ZyXEL Communications P-6600HW-Tx v3 manual 34

Chapter 1 Introducing the ZyXEL Device

•TR-069. This is a standard that defines how your ZyXEL Device can be managed by a management server.

1.3Configuring Your ZyXEL Device’s Security Features

Your ZyXEL Device comes with a variety of security features. This section summarizes these features and provides links to sections in the User’s Guide to configure security settings on your ZyXEL Device. Follow the suggestions below to improve security on your ZyXEL Device and network.

1.3.1 Control Access to Your Device

Ensure only people with permission can access your ZyXEL Device.

•Control physical access by locating devices in secure areas, such as locked rooms. Most ZyXEL Devices have a reset button. If an unauthorized person has access to the reset button, they can then reset the device’s password to its default password, log in and reconfigure its settings.

•Change any default passwords on the ZyXEL Device, such as the password used for accessing the ZyXEL Device’s web configurator (if it has a web configurator). Use a password with a combination of letters and numbers and change your password regularly. Write down the password and put it in a safe place.

•Avoid setting a long timeout period before the ZyXEL Device’s web configurator automatically times out. A short timeout reduces the risk of unauthorized person accessing the web configurator while it is left idle.

See Chapter 19 on page 247 for instructions on changing your password and setting the timeout period.

•Configure remote management to control who can manage your ZyXEL Device. See Chapter 17 on page 221 for more information. If you enable remote management, ensure you have enabled remote management only on the IP addresses, services or interfaces you intended and that other remote management settings are disabled.

1.3.2Wireless Security

Wireless devices are especially vulnerable to attack. If your ZyXEL Device has a wireless function, take the following measures to improve wireless security.

•Enable wireless security on your ZyXEL Device. Choose the most secure encryption method that all devices on your network support. See Chapter 9 on page 127 for directions on configuring encryption. If you have a RADIUS server, enable WPA(2) user identification on your network so users must log in. This method is more common in business environments.

•Use WPS’s PIN method to set up your wireless network instead of using the push-button method. The PIN method is more secure than the push-button method as it ensures only selected devices are added to your wireless network. See Section 9.5 on page 145 for more information on using the WPS PIN method.