Chapter Security, Suggested Security Measures | Netopia 4753

Security 13-1

Chapter 13

Security

The Netopia 4753 provides a number of security features to help protect its conﬁguration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them.

This section covers the following topics:

■“Suggested Security Measures” on page 13-1

■“User Accounts” on page 13-1

■“Telnet Access” on page 13-3

■“About Filters and Filter Sets” on page 13-4

■“Working with IP Filters and Filter Sets” on page 13-11

■“Firewall Tutorial” on page 13-19

■“RADIUS Client Support” on page 13-30

Suggested Security Measures

In addition to setting up user accounts, Telnet access, and ﬁlters (all of which are covered later in this chapter), there are other actions you can take to make the Netopia 4753 and your network more secure:

■Change the SNMP community strings (or passwords). The default community strings are universal and could easily be known to a potential intruder.

■Set the answer proﬁle so it must match incoming calls to a connection proﬁle.

■Leave the Enable Dial-in Console Access option set to No.

■When using AURP, accept connections only from conﬁgured partners.

■Conﬁgure the Netopia 4753 through the serial console port to ensure that your communications cannot be intercepted.

User Accounts

When you ﬁrst set up and conﬁgure the Netopia 4753, no passwords are required to access the conﬁguration screens. Anyone could tamper with the router’s conﬁguration by simply connecting it to a console.

However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users.

