Chapter 8 Firewalls
P-793H User’s Guide
126
8.6 Guidelines for Enhancing Security with Your Firewall
• Change the default password.
• Limit who can telnet into your router.
• Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.
• For local services that are enabled, protect against misuse. Protect by configuring the
services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.
• Protect against IP spoofing by making sure the firewall is active.
• Keep the firewall in a secured (locked) room.
8.6.1 Security In General
You can never be too careful! Factors outside your firewall, filtering or NAT can cause
security breaches. Below are some generalizations about what you can do to minimize them.
• Encourage your company or organization to develop a comprehensive security plan. Good
network administration takes into account what hackers can do and prepares against
attacks. The best defense against hackers and crackers is information. Educate all
employees about the importance of security and how to minimize risk. Produce lists like
this one!
• DSL or cable modem connections are “always-on” connections and are particularly
vulnerable because they provide more opportunities for hackers to crack your system.
Turn your computer off when not in use.
• Never give out a password or any sensitive information to an unsolicited telephone call or
e-mail.
• Never e-mail sensitive information such as passwords, credit card information, etc.,
without encrypting the information first.
• Never submit sensitive information via a web page unless the web site uses secure
connections. You can identify a secure connection by looking for a small “key” icon on
the bottom of your browser (Internet Explorer 3.02 or better or Netscape 3.0 or better). If a
web site uses a secure connection, it is safe to submit information. Secure web transactions
are quite difficult to crack.
• Never reveal your IP address or other system networking information to people outside
your company. Be careful of files e-mailed to you from strangers. One common way of
getting BackOrifice on a system is to include it as a Trojan horse with other files.
• Change your passwords regularly. Also, use passwords that are not easy to figure out. The
most difficult passwords to crack are those with upper and lower case letters, numbers and
a symbol such as% or #.
• Upgrade your software regularly. Many older versions of software, especially web
browsers, have well known security deficiencies. When you upgrade to the latest versions,
you get the latest patches and fixes.
• If you use “chat rooms” or IRC sessions, be careful with any information you reveal to
strangers.
• If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off
hacks that cause your system to slowly become unstable or unusable.
Summary of Contents for G.SHDSL.bis 4-port Security Gateway P-793H
Page 2: ......
Page 7: ...Safety Warnings P 793H User s Guide 7 This product is recyclable Dispose of it properly ...
Page 8: ...Safety Warnings P 793H User s Guide 8 ...
Page 30: ...List of Figures P 793H User s Guide 30 ...
Page 36: ...List of Tables P 793H User s Guide 36 ...
Page 38: ...38 ...
Page 68: ...Chapter 4 Point to 2 point Configuration P 793H User s Guide 68 ...
Page 70: ...70 ...
Page 114: ...Chapter 7 Network Address Translation NAT Screens P 793H User s Guide 114 ...
Page 116: ...116 ...
Page 152: ...Chapter 10 Content Filtering P 793H User s Guide 152 ...
Page 180: ...Chapter 12 Static Route P 793H User s Guide 180 ...
Page 194: ...Chapter 14 Dynamic DNS Setup P 793H User s Guide 194 ...
Page 216: ...Chapter 16 Universal Plug and Play UPnP P 793H User s Guide 216 ...
Page 217: ...217 PART IV Maintenance System 219 Logs 225 Tools 229 Diagnostic 235 ...
Page 218: ...218 ...
Page 224: ...Chapter 17 System P 793H User s Guide 224 ...
Page 234: ...Chapter 19 Tools P 793H User s Guide 234 ...
Page 238: ...238 ...
Page 244: ...Chapter 21 Introducing the SMT P 793H User s Guide 244 ...
Page 248: ...Chapter 22 General Setup P 793H User s Guide 248 ...
Page 256: ...Chapter 23 WAN Setup P 793H User s Guide 256 ...
Page 262: ...Chapter 24 LAN Setup P 793H User s Guide 262 ...
Page 278: ...Chapter 27 Static Route Setup P 793H User s Guide 278 ...
Page 308: ...Chapter 30 Filter Configuration P 793H User s Guide 308 ...
Page 310: ...Chapter 31 SNMP Configuration P 793H User s Guide 310 ...
Page 312: ...Chapter 32 System Password P 793H User s Guide 312 ...
Page 322: ...Chapter 33 System Information Diagnosis P 793H User s Guide 322 ...
Page 352: ...Chapter 37 Schedule Setup P 793H User s Guide 352 ...
Page 360: ...360 ...
Page 366: ...Appendix B Wall mounting Instructions P 793H User s Guide 366 ...
Page 400: ...Appendix F IP Address Assignment Conflicts P 793H User s Guide 400 ...
Page 404: ...Appendix G Common Services P 793H User s Guide 404 ...
Page 432: ...Appendix K Legal Information P 793H User s Guide 432 ...
Page 443: ...Index P 793H User s Guide 443 ...
Page 444: ...Index P 793H User s Guide 444 ...