Security 14-11

This four-step process is how we produced the following filter from the original rule:

+-#---

Source IP Addr---

Dest IP Addr-----

Proto-Src.Port-D.Port--

On?-Fwd-+

+----------------------------------------------------------------------

 

 

 

+

1

192.211.211.17

0.0.0.0

TCP 0

23

Yes No

 

 

 

 

+----------------------------------------------------------------------

 

 

 

+

Filtering example #2

Suppose a filter is configured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless of the type of connection or its destination. The filter would look like this:

+-#---

Source IP Addr---

Dest IP Addr-----

Proto-Src.Port-D.Port--On?-Fwd-+

+----------------------------------------------------------------------

 

 

+

1

200.233.14.0

0.0.0.0

0

Yes No

 

 

 

+----------------------------------------------------------------------

 

 

+

This filter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signifies any host on the class C IP network 200.233.14.0. If, for example, the filter is applied to a packet with the source IP address 200.233.14.5, it will block it.

In this case, the mask, which does not appear in the table, must be set to 255.255.255.0. This way, all packets with a source address of 200.233.14.x will be matched correctly, no matter what the final address byte is.

Note: The protocol attribute for this filter is 0 by default. This tells the filter to ignore the IP protocol or type of IP packet.

Design guidelines

Careful thought should go into designing a new filter set. You should consider the following guidelines:

Be sure the filter set’s overall purpose is clear from the beginning. A vague purpose can lead to a faulty set, and that can actually make your network less secure.

Be sure each individual filter’s purpose is clear.

Determine how filter priority will affect the set’s actions. Test the set (on paper) by determining how the filters would respond to a number of different hypothetical packets.

Consider the combined effect of the filters. If every filter in a set fails to match on a particular packet, the packet is:

passed if all the filters are configured to discard (not forward).

discarded if all the filters are configured to pass (forward).

discarded if the set contains a combination of pass and discard filters.

Page 173
Image 173
Netopia R2121 manual Design guidelines, Filtering example #2

R2121 specifications

The Netopia R2121 is a powerful and versatile router designed for both home and office environments, providing seamless connectivity and robust performance for various networking needs. This device offers a range of features and technologies that cater to the demands of modern users seeking reliable internet access, speed, and security.

One of the standout characteristics of the Netopia R2121 is its dual-band technology, which operates on both the 2.4 GHz and 5 GHz frequency bands. This capability allows users to enjoy faster speeds and less interference, as the 5 GHz band is typically less congested than the traditional 2.4 GHz band. With the ability to support multiple devices simultaneously, the R2121 ensures that users can stream videos, play online games, and conduct video conferences without experiencing lag or connectivity issues.

The router is equipped with advanced security features, including WPA3 encryption, which provides enhanced protection against unauthorized access and data breaches. The R2121 also supports a robust firewall system that guards against external threats, ensuring that the user's network remains secure. Additionally, the router includes parental controls, allowing users to manage and restrict internet access for specific devices or set time limits for usage, making it an excellent choice for families.

Another significant advantage of the Netopia R2121 is its extensive coverage area. With high-gain antennas and advanced beamforming technology, the router can deliver strong and stable Wi-Fi signals even in larger homes or office spaces. This technology focuses the Wi-Fi signal directly toward connected devices, minimizing dead zones and improving overall connectivity.

The R2121 also supports both IPv4 and IPv6, ensuring compatibility with current and future internet technologies. This forward-thinking design makes it a future-proof solution for users looking to invest in a reliable router.

In terms of setup and management, the Netopia R2121 features a user-friendly web interface that allows users to easily customize settings, monitor network performance, and manage connected devices. The inclusion of mobile app support further enhances the user experience, enabling remote monitoring and control of the network from anywhere.

Overall, the Netopia R2121 stands out as a robust and reliable router that combines advanced features, enhanced security, and excellent performance, making it an ideal choice for home and business users alike. With its focus on delivering seamless connectivity and comprehensive management options, the R2121 is well-suited for today's connected lifestyles.