Image 171

Netopia 4753 manual Chapter Security, Suggested Security Measures, User Accounts

Contents

Netopia Shdsl Integrated Access Device Part Number Contents Part II Advanced Configuration Contents Vi Administration Guide Contents Snmp Part III Appendixes Administration Guide Part I Getting Started Administration Guide Features and Capabilities Chapter IntroductionOverview How to Use This Guide Definition of Terms Chapter Setting Up Internet Services Endorsements Deciding on an ISP Account Finding an Internet Service ProviderUnique requirements Pricing and support SmartIP Setting up a Netopia 4753 account Obtaining an IP addressObtaining Information from the ISP Local LAN IP address information to obtain Without Network Address Translation Find a Location Chapter Making the Physical Connections What You Need Telecommunication Installation Cautions Important Safety instructions 10/100 Ethernet port Identify the Connectors and Attach the Cables Netopia 4753 Status Lights Administration Guide Chapter Sharing the Connection Dynamic conﬁguration recommended Conﬁguring TCP/IP on Windows-based Computers Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh Computers TCP/IP or MacTCP Sharing the Connection Administration Guide Chapter Connecting to Your Local Network Readying Computers on Your Local Network Telephone Extension ports Connecting to an IP and Telephone Network Administration Guide Chapter Console-Based Management Connecting through a Telnet Session Conﬁguring Telnet softwareSnmp Simple Network Management Protocol. See Snmp on Connecting a Console Cable to Your Device Mac ANSI, VT-100, or VT-200 PC ANSI-BBS Navigating through the Console Screens Administration Guide Chapter Easy Setup Easy Setup Console ScreensAccessing the Easy Setup console screens Screen similar to the following Main Menu appears See Appendix A, Troubleshooting, for more suggestions LLC Snap Quick Easy Setup Connection Path Administration Guide DSL Line Conﬁguration Voice Easy Setup Easy Setup Proﬁle IP Easy Setup Easy Setup Security Conﬁguration Previous Screen To Main Menu Introduction Chapter Voice Configuration Voice Conﬁguration screen appears Configuring the Voice Features Voice Configuration Voice Gateway Administration Guide Part II Advanced Configuration Administration Guide Chapter WAN and System Configuration Configuration SetupWAN Conﬁguration Multiple ATM PVC overview Multiple ATM Permanent Virtual Circuit Support Multiple ATM PVC configuration Setup DSL Line ConfigurationSelect Display/Change Circuit and press Return Changing a circuit Administration Guide Choosing Add Circuit displays the Add Circuit screen Adding a circuit Select VC Trafﬁc Statistics Monitoring multiple virtual circuits ATM VC Statistics screen appears Commit Creating a New Connection Proﬁle Datalink PPP/MP Options Data Compression 0.0 Default Profile Default Proﬁle screen appears WAN Default Proﬁle For details on setting up IP Parameters see IP Setup on IP Parameters Default Proﬁle screen ATMP/PPTP Default Proﬁle System Conﬁguration ScreensNavigating through the System Conﬁguration screens System Conﬁguration Features Date and time Network Time Protocol Network protocols setupFilter sets IP address serving MM/DD/YY Console conﬁguration Logging Upgrade feature setSnmp Simple Network Management Protocol Security PPP PAP Installing the Syslog client Administration Guide Chapter IP Setup IP Setup IP Setup IP subnets For example Static routes Viewing static routes Static Routes screen will appear Adding a static route Rules of static route installation Modifying a static routeDeleting a static route Main Menu System Configuration IP Address Serving IP Setup Dhcp NetBios Options Serve Bootp Clients IP Address Pools Administration Guide Dhcp NetBIOS Options NetBios Type More Address Serving Options Select Release BootP Leases and press Return Conﬁguring the IP Address Server options Scroll UP 192.168.1.112 192.168.1.113 Scroll Down Lease Management 192.168.1.101 Dhcp Dhcp Relay Agent IP Address Serving IP Address Serving Mode Connection Proﬁles Easy-PAT List WAN Configuration Administration Guide Chapter Multiple Network Address Translation Features Static mapping Following is a general description of these featuresPort Address Translation Server lists WAN Network Complex maps Supported trafﬁc Easy Setup Proﬁle conﬁguration MultiNAT ConﬁgurationServer Lists and Dynamic NAT conﬁguration Select Network Address Translation NAT and press Return NAT rules Network Address Translation screen appears Add NAT Public Range screen appears ADD NAT MAP Select Public Range Type is Pat Public Range Start Address is Show/Change NAT Map List screen appears Modifying map lists Change NAT MAP Moving maps Dynamic 206.1.1.252 192.168.1.252 Adding Server Lists ADD NAT Server Port Show/Change NAT Server List screen appears Modifying server lists Change NAT Server Deleting a server IP proﬁle parameters Binding Map Lists and Server Lists +--NAT Map List Name Toggle Address Translation Enabled to Yes IP Parameters WAN Default Proﬁle IP Parameters Default Profile NAT NAT Associations NAT Associations +NAT Map List Name-+ MultiNAT Conﬁguration Example Enter your ISP-supplied values as shown below Change NAT Public Range ADD NAT MAP Multiple