P-2302HW/HWL-P1 Series User’s Guide

The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to use a specific service.

14.1.3 Guidelines For Enhancing Security With Your Firewall

1Change the default password via web configurator.

2Think about access control before you connect to the network in any way, including attaching a modem to the port.

3Limit who can access your router.

4Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.

5For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces.

6Protect against IP spoofing by making sure the firewall is active.

7Keep the firewall in a secured (locked) room.

14.1.4The Firewall, NAT and Remote Management

Figure 102 Firewall Rule Directions

14.1.4.1 LAN-to-WAN rules

LAN-to-WANrules are local network to Internet firewall rules. The default is to forward all traffic from your local network to the Internet.

You can block certain LAN-to-WANtraffic in the Services screen (click the Services tab). All services displayed in the Blocked Services list box are LAN-to-WANfirewall rules that block those services originating from the LAN.

190

Chapter 14 Firewall