P312 Broadband Security Gateway
13-10 What Is a Firewall?
3. Limit who can Telnet into your router.
4. Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could
present a potential security risk. A determined, hostile party might be able to find creative ways to
misuse the enabled services to access the firewall or the network.
5. For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the services
at specific interfaces.
6. Protect against IP spoofing by making sure the firewall is active.
7. Keep the firewall in a secured (locked) room.
13.5.1 Security In GeneralYou can never be too careful! Factors outside your firewall, filtering or NAT can cause security breaches.
Below are some generalizations about what you can do to minimize them.
1. Encourage your company or organization to develop a comprehensive security plan. Good network
administration takes into account what hackers can do and prepares against attacks. The best defense
against hackers and crackers is information. Educate all employees about the importance of security and
how to minimize risk. Produce lists like this!
2. DSL or cable modem connections are “always-on” connections and are particularly vulnerable because
they provide more opportunities for hackers to crack your system. Turn your computer off when not
being used.
3. Never give out a password or any sensitive information to an unsolicited telephone call or e-mail.
4. Never e-mail sensitive information such as passwords, credit card information, etc. to people without
encrypting the information first.
5. Never submit sensitive information via a web page unless the web site uses secure connections. You can
identify a secure connection by looking for a small “key” icon on the bottom of your browser (Internet
Explorer 3.02 or better or Netscape 3.0 or better). If a web site uses a secure connection, it is safe to
submit information. Secure web transactions are quite difficult to crack.
6. Never reveal your IP address or other system ne tworking information to people outside your company.
7. Be careful of files e-mailed to you from people you do not know. One common way of getting
BackOrifice on a system is to include it as a Trojan horse with other files.
8. Change your passwords regularly. Also, use passwords that are not easy to figure out. The most difficult
passwords to crack are those with upper and lower case letters, numbers, and a symbol such as % or #.
9. Upgrade your software regularly. Many older versions of software, especially web browsers, have well
known security deficiencies. When you upgrade to the latest versions, you get the latest patches and
fixes.
10. If you use “chat rooms” or IRC sessions, be careful with any information you reveal to strangers.
11. If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off hacks that
cause your system to slowly become unstable or unusable.