60 Security settings
Have you activated the Firewall?
The Stateful Inspection Firewall of the Business LAN R800+ ensures that your local
network cannot be attacked from the outside . The Firewall can be enabled in LANcon-
fig under ’Firewall/QoS’ on the register card ’General’.
Do you make use of a ’Deny All’ Firewall strategy?
For maximum security and control you prevent at first any data transfer through the
Firewall. Only those connections, which are explicitly desired have to allowed by the a
dedicated Firewall rule then. Thus ’Trojans’ and certain Email viruses loose their com-
munication way back. The Firewall rules are summarized in LANconfig under ’Fire-
wall/Qos’ on the register card ’Rules’.
Have you activated the IP masquerading?
IP masquerading is the hiding place for all local computers for connection to the Inter-
net. Only the router module of the unit and its IP address are visible on the Internet. The
IP address can be fixed or assigned dynamically by the provider. The computers in the
LAN then use the router as a gateway so that they themselves cannot be detected. The
router separates Internet and intranet, as if by a wall. The use of IP masquerading is set
individually for each route in the routing table. The routing table can be found in the
LANconfig in the 'IP router' configuration section on the 'Routing' tab.
Have you excluded certain stations from access to the router?
Access to the internal functions of the devices can be restricted using a special filter
list. Internal functions in this case are configuration sessions via LANconfig,
WEBconfig, Telnet or TFTP. This table is empty by default and so access to the router
can therefore be obtained by TCP/IP using Telnet or TFTP from computers with any IP
address. The filter is activated when the first IP address with its associated network
mask is entered and from that point on only those IP addresses contained in this initial
entry will be permitted to use the internal functions. The circle of authorized users can
be expanded by inputting further entries. The filter entries can describe both indivi-
dual computers and whole networks. The access list can be found in LANconfig in the
'TCP/IP' configuration section on the 'General' tab.
Have you closed critical ports with filters?
The firewall filters of the Router devices offer filter functions for individual computers
or entire networks. Source and target filters can be set for individual ports or for ranges
of ports. In addition, individual protocols or any combinations of protocols (TCP/UDP/
ICMP) can be filtered. It is particularly easy to set up the filters with LANconfig. The
'Rules' tab under 'Firewall/QoS' can assist you to define and change the filter rules.
Is your saved Router configuration stored in a safe place?
Protect the saved configurations against unauthorized access in a safe place. A saved
configuration could otherwise be loaded in another device by an unauthorized per-
son, enabling, for example, the use of your Internet connections at your expense.
Have you activated the mechanism that protects your WAN lines if the device is
stolen?
After being stolen, the device can theoretically be operated at another location by
unauthorized persons. Password-protected device configurations offer no protection
