Manuals / Brands / Computer Equipment / Network Router / Siemens / Computer Equipment / Network Router

Siemens SX541 WLAN dsl Attack Detection, Configuring the Advanced Settings, ìIn the Advanced Settings – Internet menu, select Firewall

1 187

Download 187 pages, 3.21 Mb

Configuring the Advanced Settings

Firewall

The firewall functions of the Gigaset SX541 WLAN dsl include various security functions for your local network.

You can:

uprotect your network against hacker attacks (see below),

ublock individual PCs' access to selected services or Internet sites (see page 81) or restrict them by means of a schedule rule (see page 84).

The firewall functions for Gigaset SX541 WLAN dsl are activated and configured in the factory. If you wish to deactivate the firewall, carry out the following steps:

ìIn the Advanced Settings – Internet menu, select Firewall.

ìSelect the required option.

ìClick OK to apply the settings.

Attack Detection

If the firewall functions of your Gigaset SX541 WLAN dsl are activated, the device monitors and limits the access of incoming traffic via the DSL connection with a function called Stateful Packet Inspection (SPI). This allows the Gigaset SX541 WLAN dsl to identify and prevent certain types of attack from the Internet, such as Denial-of-Service (DoS). DoS attacks are aimed at devices and networks with Internet connections. The aim is not so much to steal data but to paralyse the computer or network to such an extent that the network resources are no longer available. A typical hacker attack involves making a remote computer announce that it is acting for the paralysed device, for example, and receive the data meant for it.

