162
C
HAPTER
11: A
DMINISTRATION AND
A
DVANCED
O
PERATIONS
While some of these services such as TELNET or FTP are inherently risky,
blocking access to these services completely may be too drastic a policy
for many sites. Not all systems, though, generally require access to all
services. For example, restricting TELNET or FTP access from the Internet
to only those systems that require the access can improve security at no
cost to user convenience.
Services such as NNTP (Network News Transfer Protocol) may seem to
pose little threat, but restricting these services to only those systems that
need them helps to create a cleaner network environment and reduces
the likelihood of exploitation from yet-to-be-discovered vulnerabilities
and threats.
Resetting the
Firewall
You cannot retrieve a lost administrator password from the Firewall. If you
want to reset your Firewall to factory default settings, and can access the
Web interface of the Firewall successfully, 3Com recommends that you
use the “Restore Factory Defaults” command, described on page 187.
However, if it is no longer possible to access the Web interface (for
example, due to a lost password), then you must completely reset your
Firewall.
CAUTION:
The reset procedure described below not only deletes all the
settings from your Firewall, but also erases the current copy of the
firmware from the unit. For this reason, 3Com recommends that you save
your firewall settings on a regular basis, and that you also have a copy of
the latest firmware available locally. A copy is available on the companion
CD to get you up and running again.
Telnet
23
Restrict to certain systems
FTP-File Transfer
Protocol
20,21
Restrict to certain systems
SMTP-Simple Mail
Transfer Protocol
25
Restrict to central e-mail server
Table 6
Protocol Definitions and Characteristics
Protocol Name
Port
Number
Risk
DUA1611-0AAA02.book Page 162 Thursday, August 2, 2001 4:01 PM
Содержание 3C16111 - SuperStack 3 Firewall Web Site Filter
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM ...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM ...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM ...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM ...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM ...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...