Lancom Systems 8011 VPN, 7111 VPN manual Have you closed critical ports with filters?

Page 66

EN

LANCOM 7111 VPN – LANCOM 8011 VPN

Chapter 8: Security settings

individually for each route in the routing table. The routing table can be found in the LANconfig in the 'IP router' configuration section on the 'Routing' tab.

Have you excluded certain stations from access to the router?

Access to the internal functions of the devices can be restricted using a special filter list. Internal functions in this case are configuration sessions via LANconfig, WEBconfig, Telnet or TFTP. This table is empty by default and so access to the router can therefore be obtained by TCP/IP using Tel- net or TFTP from computers with any IP address. The filter is activated when the first IP address with its associated network mask is entered and from that point on only those IP addresses contained in this initial entry will be permitted to use the internal functions. The circle of authorized users can be expanded by inputting further entries. The filter entries can describe both individual computers and whole networks. The access list can be found in LANconfig in the 'TCP/IP' configuration section on the 'General' tab.

Have you closed critical ports with filters?

The firewall filters of the LANCOM router devices offer filter functions for individual computers or entire networks. Source and target filters can be set for individual ports or for ranges of ports. In addition, individual pro- tocols or any combinations of protocols (TCP/UDP/ICMP) can be filtered. It is particularly easy to set up the filters with LANconfig. The 'Rules' tab under 'Firewall/QoS' can assist you to define and change the filter rules.

Is your saved LANCOM router configuration stored in a safe place?

Protect the saved configurations against unauthorized access in a safe place. A saved configuration could otherwise be loaded in another device by an unauthorized person, enabling, for example, the use of your Inter- net connections at your expense.

66

Image 66

Contents Lancom 7111 VPN Lancom 8011 VPN Lancom Systems GmbH, Wuerselen Germany. All rights reserved Security settings PrefaceModel variants This documentation was compiled … Info@lancom.deContents Providing dial-up access Linking two networksSending faxes with Lancapi Troubleshooting AppendixIntroduction Which use does VPN offer?Conventional network infrastructure IsdnNetworking via the Internet Firewall Denial-of-Service Protection Quality-of-Service / Traffic managementWhat does a router do? Areas of deployment for routers Internet access for a LAN e.g. via DSL or IsdnBridgehead to the WAN LAN to LAN coupling via VPN or IsdnRemote access to the company network via VPN or Isdn What can your Lancom router do?Conventional via Isdn Lancom Quality of Service Installation Package contentsSystem preconditions Status displays Access to the LAN via the TCP/IP protocolIntroducing Lancom router Front sideLED remains lit green Online LED indicates the overall status of all WAN portsFlashing Power LED but no connection? LancomConnection status of the WAN connection Data traffic via the WAN connectionConnection status of Isdn S0 connection Connection status of the serial configuration port 7111 VPN, for both Isdn B channels with Lancom 8011 VPNLCD display Hardware installation Back of the unitInstallation Software installation Starting Lancom setupWhich software should you install? Basic configuration 1 TCP/IP settingsWhich information is necessary? Information required for manual TCP/IP configuration New LAN-fully automatic configuration possibleConfigure manually nevertheless? IP address and netmask for the Lancom routerSettings for the Isdn connection Configuration protectionSettings for the DSL connection Enable Dhcp server?LANconfig Instructions for LANconfigStart up LANconfig by clicking Start Programs Lancom Connect charge protectionComplete the configuration with Finish Instructions for WEBconfig Network without Dhcp serverStarting the wizards in WEBconfig Network with Dhcp serverOr with a name as discribed above WEBconfig main menu will be displayed Entering the password in the web browser TCP/IP settings to workstation PCs IP address assignment via the Lancom router defaultIP address assignment via a separate Dhcp server Manual IP address assignmentUser name and password Setting up Internet accessDoes the setup wizard know your Internet provider? Additional information for unknown Internet providersIsdn dial-in number User name and password Additional connection optionsDynamic channel bundling Isdn only LANconfig Quick access to the setup wizards Complete the configuration with ApplyAlways configure both sides Linking two networksSecurity aspects What information is necessary? General informationName of the remote station is needed for its identification Settings for the TCP/IP router Settings for the IPX router DNS access to the remote LANExtranet VPN Settings for NetBIOS routing Perform the configuration on both routers, one at a time Ping quick testing for TCP/IP connections Providing dial-up access Which information is required?Isdn calling line identity CLI Coupling EntrySettings for TCP/IP Settings for IPXWAN Settings for the dial-in computer Dial-up via VPNDial-up via Isdn Instructions for LANconfig Providing dial- up access Sending faxes with Lancapi Installation of the Lancom Capi fax modem Installation of the MS Windows fax service Select the option Printers and Faxes from the control panelSend a fax with the MS Windows fax service Sending a faxSend a fax with any given office application Sending faxes with Lancapi Security settings Security settings wizardWizard for LANconfig Wizard for WEBconfig Firewall wizardSecurity checklist Configuration under WEBconfigRules Have you activated the Firewall? Have you assigned a password for the configuration?Have you permitted remote configuration? Do you make use of a ’Deny All’ Firewall strategy?Have you closed critical ports with filters? No WAN connection is established TroubleshootingProblems with the cabling? DSL data transfer is slowIncreasing the TCP/IP window size under Windows Cable testingUnwanted connections under Windows XP LAN statisticsTroubleshooting Performance data and specifications AppendixRights for up to 16 administrators ISDN-S0interface Contact assignmentDSL interface Pin RJ45 socketEthernet interfaces 10/100Base-T Configuration interface OutbandCE declaration of conformity Pin mini-DIN socketNumerics Connector cable Channel Data compression Dial-innumber InstallationIPX conventions IPX router Settings Connector cable LAN to LAN coupling 14, 15, 30NetBIOS NetBIOS NetBIOS proxy Netmask Network segmentPackage contents Packet size adaption Password Security aspects Server Setup Specify MSNSettings 28 , 32 Temperature Time WEBconfigCheck connection