Remote management, Internet | Eicon Networks DIVA LAN ISDN instruction

Chapter Six: Security	Remote management 81

Remote management

By default, the DIVA LAN ISDN Modem does not allow remote devices to access its configuration interfaces via the ISDN link. This prevents unauthorized tampering when the DIVA LAN ISDN Modem has dialed out and is connected to the Internet or a remote corporate network.

To accomplish this security, all incoming HTTP and Telnet traffic on the ISDN line is automatically dropped. This effectively blocks remote computers from using the web-based interface, as well as the CLI (via Telnet).

This does not affect traffic on the local LAN created by the DIVA LAN ISDN Modem. Therefore, if the local LAN is connected to other networks, these computers will have access to the DIVA LAN ISDN Modem. Consider the following topology:

150.150.5.2 150.150.5.3 150.150.5.4

150.150.5.1

Router	192.168.1.4	192.168.1.3	192.168.1.2	Internet
	192.168.1.4	192.168.1.3	192.168.1.2
192.168.1.5				Remote A

Incoming HTTP andTelnet traffic is allowed.	ISP

192.168.1.1										Incoming HTTP andTelnet traffic is dropped.
										Incoming HTTP andTelnet traffic is dropped.
DIVA LAN ISDN Modem											ISDN
		ISDN				Ethernet			FAULT POWER
B1 B2 D LINK					E1 E2 E3 E4/C				FAULT POWER

Network

DIVA LAN ISDN Modem

•In this example, all computers on the two LANs have access to the DIVA LAN ISDN Modem configuration interfaces.

•Remote computer A, however, is blocked.

Note Remote security is implemented using IP filtering (see page 128). Removing these filters will affect remote security.