Network Address Translation Administration Guide Chapter Virtual Private Networks VPNs Transit Internetwork Summary About Pptp Tunnels Pptp conﬁguration Configuration Add Connection Profile Chap Administration Guide Conﬁguration About IPsec Tunnels DES Encryption Key Authentication Type Commit Cancel Advanced IP Proﬁle Options Interoperation with other features Encryption SupportMS-CHAP V2 and 128-bit strong encryption ATMP/PPTP Default Answer Proﬁle QuickView VPN QuickView Windows Dial-Up Networking for VPN Windows NT Windows Windows ME Atmp conﬁguration About Atmp Tunnels Atmp Tunnel Options Atmp Partner IP Address Allowing VPNs through a Firewall Pptp example on Atmp example on Pptp example Change Input Filter EnabledYes ForwardYes Source IP Address Change Output Filter EnabledYes ForwardYes Source IP Address Atmp example Source Port ID Dest. Port Compare Change Output Filter EnabledYes ForwardYes Source IP Address Chapter Security Suggested Security MeasuresUser Accounts Protecting the conﬁguration screens Protecting the Security Options screen Telnet Access About Filters and Filter Sets What’s a ﬁlter and what’s a ﬁlter set?How ﬁlter sets work Forward Filter priority Port numbers How individual ﬁlters workﬁltering rule Parts of a ﬁlter Port number comparisons Internet service TCP port161 Aurp AppleTalk 387 Who 513 Transmission Control Protocol Other ﬁlter attributesPutting the parts together Internet Control Message Protocol Filtering example #1 Design guidelines Filtering example #2Disadvantages of ﬁlters Working with IP Filters and Filter Sets An approach to using ﬁlters Naming a new ﬁlter set Adding a ﬁlter set Input and output ﬁlters-source and destination Netopia R-Series RouterAdding ﬁlters to a ﬁlter set ADD this Filter NOW Cancel Deleting ﬁlters Viewing ﬁlter setsViewing ﬁlters Modifying ﬁlters Modifying ﬁlter sets Deleting a ﬁlter setSample IP ﬁlter set TCP Icmp UDP Possible modiﬁcations Firewall Tutorial General ﬁrewall terms Basic IP packet components Basic protocol typesExample TCP/UDP Ports Firewall Logic UDP Port ServiceFirewall design rules Aurp Logical and function Implied rulesEstablished connections Filter basics Example IP ﬁlter set screenThis is an example of the Netopia IP ﬁlter set screen Example ﬁlters Example networkExample Example Example LAN IP Filtersets Advanced Security Options Security Databases Security Radius Client Support Radius client configuration 1812 Continue Cancel Radius Server is available to authenticate you Administration Guide Quick View Status Overview Chapter Monitoring Tools ISP General status Status lights Current status Event Histories Statistics & Logs WAN Event History Device Event History Voice Logs Voice Accounting Log IP Routing Table Served IP Addresses General Statistics Network Interface Physical Interface Snmp System Information Community strings Snmp Setup screen Snmp traps Deleting IP trap receivers Setting the IP trap receiversViewing IP trap receivers Modifying IP trap receivers Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace Route Telnet Client Disconnect Telnet Console Session Factory Defaults Updating ﬁrmware Transferring Conﬁguration and Firmware Files with Tftp Downloading conﬁguration ﬁles Uploading conﬁguration ﬁles Transferring Conﬁguration and Firmware Files with Xmodem Downloading conﬁguration ﬁles Restarting the System Part III Appendixes Administration Guide Conﬁguration Problems Appendix a Troubleshooting Network problems Console connection problems Power Outages How to Reset the Netopia 4753 to Factory Defaults Before contacting Netopia How to reach usNetopia Bulletin Board Service 1 Technical Support Online product information Product information can be found in the followingFAX-Back Administration Guide What is IP? Appendix B Understanding IP AddressingAbout IP Addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Example Working with a Class C subnet Distributing IP AddressesBackground Technical note on subnet masking 255.255.255.224255.255.255.192 Dhcp address serving Netopia 4753 Dhcp server characteristics Serve dynamic WAN clients Using address servingManually distributing IP addresses MacIP serving Understanding IP Addressing B-9 Tips and rules for distributing IP addresses Dhcp example Internet Nested IP Subnets WAN Packet header types Broadcasts Administration Guide Appendix C Binary Conversion Table Decimal Binary Appendix D Further Reading Administration Guide No August Further Reading D-3 Administration Guide Environment Appendix E Technical Specifications and Safety InformationPower requirements Description FCC Part 15 Class B Agency ApprovalsRegulatory notices North America Declaration for Canadian users Technical Speciﬁcations and Safety Information E-3 Telecommunication Installation Cautions Netopia 4753 Speciﬁcations Physical interface Data features Quality of service ProtocolsManagement Pots support Voice featuresVoice feature support Hardware speciﬁcations Administration Guide Glossary Administration Guide Glossary Remapping See network number remapping Glossary Administration Guide Numerics Index Account types 2-2 information to obtain Index-2 Index-3 Event history 14-5 statistics Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies Administration Guide