Enhanced Security Features; Advanced Filtering And Firewall - D-Link DSL-504 User Manual

DSL-504 ADSL Router User's Guide

Enhanced Security Features

Network security is an unfortunate necessity for any network connected to the
Internet. Protection of sensitive information and proprietary assets on your
private network should be designed into the network infrastructure from the
beginning. If you are not already, it is recommended that you become familiar
with network security issues and the strategies available to help reduce risks
from outside as well as from within your LAN. The Router provides features that
can enhance your network security and should be used in concert with other
security provisions, such as virus scanning software for all workstations, the use
of proxy servers and stateful inspection methods.

Advanced Filtering and Firewall

One of the most important elements of any network security implementation is
the firewall. Packet filtering is a basic firewall security measure that should be
used on any network that is exposed to security risk. A packet filter system
examines data packets and scrutinizes them for the purpose of controlling
network access. Filtering rules determine whether or not to allow access through
the Router from either side of the gateway. The rules are created and controlled
by the network administrator and can be precisely defined. These rules are used
to block access to the network from the outside, or deny access to the WAN from
within the network. The Router uses filtering rules to examine data packet
headers for specific information. Packets passing through the Router that do not
meet the criteria specified by the rule set are dropped.
In order to improve network security without severely limiting network
efficiency, it is important to carefully plan the sets of access rules. Effective
implementation of packet filtering requires detailed knowledge of network
services and communication protocols. An overly complicated filtering scheme
can adversely effect routing performance, while an inadequate set of rules may
needlessly compromise security.
Packet filtering can be used in conjunction with NAT, port redirection and proxy
servers to help provide basic firewall protection. However, these measures do not
address many security issues and should be used as only one part of an overall
network security strategy. It is important to remember that IP packet filtering
examines only the packet header and is not concerned with application
information. Therefore, packet filtering does not protect against higher-level
security threats that may operate at the application or other level.
Filtering rules can be precisely defined based upon source and destination IP
address, as well as port and protocol information. Up to twelve filter sets can be
used; each set contains up to seven filtering rules subsets.
40