78

Contents

Page Page Contents The User Interface Basic Setup Wizard Security Settings Configuring the Advanced Settings Administration and Status Information Status Information Installing the Printer Port for Network Printers Appendix Page Safety Precautions The Gigaset SX541 WLAN dsl Page Wired Local Network (Ethernet) Internet Wireless Local Network (WLAN) We generally differentiate between two types of wireless network uInfrastructure mode u Ad-hocmode You can use the Gigaset SX541 WLAN dsl to connect uwirelessly networked PCs to the Internet and Linking wireless networks with the Internet DSL modem Linking a Wireless Network (WLAN) to an Ethernet (LAN) Wireless local network (WLAN) Please remember: Fixed Network uInternet access uSetting up a local network Connecting analogue telephones and Internet telephony uSecurity functions uOffering your own services on the Internet ConnectionPoint one First Steps Front Panel LED displays LED State Back Panel First Steps The back panel of the Gigaset SX541 WLAN dsl houses the sockets Element Description Socket for connecting the integrated modem with the splitter’s DSL Position the Gigaset SX541 WLAN dsl so that it cannot fall uThe PWR LED on the front lights up ADSL Configuring the Local Network Configuring the Network General Properties Internet connection ìClick Start – Settings – Control Panel Other Method ìSkip the message This network configuration is not advisable by clicking Next Selecting a Computer Name and Workgroup Computer description Checking the Network Settings and Completing the Installation Procedure Back ìAnswer the question Do you want to restart your computer now? with Yes TCP/IP Settings ìSelect Network Connections ìClick Properties ìSelect Internet protocol (TCP/IP) and click Properties Deactivating the HTTP Proxy HTTP Proxy Internet Explorer Open Internet Explorer and click End Synchronising TCP/IP Settings with the Gigaset SX541 WLAN dsl Start Programs Accessories Command prompt Installing Network Services ìDouble-clickthe Network and Dial-upconnections icon Add Network Components ìNow select Networking Services and click Next Network Identification Computer name Workgroup Installing the TCP/IP Protocol LAN connection Install Add ìIn the Network Protocol list, select Internet Protocol (TCP/IP) Local Area Connection Properties Page ìSelect Internet Protocol (TCP/IP) and click Properties ìOpen Internet Explorer. Click Tools – Internet Options ìClick LAN settings ìDeactivate all options in the Local Area Network (LAN) Settings window Synchronising the TCP/IP Settings with the Gigaset SX541 WLAN dsl ìOn the Windows Desktop, click Start – Programs – Accessories – Command prompt ipconfig /release ìEnter exit and press the ENTER key Setting up a PC as a Client for Microsoft Networks Network Configuration Net- work Client for Microsoft Net- works Clien Identification TCP/IP > Sie- mens Gigaset PC Card Making TCP/IP Settings TCP/IP IP Address Obtain IP address automatically Cancel Yes Gateway Page ìSelect Disable DNS ìClick OK again to close the Internet Options window IP Configuration ìClick Start – Run ìType WINIPCFG and click OK ìSelect your network adapter from the selection list ìClick Release and then on Update ìOpen Command prompt. To do this, click Start – Programs – Command prompt Open . To do this, click ìEnter the command ping 2.Has TCP/IP been properly configured on your PC The User Interface You will now see the start screen Traffic Control Start screen functions On the start screen you can select the language for the user interface The configuration program offers you the following functions: Basic Setup Wizard net telephony. This is described from page Security Setup Wizard work. For example, you can assign a password and set up Language The user interface pages contain the following elements: Log Off button button Log Off Help Basic Setup Wizard Page Other Service provider User name Password IP address type ìSelect how Internet sessions are to be established via Connection mode: Always on Connect on demand Idle time before disconnect Connect on request Basic Setup Wizard VoIP account Displayed name Phone number SIP domain SIP listen port Proxy server port Registrar server port Voice codecs < Back Security Settings Current password New password Confirm new password all SSID broadcast Page WPA2 / WPA with Pre-SharedKey (PSK) WPA2-PSK Pre-shared WEP Encryption Key length Input type Passphrase Manual key entry Key type Hex ASCII Confirm key MAC address filter Entering MAC addresses manually Selecting from the list of logged-inPCs Known wireless clients uYou can completely reset the Gigaset SX541 WLAN dsl (see page 18) ìClick Finish to conclude the wizard The settings will now be active on your Gigaset SX541 WLAN dsl Configuring the Advanced Settings WAN Via the Internet menu you can umake DNS server settings (page 74) uconfigure time and volume control for using the Internet (see page 76) provide your own services on the Internet (NAT You can edit the displayed virtual connection or add a new connection ìEnter the new parameters in the VPI / VCI fields ìClick Select to select the virtual connection for use ìClick Delete to delete an entry ìClick Add to create a new