Login Barring; Access Control Via Tcp/Ip; Security For Your Lan - ELSA Lancom DSL/10 Office Manual

22 Operating modes and functions

Login barring

The configuration in the ELSA LANCOM DSL/10 Office is protected against "brute force
attacks" by barring logins. A brute-force attack is the attempt of an unauthorized person
to crack a password to gain access to a network, a computer or another device. In order
to do so, a computer can, for example, run through all the possible combinations of letters
and numbers until the right password is found.
As a measure of protection against such attacks, the maximum allowed number of
unsuccessful attempts to log in can be set. If this limit is reached, access will be barred
for a certain length of time.
If barring is activated on one port all other ports are automatically barred too.
The following entries are provided in the ELSA LANconfig for configuring login barring in
the 'Management' configuration area on the 'Security' tab or under
module
'Lock configuration after' (
K
'Lock configuration for' (
K

Access control via TCP/IP

Access to the internal functions of the devices through TCP/IP can be restricted using a
special filter list. Internal functions in this case means telnet or TFTP sessions to
configure the ELSA LANconfig.
This table is empty by default and so access to the router can therefore be obtained by
TCP/IP using telnet or TFTP from computers with any IP address. The filter is activated
when the first IP address with its associated network mask is entered and from that point
on only those IP addresses contained in this initial entry will be permitted to use the
internal functions. The circle of authorized users can be expanded by inputting further
entries. The filter entries can describe both individual computers and whole networks.
The access list can be found in the ELSA LANconfig in the 'TCP/IP' configuration section
on the 'General' tab, or in the

Security for your LAN

You certainly would not like any outsider to have easy access to or to be able to modify
the data on your computers. The ELSA LANCOM DSL/10 Office offers you various ways
of restricting access from outside:
Data packet filtering
K
IP masquerading (also known as NAT or PAT)
K
ELSA LANCOM DSL/10 Office
in the menu:
Login-errors
Lock-minutes
/Setup/TCP-IP-module/Access List
/Setup/Config-
)
)
menu.