Link: Stateful Inspection

All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or blocked. Stateful inspection improves security by tracking data packets over a period of time, examining incoming and outgoing packets. Out- going packets that request specific types of incoming packets are tracked; only those incoming packets constituting a proper response are allowed through the firewall.

Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled. You can configure UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled on the interface. Stateful Inspection param- eters are active on a WAN interface only if enabled on your Gateway. Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not.

Stateful Inspection Firewall installation procedure

NOTE:

Installing Stateful Inspection Firewall is mandatory to comply with Required Services Security Policy - Residential Category module - Version 4.0 (specified by ICSA Labs)

For more information please go to the following URL: http://www.icsalabs.com/html/communities/firewalls/certification/ criteria/Residential.pdf.

1.Access the router through the web interface from the private LAN.

DHCP server is enabled on the LAN by default.

2.The Gateway’s Stateful Inspection feature must be enabled in order to prevent TCP, UDP and ICMP packets destined for the router or the private hosts.

This can be done by navigating to Expert Mode -> Security -> Stateful Inspection.

140

Page 140
Image 140
Netopia 2200 manual Link Stateful Inspection, Stateful Inspection Firewall installation procedure, 140