Image 81

Eicon Networks DIVA LAN ISDN manual Remote management, Internet

Contents

Diva LAN Isdn Modem User’s Guide First Edition August 206-312-01 Table of Contents Chapter Three Chapter FourChapter Five Chapter Six Chapter SevenChapter Eight Chapter Ten Chapter Nine Appendix a Appendix BAppendix C Appendix D Introduction Introducing the Diva LAN Isdn Modem Connecting to the InternetCreating your own LAN for resource sharing Diva LAN Isdn Modem Connecting to a corporate network Creating a VPNAttaching telephones and fax machines Connecting more computers Total network securityCompression for faster throughput Unsupported configurations Advanced diagnosticsBandwidth on-demand Advanced Isdn tariff management Summary of features Contacting customer services AdministrationWorld wide web Getting Started Installation overview Prepare for installation Verify your package contentsVerify the configuration of your computers To use the advanced configuration options To configure the Diva LAN Isdn ModemTo run the Modem Monitor software Choose a connection protocol Isdn access interfacesImportant Isdn concepts Isdn channel usage PPP Choosing a connection protocolMultilink PPP Multilink PPP + Bacp Summary Multilink PPP + AO/DI120 Order an Isdn Line Information to record when ordering your line Gather Internet account information Gather X.25 informationGather V.120 information Scripting To install the Diva LAN Isdn Modem Install the Diva LAN Isdn Modem Chapter Two Getting Started Install the Diva LAN Isdn Modem To install Modem Monitor Install Modem Monitor Windows 95/98/NT4Page Page Connecting a non-Windows computer to the Diva LAN Isdn Modem Page To configure the Internet connection Configuring the Internet connectionPage Fill in the fields as indicated below Page Page How long will the line stay connected? Using your Diva LAN Isdn ModemRegistering your Diva LAN Isdn Modem What’s next? Using Modem Monitor Start menu program group Starting Modem Monitor Start menu options Buttons Properties dialog box Utilities dialog box Options dialog box Status Viewer Profile tableUtilities Web-based Configuration Interface To start the web-based configuration interface Starting the web-based configuration interface Getting help Saving configuration settings General settings General settings and connection profilesConnection profile settings Connection profile types To edit the ISP profile Editing the ISP profilePage To edit the LAN profile Editing LAN settings To save/restore configuration settings Saving and restoring configuration files Viewing status information System statusFront panel display Obtaining statistics Upgrading the Diva LAN Isdn Modem firmware To upgrade the firmware To reset the Diva LAN Isdn Modem to factory defaults Resetting to factory defaults Minimizing Isdn Charges To define Cost Control settings Idle timerTo set the idle timer Cost Control Isdn billing intervals Data call thresholds To configure Bacp Configuring Bacp Chapter Five Minimizing Isdn Charges Configuring Bacp Configuring AO/DI To configure AO/DI On the D-channel To configure X.25 settings Chapter Five Minimizing Isdn Charges Configuring AO/DI To set Isdn active intervals Setting Isdn active intervals To enable spoofing of NetBIOS services Spoofing NetBIOS services Data compression Manual dialing To enable manual dialing To restrict analog calls Restricting analog calls Data over voice To enable data over voice Traffic filtering Security Configuration interfaces Security features System password To set the system passwordTo erase the system password Automatic log out Security benefits Network address translationNAT static mappings How it works Configuring a NAT static mapping for a web server Default NAT serverConfiguring a NAT mapping for an FTP server Running a web or FTP server To create a static NAT mapping Internet Remote management To enable remote management Incoming calls and IP addressing Incoming data calls Enable Answer incoming data calls To enable support for incoming data calls Click Authentication Call screening To set up call screening To set up call authentication Call authentication Callback Callback modesCallback options Delay before host calls back Timeout waiting for callbackTo set up callback Enable Manual dialing only Custom security features Setting up the Phone Ports Setting phone numbers manually Connecting modems and fax machines Connecting multiple analog devicesTo enable support for fax/modem Call bumping To enable call bumpingHow it works Requirements Restricting analog calls Supplementary services To enable supplementary servicesCall Forwarding Call Waiting Service Failure ToneVoiceMail Caller ID Call Transfer Feature Key values Connecting to a Corporate Network Resources Overview Gather information To configure the Corporate profile Configure the Corporate profilePage Page Page NetBIOS name resolution Using the corporate connectionTimeouts Support for Microsoft Network Neighborhood What’s next? Advanced Installations Connection retries To define retry settings To define a backup profile and set the profile restore delay Installing on an existing LAN Using Modem MonitorManual installation Uncheck the Dhcp server enabled option If your LAN uses static addressing Adjusting configuration settings on the LANIf your LAN has a Dhcp server If your LAN has a router Third-party Ethernet Hub Connecting more than four computers To create a VPN Creating a virtual private network Connecting to the VPN Page Concurrent Internet and Intranet connections Installation and configuration procedureSelecting a connections protocol Defining routes IP routes Using masksAbout IP addresses Static vs. dynamic addresses External addresses 192.168.1.1 ISP Internet Why routes are neededSingle connection 212.182.22.39 Multiple connections Internet 212.182.22.39 Routing on the local LAN Defining routes for the Diva LAN Isdn Modem Routing Information Protocol RIP Chapter Nine Advanced Installations IP routes How filtering works IP filters Default filters What is a datagram?To define a filter Chapter Nine Advanced Installations IP filters Direction ActionSource/Destination Location Dropping incoming traffic from a specific network IP filtering examples Allowing incoming traffic only from a specific network 1st filter2nd filter Blocking web surfing Chapter Nine Advanced Installations Making a V.120 connection To configure the V.120 protocolPage To install the Eicon SecurID Client software To uninstall the Eicon SecurID Client softwareSecurID support To enable SecurID support Other Configuration Tools Configuration options Local configurationRemote configuration Remote access Local accessWeb interface Prerequisites Using the command line interface CLI Using Web interfaceTftp interface Enabling Tftp server support Loading new firmware via Tftp Uploading/downloading configuration files Dtmf interface Commands Command line interface CLI Establishing a Telnet connection via IPEstablishing a serial connection To establish a serial connection Using the command line interface Default profiles About configuration contextCommand line reference Connection profiles To load the new firmware TCP/IP Configuration Installing and configuring TCP/IP for Windows 95/98 Installing TCP/IPConfiguring TCP/IP Select Use Dhcp for Wins Resolution Page Installing TCP/IP for Windows NT Installing TCP/IPConfiguring TCP/IP Configuring TCP/IP on an iMac Technical Information Diva LAN Isdn Modem indicator lights B1, B2Link Fault PowerE1, E2, E3, E4 Port Description Diva LAN Isdn Modem connectors Resetting operational settings Resetting the Diva LAN Isdn ModemResetting to factory defaults To reset Termination Installing the resistorDetermining termination requirements Single Isdn device Command Line Reference Section uses the following conventions Notational Conventions For information on See Commands Enable Aodi Areacode Disable Aodi AreacodeSET Aodi Txbuffer bytes SET Callback Timeout seconds SET Callback Mode type option number1 number2SET Callback Delay seconds Show Callback Configuration Disable Isdn Screening Enable Isdn ScreeningADD Isdn Screening channel number Delete Isdn Screening channel index Enable Isdn Threshold Disable Isdn Threshold Call thresholdsSET Isdn Threshold intervalDays maxHours maxCalls Show Dhcp Status SET Dhcp Type Server None Stop Dhcp Trace Show Dhcp Configuration Enable Dhcp Staticmap ip Disable Dhcp Staticmap ip Delete Dhcp Staticmap ipShow Dhcp Staticmap Show DNS Configuration Enable DNS Relay Disable DNS RelaySET DNS Domain domain SET DNS Address Primary Secondary dnsaddr Show Ethernet Statistics EthernetShow Ethernet Address Show Ethernet Trace memsize framesize General Validate Enable Display Disable DisplayShow Date Show Time Show System Status Show LED StatusShow Version Show Calls Status Active Last Enable Filter Disable Filter SET Action Drop ForwardSET Direction in OUT ANY Show IP Filter SET Type ALL UDP TCP SYN Anyicmp SET IP NAT UDP TCP Default port address Enable IP NAT Disable IP NATShow IP NAT ADD IP NAT UDP TCP port ipaddress ADD IP Route Ipaddr maskLenmetric gwAddr IP routingDelete IP Route Ipaddr SET IP Route Ipaddr maskLen gwAddr Show Icmp Statistics IP variousShow IP Address Show IP Statistics SET IP Services ALL Intelligent Minimal None Show IP ConfigurationEnable IP Spoofing Disable IP Spoofing Enable IP Multicast Disable IP Multicast Enable Isdn Answer Disable Isdn Answer Enable Isdn Teisharing Disable Isdn Teisharing SET Isdn Switch NI1 5ESS Auto 5ESSPP SET Isdn Switch Jate Euro BT TPH China SingaporeDetect Isdn Spid Show Isdn Configuration Disable Isdn DELAY56KSET Isdn Calltype Auto 56K DOV Show Isdn Statistics Isdn Access Time Show Isdn AccesstimeEnable Isdn Accesstime Disable Isdn Accesstime Stop Lapd Trace Show Lapd Trace memsize framesize Logging and Mail Trace Disable LOG Output Screen RemoteSET LOG Filter Trace Debug Info Security Warning Stop Mail Trace SET Mlppp Linkdown threshold delay channel SET Mlppp Linkup threshold delay channelSET Mlppp Mode Disable Normal Bacp Aodi Show Mlppp Configuration Enable Phone Callbumping Disable Phone Callbumping Enable Phone Altring channel Disable Phone Altring channelEnable Phone Callerid Disable Phone Callerid Phone Enable Phone Voicemail channel Silent SET Phone Msgindicator refreshDisable Phone Voicemail channel SET Phone Capability channel Speech Data Show Phone Configuration SET Phone Country countryShow Phone Country Enable PPP Compression Disable PPP Compression Enable PPP Authent Disable PPP AuthentEnable PPP Secureid Disable PPP Secureid SET PPP Authent Encrypted ANY Show PPP Configuration Enable PPP Echorequest Disable PPP Echorequest Show PPP Status Show PPP StatisticsShow PPP Trace portmask memsize framesize Stop PPP Trace port Profiles 931 Show Q931 Trace memsize framesizeStop Q931 Trace Disable RIP Merge Enable RIP V1 V2 V2COMPATIBLE MergeShow RIP Configuration Show RIP Statistics Show RIP Reject Delete RIP Reject ipaddr SET Snmp Description name SET Snmp Name nameSET Snmp Contact name SET Snmp Location name Show TCP Statistics Show TCP Trace memsize framesizeStop TCP Trace Tftp Enable Tftp Server Disable Tftp Server Show Timeprotocol Configuration Enable Timeprotocol Disable TimeprotocolTime Protocol SET Timeprotocol Server timeServer Show UDP Statistics Show UDP Trace memsize framesizeStop UDP Trace Enable Disable SET V120 Mode Multiframe Unacknowledged120 Show V120 Configuration SET V120 Idletime IdleDelayShow V120 Trace memsize framesize Stop V120 Trace Scripting ADD Script Line index command argumentDelete Script Line index Show Script index SET X25 CUD callUserData SET X25 Address localX25addrSET X25 Facilities hexstring SET X25 LCN lcnNumber Show X25 Configuration Show X25 StatusStop X25 Trace Regulatory Information Regulatory Information for the U.S.A 212FCC Part 68 Notice 213 Regulatory Information for Canada