entry Page This time setting only applies to the Connect on demand option Internet Connection ìIf the test was successful, click OK to apply the settings ìIn the Advanced Settings – Internet menu, select Internet Connection menu, select PCs with Port Forwarding see page 88) thereby facilitating communication via the Internet Advanced Settings DNS Server ìIn the Advanced Settings – Internet menu, select DNS Servers Use custom DNS servers Preferred DNS server Alternate DNS server MAC Address Carry out the following steps: ìIn the Advanced Settings – Internet menu, select MAC Address ìSelect which MAC address is to apply to the Internet connection: Use default device MAC address Traffic Control Traffic control ìIn the Advanced Settings – Internet menu, select Traffic Control Traffic Control Reset traffic counters Global time limit ìEnter the total amount of time available per month in hours Global volume limit ìEnter the total volume of data available per month in megabytes (MB) Individual limits ìIn the Advanced Settings – Internet menu, select Firewall Attack Detection ìIn the Advanced Settings – Internet – Firewall menu, select Attack Detection ìSelect the security level for the firewall: The default level Medium The level E-mailnotification of a hacker attack Notification interval E-mail address to notify Outgoing mail server (SMTP) Custom Stateful Packet Inspection Traffic All Setting up Access Control to the Internet URL filter Access Rules Schedule rule Access rule type Apply to all clients Specify IP address range Specify IP address Always Schedule Rules Access Rules ìIn the Access Control field under Schedule Rules, click Add Every day Begin one Where configuration is concerned, this means: You have to define a NAT You can use the NAT settings for the Gigaset SX541 WLAN dsl to uset up port triggering for special applications (see page 87) uopen the firewall for selected PCs (see page 89) Never expires Port Triggering Port Triggering Address Trans- lation (NAT) Enabled Local protocol Local port ìApply the settings by clicking OK Port Forwarding To set up port forwarding for a service, select Port Forwarding Address Translation (NAT) ìClick Add ìClick Delete if you wish to delete the data in the relevant line again Opening the Firewall for Selected PCs (Exposed Host) To set up a PC an exposed host, select Exposed Host ìEnter the Local IP address of the PC that is to be enabled an Exposed Host ìEnter a name for the PC in the Comment field ìActivate the entry Enabled by selecting the option ìClick the Delete button to delete the entry from the list Dynamic DNS Dynamic DNS Advanced Set- tings Domain name QoS (Quality of Service) QoS ìIn the Advanced Settings – Internet menu, select the entry QoS Differentiated services Priority ìSelect Advanced Settings – Local Network Defining the private IP address for the Gigaset SX541 WLAN dsl Subnet mask Configuring the DHCP server DHCP Server Obtain an IP address automatically ìTo activate the DHCP server, select On If the DHCP server is active, you can define a Wireless Network activate the Gigaset SX541 WLAN dsl's wireless module (see below) u set Encryption for wireless transmissions (see page 97) u restrict access to the Gigaset SX541 WLAN dsl's LAN (see page 97) and ìSelect the On option for Wireless Network (default setting) ConnectionPoint SSID broadcast ìSelect the Off option to deactivate SSID broadcast Transmission mode IEEE 802.11g only Setting Wireless Security ìIn the Wireless Network menu, select Encryption & Authentication WPA2-PSKand WPA2-PSK / WPA-PSK WPA with Pre-sharedKey (WPA-PSK) Security WPA and WPA2 with authentication server WPA2 WPA2 / WPA Enter the IP address of the RADIUS server in the RADIUS server IP address ìIn the Security field, select the option WEP ìSelect the Authentication type: Shared Open ìSelect one of the four keys as Default key Hex ASCII Key Allowed Clients Wireless Network Allowed Clients The access control is based on the MAC addresses of the PCs' network adapters ìActivate access control via the On option in the MAC address filter field Entering PCs manually: Enter the required PCs with Known wireless clients Repeater Function (WDS) In the Wireless Network menu, select Repeater (WDS) ìNext to Wireless distribution system, select the On option to activate WDS The name of the client is shown in the Comment field SSID Channel Signal strength ìClick Refresh to update the display ìClick Add to add the data of another repeater VoiP Settings ìSelect VoIP in the Telephony menu ìSelect On if you want so use Internet telephony (default setting) Use the default settings for ìTo add the data for your VoIP accounts, click Add Page Extensions ìSelect Extensions in the Telephony menu Additional phone numbers Receive calls for all numbers Call waiting Display number of the caller (CLIP) if you want to hide the number of this extension for outgoing calls Different dial tones for fixed line and VoIP ìLeave the default setting for Hook flash time or change the data ìSelect the appropriate settings for extension ìWait for dial tone on fixed line If you want to make all fixed network calls via a Preselection ìEnter the provider's phone number in the field Preselection number