Chapter 16 The Firewall Screens
User’s Guide 195
16.4.2 Guidelines For Enhancing Security With Your Firewall
1Change the default password via web configurator.
2Think about access control before you connect to the network in any way.
3Limit who can access your router.
4Don't enable any local service (such as telnet or FTP) that you don't use. Any
enabled service could present a potential security risk. A determined hacker might
be able to find creative ways to misuse the enabled services to access the firewall
or the network.
5For local services that are enabled, protect against misuse. Protect by configuring
the services to communicate only with specific peers, and protect by configuring
rules to block packets for the services at specific interfaces.
6Protect against IP spoofing by making sure the firewall is active.
7Keep the firewall in a secured (locked) room.
16.4.3 The “Triangle Route” Problem
A traffic route is a path for sending or receiving data packets between two
Ethernet devices. You may have more than one connection to the Internet
(through one or more ISPs). If an alternate gateway is on the LAN (and its IP
address is in the same subnet as the WiMAX Modem’s LAN IP address), the
“triangle route” (also called asymmetrical route) problem may occur. The steps
below describe the “triangle route” problem.
1A computer on the LAN initiates a connection by sending out a SYN packet to a
receiving server on the WAN.
2The WiMAX Modem reroutes the SYN packet through Gateway A on the LAN to the
WAN.
3The reply from the WAN goes directly to the computer on the LAN without going
through the WiMAX Modem.