Lancom Systems 7111 VPN, 8011 VPN manual Have you assigned a password for the configuration?

Page 65

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 8: Security settings

Have you assigned a password for the configuration?

The simplest option for the protection of the configuration is the estab- lishment of a password. As long as a password hasn't been set, anyone can change the configuration of the device. The field for entering the password is contained in LANconfig in the 'Management' configuration area on the 'Security' tab. It is particularly required to assign a password to the configuration if you want to allow remote configuration.

Have you permitted remote configuration?

If you do not require remote configuration, then deactivate it. If you require remote configuration, then be sure to assign a password protec- tion for the configuration (see previous section). The field for deactivating the remote configuration is also contained in LANconfig in the 'Manage- ment' configuration area on the 'Security' tab. Select here under 'Access rights - of remote networks' for all types of configuration the option 'not allowed'.

Have you provided the SNMP configuration with a password?

Also protect the SNMP configuration with a password. The field for pro- tection of the SNMP configuration with a password is also contained in LANconfig in the 'Management' configuration area on the 'Security' tab.

Have you activated the Firewall?

The Stateful Inspection Firewall of the LANCOM ensures that your local network cannot be attacked from the outside . The Firewall can be ena- bled in LANconfig under ’Firewall/QoS’ on the register card ’General’.

Do you make use of a ’Deny All’ Firewall strategy?

For maximum security and control you prevent at first any data transfer through the Firewall. Only those connections, which are explicitly desired have to allowed by the a dedicated Firewall rule then. Thus ’Trojans’ and certain Email viruses loose their communication way back. The Firewall rules are summarized in LANconfig under ’Firewall/Qos’ on the register card ’Rules’.

Have you activated the IP masquerading?

IP masquerading is the hiding place for all local computers for connection to the Internet. Only the router module of the unit and its IP address are visible on the Internet. The IP address can be fixed or assigned dynami- cally by the provider. The computers in the LAN then use the router as a gateway so that they themselves cannot be detected. The router separates Internet and intranet, as if by a wall. The use of IP masquerading is set

EN

65

Image 65

Contents Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Preface Security settingsModel variants Info@lancom.de This documentation was compiled …Contents Sending faxes with Lancapi Providing dial-up accessLinking two networks Appendix TroubleshootingWhich use does VPN offer? IntroductionIsdn Conventional network infrastructureNetworking via the Internet Firewall What does a router do? Denial-of-Service ProtectionQuality-of-Service / Traffic management Bridgehead to the WAN Internet access for a LAN e.g. via DSL or IsdnAreas of deployment for routers LAN to LAN coupling via VPN or IsdnConventional via Isdn Remote access to the company network via VPN or IsdnWhat can your Lancom router do? Lancom Quality of Service System preconditions InstallationPackage contents Introducing Lancom router Access to the LAN via the TCP/IP protocolStatus displays Front sideOnline LED indicates the overall status of all WAN ports LED remains lit greenLancom Flashing Power LED but no connection?Connection status of Isdn S0 connection Connection status of the WAN connectionData traffic via the WAN connection LCD display Connection status of the serial configuration port7111 VPN, for both Isdn B channels with Lancom 8011 VPN Back of the unit Hardware installationInstallation Starting Lancom setup Software installationWhich software should you install? Which information is necessary? Basic configuration1 TCP/IP settings Configure manually nevertheless? New LAN-fully automatic configuration possibleInformation required for manual TCP/IP configuration IP address and netmask for the Lancom routerSettings for the DSL connection Configuration protectionSettings for the Isdn connection Enable Dhcp server?Start up LANconfig by clicking Start Programs Lancom Instructions for LANconfigLANconfig Connect charge protectionComplete the configuration with Finish Network without Dhcp server Instructions for WEBconfigOr with a name as discribed above Starting the wizards in WEBconfigNetwork with Dhcp server WEBconfig main menu will be displayed Entering the password in the web browser IP address assignment via the Lancom router default TCP/IP settings to workstation PCsManual IP address assignment IP address assignment via a separate Dhcp serverDoes the setup wizard know your Internet provider? Setting up Internet accessUser name and password Additional information for unknown Internet providersDynamic channel bundling Isdn only Isdn dial-in number User name and passwordAdditional connection options Complete the configuration with Apply LANconfig Quick access to the setup wizardsSecurity aspects Always configure both sidesLinking two networks General information What information is necessary?Name of the remote station is needed for its identification Settings for the TCP/IP router Extranet VPN Settings for the IPX routerDNS access to the remote LAN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Which information is required? Providing dial-up accessCoupling Entry Isdn calling line identity CLISettings for IPX Settings for TCP/IPWAN Dial-up via Isdn Settings for the dial-in computerDial-up via VPN Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Select the option Printers and Faxes from the control panel Installation of the MS Windows fax serviceSend a fax with any given office application Send a fax with the MS Windows fax serviceSending a fax Sending faxes with Lancapi Wizard for LANconfig Security settingsSecurity settings wizard Firewall wizard Wizard for WEBconfigRules Security checklistConfiguration under WEBconfig Have you permitted remote configuration? Have you assigned a password for the configuration?Have you activated the Firewall? Do you make use of a ’Deny All’ Firewall strategy?Have you closed critical ports with filters? Problems with the cabling? TroubleshootingNo WAN connection is established DSL data transfer is slowUnwanted connections under Windows XP Cable testingIncreasing the TCP/IP window size under Windows LAN statisticsTroubleshooting Appendix Performance data and specificationsRights for up to 16 administrators DSL interface Contact assignmentISDN-S0interface Pin RJ45 socketCE declaration of conformity Configuration interface OutbandEthernet interfaces 10/100Base-T Pin mini-DIN socketNumerics IPX conventions IPX router Settings InstallationConnector cable Channel Data compression Dial-innumber Connector cable LAN to LAN coupling 14, 15, 30Package contents Packet size adaption Password NetBIOS NetBIOS proxy Netmask Network segmentNetBIOS Security aspects Server Setup Specify MSNCheck connection Settings 28 , 32Temperature Time WEBconfig