Dialing plans Quick dial Quick Dial Vanity Phone number / user name Safely Remove Hardware File Server ìConnect a USB data carrier to the Gigaset SX541 WLAN dsl via the USB port ìIn the USB menu, select File Server ìSelect the On option for the File Server Server Domain / workgroup workgroup Device Partitions list and sharing directories Partitions Setting up or editing a share Share Browse Access Read only Web Server ìIn the Advanced Settings menu, select Web Server Partition HTTP ìActivate the HTTP service for your Web server You can change the FTP \gigaset_http Print Server Administration and Status Information Time zone Date format Time format Internet Time System time Last synchronization with time server If you wish to use your own time server, select the Use custom time servers Setting Idle time before log off: ìIn the Administration menu, select Remote Management Remote Management Allowed connections: Remote Management for one particular PC: Authorized client http://X.X.X.X:8080 uIn the Administration menu, select Save & Restore Saving Configuration Data ìFor Task, select the option Save configuration Save Restoring the Back-up ìFor Task, select the option Restore configuration A window will appear prompting you to confirm the procedure ìClick OK. The configuration will now be updated Resetting to the Factory Settings ìIn the Administration menu, select Firmware Update Current firmware version Firmware update file Status Device System Log Log level Critical Status Information uConnection status uIP address Local network uDHCP Server Wireless network uSystem password not changed uIdentification of your wireless network visible or not changed uEncryption for your wireless network not activated uAccess to your wireless network not restricted to allowed clients uFirewall for your Internet connection turned off uAddress translation for your Internet connection turned off uOne or more of your local clients directly exposed to the Internet uRemote management enabled Disconnect uConnection mode uMAC address uDefault gateway uPreferred DNS server uAlternate DNS server uDownstream rate uUpstream rate uPPPoE pass-through uGlobal traffic limits –Time Total Available –Volume uSubnet mask – Status uDHCP clients uChannel uWireless clients Uptime uRepeater (WDS) –WDS links uVoIP accounts uPhone calls uSystem uptime uBootcode version uWireless driver version uHardware version uSerial number uSystem Log Installing the Printer Port for Network Printers Printer and Faxes Add a printer Local printer Plug & Play printer Create a new port Standard TCP/IP Port Printer Name or IP Address Port Name Gigaset_Printerport Additional Port Information Required Network Print Server (1 port) Add Printer Wizard Printer Select a Printer Port Gigaset_printerport (Standard TCP/IP Port) Printer port driver Printers Details Port Settings Gigaset_printerport Add Printer Instructions for Setting up a Printer on the PC Appendix Time and Volume Contingent Appendix Interfaces Wireless properties Operating environment LED displays (green) Compliance with security conditions and regulations Software http://www.fsf.org/licensing/licenses/gpl.txt http://www.fsf.org/licensing/licenses/lgpl.txt http://now-portal.c-lab.de/projects/gigaset Kleinteileversand Com Bocholt E-Mail:kleinteileversand@bch.siemens.com Open Source Software Licenses GPL GNU GENERAL PUBLIC LICENSE Version 2, June Copyright (C) 1989, 1991 Free Software Foundation, Inc 59 Temple Place, Suite 330, Boston, MA 02111-1307USA GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION Accompany it with the complete corresponding NO WARRANTY END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs Also add information on how to contact you by electronic and paper mail Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type ’show w’ <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice LGPL GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February Copyright (C) 1991, 1999 Free Software Foundation, Inc GNU LESSER GENERAL PUBLIC LICENSE a)The modified work must itself be a software library Page You may place library facilities that are a work based on the Library Page How to Apply These Terms to Your New Libraries Glossary DHCP Dynamic Host Configuration Protocol DHCP Server See DHCP DMZ DoS attack Denial of Service DSL Digital Subscriber Line Dynamic IP address Firewall See also NAT Flat rate Full duplex Half duplex IGMP Internet Group Management Protocol Protocols Among the most important Internet services are: uelectronic mail (email) IP address Inter- net Subnet mask ipconfig Static IP address Mbps MER MRU MTU NAT Port Port Forwarding Port See also: Virtual server PPPoA Point-to-PointProtocol over ATM PPPoE Rekey Interval Remote Management Repeater Roaming Router SNMP Simple Network Management Protocol Service Set Identifier Static IP address Subnet TCP/IP UDP User Datagram Protocol TCP Broadcast WEP Wired Equivalent Privacy Wireless LAN WPA WPA-PSK Index (Windows XP) local network IP addresses configuration Gateway back panel configuring front panel installation (Windows 2000) MAC table networks port forwarding (Windows 98) Protocol) Issued by Siemens Communications Haidenauplatz D-81667Munich © Siemens AG