Manuals / Netopia / Computer Equipment / Network Router

Netopia R7200 manual Chapter Security, Suggested security measures, User accounts

Models: R7200

1 258

Download 258 pages 55.33 Kb

Page 151

Security 14-1

Chapter 14

Security

The Netopia R7200 provides a number of security features to help protect its conﬁguration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them.

This section covers the following topics:

■“Suggested security measures” on page 14-1

■“User accounts” on page 14-1

■“Dial-in console access” on page 14-3

■“Enable SmartStart/SmartView/Web server” on page 14-4

■“Telnet access” on page 14-4

■“About ﬁlters and ﬁlter sets” on page 14-4

■“Working with IP ﬁlters and ﬁlter sets” on page 14-12

■“IPX ﬁlters” on page 14-21.

■“Firewall tutorial” on page 14-29

Suggested security measures

In addition to setting up user accounts, Telnet access, and ﬁlters (all of which are covered later in this chapter), there are other actions you can take to make the Netopia R7200 and your network more secure:

■Change the SNMP community strings (or passwords). The default community strings are universal and could easily be known to a potential intruder.

■Set the answer proﬁle so it must match incoming calls to a connection proﬁle.

■Leave the Enable Dial-in Console Access option set to No.

■When using AURP, accept connections only from conﬁgured partners.

■Conﬁgure the Netopia R7200 through the serial console port to ensure that your communications cannot be intercepted.

User accounts

When you ﬁrst set up and conﬁgure the Netopia R7200, no passwords are required to access the conﬁguration screens. Anyone could tamper with the router’s conﬁguration by simply connecting it to a console.

However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users.

Image 151

Netopia R7200 manual Chapter Security, Suggested security measures, User accounts

