minimize them.
1. Encourage your company or organization to develop a comprehensive security plan. Good network
administration takes into account what hackers can do and prepares against attacks. The best defense
against hackers and crackers is information. Educate all employees about the importance of security and
how to minimize risk. Produce lists like this one!
2. DSL or cable modem connections are “always-on” connections and are particularly vulnerable because
they provide more opportunities for hackers to crack your system. Turn your computer off when not in
use.
Summary of Contents for Prestige 652H series
Page 32: ......
Page 50: ......
Page 66: ......
Page 68: ......
Page 76: ......
Page 80: ......
Page 120: ...Prestige 652H HW Series User s Guide 8 12 WAN Setup Figure 8 6 Advanced WAN Backup ...
Page 128: ......
Page 146: ......
Page 148: ......
Page 162: ......
Page 178: ...Prestige 652H HW Series User s Guide 13 16 Firewall Screens Figure 13 8 Rule Edit Example ...
Page 196: ......
Page 198: ......
Page 204: ......
Page 214: ...Prestige 652H HW Series User s Guide 16 10 VPN Screens Figure 16 5 VPN IKE ...
Page 227: ...Prestige 652H HW Series User s Guide VPN Screens 16 23 Figure 16 8 Manual Setup ...
Page 238: ......
Page 258: ......
Page 277: ...Maintenance VIII Part VIII Maintenance This part covers the maintenance screens ...
Page 278: ......
Page 296: ......
Page 298: ......
Page 308: ......
Page 324: ......
Page 330: ......
Page 386: ......
Page 406: ......
Page 418: ......
Page 428: ......
Page 450: ......
Page 454: ......
Page 464: ......
Page 470: ......
Page 486: ......
Page 494: ......
Page 500: ......
Page 512: ......
Page 516: ......
Page 520: ......
Page 560: ......
Page 574: ......