Operating modes and functions 31

Encryption

Since cable modems transfer data via a cable shared by many participants, data should be encrypted to prevent access by the other participants.

All data between the modem of the provider and the modem of the end users is automatically transferred in an encrypted state. This is where the DES encryption (Data Encryption Standard) with a code length of 56 comes in. In addition, the code in use is repeatedly changed during the transfer of data. This guarantees the highest level of protection.

TCP/IP packet filters

You can use your entries in the routing table to determine quite precisely which data should be transferred. Additionally, you can use a special entry in the 'Router-name' field to reject whole groups of IP addresses.

Occasionally, you may wish to restrict a transmission even further. You can do this using a characteristic of TCP/IP, which is to send port numbers for destination and source as well as the source and destination IP addresses with a data packet. The destination port in a data packet stands for the service to be addressed in the TCP/IP network. The destination ports are fixed for the various services on the TCP/IP network. The source ports, on the other hand, may be selected freely within certain ranges.

The IP router can check the source and destination ports of data packets using the TCP or UDP protocols. It can then deduce the purpose of the data from these ports. For example, FTP accesses or Telnet sessions can be identified. The appropriate filter table can be used to determine that certain data is not to be transferred from the LAN to the remote station. Data for particular ports can also be blocked from entering the LAN in the same way.

In addition to the definition of the port range and the associated protocols, the filter table can be used to determine whether the data packet concerned will be accepted or rejected. Both interfaces of the cable modem (for the cable network and for the LAN) can be set separately for incoming and outgoing data transfer.

This filter table can be found in the configuration tool ELSA LANconfig in the 'TCP/IP' configuration section on the 'Filter' tab, or in the /Setup/IP router/firewall

menu.

The hiding place—IP masquerading (NAT, PAT)

One of today's most common tasks a for cable modem is connecting the numerous workstation computers in a LAN to the ultimate network, the Internet. Everyone should have the potential to access the WWW from his workstation and be able to fetch bang up-to-date information for his work.

ELSA MicroLink Cable

Page 39
Image 39
ELSA Cable manual Encryption, TCP/IP packet filters, Hiding place-IP masquerading NAT, PAT