Contents

Netopia R7200 Sdsl Router Part Number Contents Part II Advanced Configuration Contents Aurp Snmp Xmodem Part III Appendixes User’s Reference Guide Part I Getting Started User’s Reference Guide Chapter Introduction Features and capabilitiesOverview How to use this guide Finding an Internet service provider Chapter Setting Up Internet Services Endorsements Deciding on an ISP account Setting up a Netopia R7200 account Obtaining an IP addressUnique requirements Pricing and support Without Network Address Translation Obtaining information from the ISPLocal LAN IP address information to obtain With Network Address Translation User’s Reference Guide Find a location Chapter Making the Physical Connections What you need Identify the connectors and attach the cables Your router on Netopia R7200 Sdsl Router back panel ports Netopia R7200 LED front panel Netopia R7200 Sdsl Router status lights Readying computers on your local network Chapter Connecting to Your Local Area Network User’s Reference Guide Connecting to an Ethernet network 10Base-T Adding an external modem Connecting to a LocalTalk network Chapter Setting up your Router with the SmartStart Wizard Before running SmartStart SmartStart Wizard conﬁguration screens Setting up your Router with the SmartStart Wizard Easy option Advanced setup Advanced option Conﬁguration screen on Conﬁguration tab Dynamic conﬁguration recommended Static conﬁguration optional Add. Repeat this process for the secondary DNS TCP/IP Conﬁguring TCP/IP on Macintosh computers TCP/IP or MacTCP Dynamic conﬁguration using MacIP optional Setting up your Router with the SmartStart Wizard User’s Reference Guide Chapter Console-Based Management Connecting through a Telnet session Conﬁguring Telnet software Connecting a console cable to your router PC ANSI-BBS Navigating through the console screens Easy Setup console screens Chapter Easy SetupAccessing the Easy Setup console screens See Appendix A, Troubleshooting, for more suggestions Quick Easy Setup connection path Main Menu appears Sdsl Line Conﬁguration Previous Screen Next Screen Easy Setup Proﬁle IP Easy Setup Easy Setup Security Conﬁguration Previous Screen To Main Menu Part II Advanced Configuration User’s Reference Guide WAN conﬁguration Chapter WAN and System Configuration ATM VPI ATM VCI Creating a new Connection Proﬁle IPX Profile Parameters Remote IPX Network Datalink PPP/MP Options Data Compression Default proﬁle Main Menu Default Proﬁle screen appears IP parameters default proﬁle screen System conﬁguration screens IPX parameters default proﬁle screen Navigating through the system conﬁguration screens System conﬁguration features Date and time Network protocols setupFilter sets ﬁrewalls IP address serving Console conﬁguration Logging Upgrade feature setSnmp Simple Network Management Protocol Security Installing the Syslog client User’s Reference Guide Chapter Line Backup Backup Conﬁguration screen appears Atdt Backup Conﬁguration screen IP Setup screen Connection Proﬁles Using Scheduled Connections with Backup Scheduled Connections screen appears Management/Statistics Force Recovery Event Logs QuickViewSnmp Support User’s Reference Guide Network Address Translation features Chapter IP Setup and Network Address Translation HOW NAT Works Previous Screen Using Network Address Translation V2 multicast Numbered Sdsl WAN1 Associating port numbers with nodes Advanced IP/IPX router conﬁguration options Data Link Options IP Setup and Network Address Translation Network Address Translation guidelines IP setup User’s Reference Guide Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets User’s Reference Guide Static routes Viewing static routes Static Routes screen will appear Adding a static route Modifying a static route Rules of static route installationDeleting a static route Main Menu System Configuration IP Address Serving 176.163.222.10 Dhcp NetBios Options Serve Bootp Clients IP Address Pools IP Setup and Network Address Translation Dhcp NetBIOS Options NetBios Type MacIP KIP forwarding setup You have ﬁnished your IP setup User’s Reference Guide Internetwork Packet Exchange IPX Chapter IPX SetupIPX features IPX deﬁnitions Routing Information Protocol RIP Service Advertising Protocol SAPIPX address Socket IPX setup screen NetBIOSIPX spooﬁng Default Gateway Address IPX routing tables User’s Reference Guide AppleTalk networks Chapter AppleTalk SetupAppleTalk protocol AT Routing Table Routers and seeding MacIP Installing AppleTalk Upgrade Feature Set Conﬁguring AppleTalk EtherTalk setup LocalTalk setup Viewing Aurp partners Aurp setupAurp Free Trade Zone Modifying an Aurp partner Adding an Aurp partner Receiving Aurp connections Deleting an Aurp partnerConﬁguring Aurp Options Aurp Options Tickle Interval Hhmmss User’s Reference Guide Quick View status overview Chapter Monitoring Tools General status Status lights Current status General Statistics Statistics & Logs Physical Interface Event historiesNetwork Interface WAN Event History Device Event History Routing tables IP routing table IPX Sap Bindery table IPX routing tableAppleTalk routing table Served IP Addresses IP Address Lease Management screen appears Snmp System Information Community strings Snmp Setup screen Snmp traps Deleting IP trap receivers Setting the IP trap receiversViewing IP trap receivers Modifying IP trap receivers Web-based management pages Event History pages WAN Event History Device Event History User’s Reference Guide Suggested security measures Chapter SecurityUser accounts Protecting the conﬁguration screens Protecting the Security Options screen Dial-in console access What’s a ﬁlter and what’s a ﬁlter set? Enable SmartStart/SmartView/Web serverTelnet access About ﬁlters and ﬁlter sets Filter priority How ﬁlter sets work How individual ﬁlters work Parts of a ﬁlter ﬁltering rulePort numbers Other ﬁlter attributes Port number comparisons UDP Putting the parts together Filtering example #2 Filtering example #1 Disadvantages of ﬁlters Design guidelines Working with IP ﬁlters and ﬁlter sets An approach to using ﬁlters Naming a new ﬁlter set Adding a ﬁlter set Adding ﬁlters to a ﬁlter set Input and output ﬁlters-source and destination ADD this Filter NOW Cancel Deleting ﬁlters Viewing ﬁlter setsViewing ﬁlters Modifying ﬁlters Deleting a ﬁlter set Modifying ﬁlter setsSample IP ﬁlter set TCP Icmp UDP Possible modiﬁcations User’s Reference Guide IPX ﬁlters Viewing and modifying packet ﬁlters IPX packet ﬁltersAdding a packet ﬁlter Adding a packet ﬁlter set IPX packet ﬁlter setsDeleting a packet ﬁlter Viewing and modifying packet ﬁlter sets No Match Deleting a packet ﬁlter set IPX SAP ﬁltersViewing and modifying SAP ﬁlters Deleting a SAP ﬁlter Adding a SAP ﬁlter Viewing and modifying SAP ﬁlter sets IPX SAP ﬁlter setsAdding a SAP ﬁlter set Deleting a SAP ﬁlter set Basic IP packet components Firewall tutorial General ﬁrewall termsBasic protocol types Example TCP/UDP Ports Firewall design rulesFirewall Logic Logical and function Binary representation Established connections Implied rulesExample IP ﬁlter set screen Example network Filter basics Example Example ﬁlters Example Example Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace Route Telnet client Disconnect Telnet console session Factory defaults Updating ﬁrmware Transferring conﬁguration and ﬁrmware ﬁles with Tftp Downloading conﬁguration ﬁles Transferring conﬁguration and ﬁrmware ﬁles with Xmodem Uploading conﬁguration ﬁles Idle Do you want to send a saved configuration to your Netopia? Restarting the system Part III Appendixes User’s Reference Guide Conﬁguration problems Appendix a Troubleshooting Network problems Console connection problems Power outages How to reset the router to factory defaults Environment proﬁle How to reach usTechnical support Before contacting Netopia FAX-Back Online product information User’s Reference Guide Appendix B Understanding IP Addressing What is IP?About IP addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internet ISP Network Network conﬁguration Distributing IP addresses Example Working with a Class C subnetBackground Technical note on subnet masking Conﬁguration Netopia R7200 Dhcp server characteristicsDhcp address serving Serve dynamic WAN clients Using address servingManually distributing IP addresses MacIP serving Understanding IP Addressing B-9 Tips and rules for distributing IP addresses Dhcp example Internet Nested IP subnets 0.0 C.1 WAN 3719 Packet header types Broadcasts User’s Reference Guide Network conﬁguration Appendix C Understanding Netopia NAT BehaviorBackground User’s Reference Guide Understanding Netopia NAT Behavior C-3 Netopia Router WWW Server ISP Router LAN Understanding Netopia NAT Behavior C-5 Exported services Important notes Understanding Netopia NAT Behavior C-7 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-3 User’s Reference Guide Pinouts for Auxiliary port modem cable Appendix F Technical Specifications and Safety Information Description Power requirementsEnvironment Software and protocols International Agency approvalsRegulatory notices North America Declaration for Canadian users Important safety instructions Battery Telecommunication installation cautions Appendix G About Sdsl User’s Reference Guide Glossary User’s Reference Guide Glossary User’s Reference Guide Remapping See network number remapping User’s Reference Guide Glossary User’s Reference Guide Numerics Index Index-2 Index-3 Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide