LANCOM Reference Manual LCOS 3.50 Chapter 6: Security
62
Security
When a call is placed over an ISDN line, the caller's number is normally
sent over the D channel before a connection is even made (CLI – Calling
Line Identifier). Access to your own network is granted if the call number
appears in the number list, or the caller is called back if the callback
option is activated (this callback via the D channel is not supported by the
Windows Dial-Up Network). If the LANCOM is set to provide security
using the telephone number, any calls from remote stations with
unknown numbers are denied access.
Have you activated the Firewall?
The Stateful Inspection Firewall of the LANCOM ensures that your local
network cannot be attacked from the outside . The Firewall can be ena-
bled in LANconfig under ’Firewall/QoS’ on the register card ’General’.
Do you make use of a ’Deny All’ Firewall strategy?
For maximum security and control you prevent at first any data transfer
through the Firewall. Only those connections, which are explicitly desired
have to allowed by the a dedicated Firewall rule then. Thus ’Trojans’ and
certain Email viruses loose their communication way back. The Firewall
rules are summarized in LANconfig under ’Firewall/Qos’ on the register
card ’Rules’. A guidance can be found under ’Set-up of an explicit "Deny
All" strategy’ →page138.
Have you activated the IP masquerading?
IP masquerading is the hiding place for all local computers for connection
to the Internet. Only the router module of the unit and its IP address are
visible on the Internet. The IP address can be fixed or assigned dynami-
cally by the provider. The computers in the LAN then use the router as a
gateway so that they themselves cannot be detected. The router separates
Internet and intranet, as if by a wall. The use of IP masquerading is set
individually for each route in the routing table. The routing table can be
found in the LANconfig in the 'IP router' configuration section on the
'Routing' tab.
Have you excluded certain stations from access to the router?
Access to the internal functions of the devices can be restricted using a
special filter list. Internal functions in this case are configuration sessions
via LANconfig, WEBconfig, Telnet or TFTP. This table is empty by default
and so ac cess to th e router can there fore be o btained by TCP/IP using Tel-
net or TFTP from computers with any IP address. The filter is activated
when the first IP address with its associated network mask is entered and
from that point on only those IP addresses contained in this initial entry