Guidelines For Enhancing Security With Your Firewall; Security In General - ZyXEL Communications P-662HW-61 User Manual

Any protocol that operates in this way must be supported on a case-by-case basis. You can use
the web configurator's Custom Ports feature to do this.

13.6 Guidelines for Enhancing Security with Your Firewall

• Change the default password via SMT or web configurator.
• Limit who can telnet into your router.
• Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.
• For local services that are enabled, protect against misuse. Protect by configuring the
services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.
• Protect against IP spoofing by making sure the firewall is active.
• Keep the firewall in a secured (locked) room.

13.6.1 Security In General

You can never be too careful! Factors outside your firewall, filtering or NAT can cause
security breaches. Below are some generalizations about what you can do to minimize them.
• Encourage your company or organization to develop a comprehensive security plan.
Good network administration takes into account what hackers can do and prepares
against attacks. The best defense against hackers and crackers is information. Educate all
employees about the importance of security and how to minimize risk. Produce lists like
this one!
• DSL or cable modem connections are "always-on" connections and are particularly
vulnerable because they provide more opportunities for hackers to crack your system.
Turn your computer off when not in use.
• Never give out a password or any sensitive information to an unsolicited telephone call or
e-mail.
• Never e-mail sensitive information such as passwords, credit card information, etc.,
without encrypting the information first.
• Never submit sensitive information via a web page unless the web site uses secure
connections. You can identify a secure connection by looking for a small "key" icon on
the bottom of your browser (Internet Explorer 3.02 or better or Netscape 3.0 or better). If
a web site uses a secure connection, it is safe to submit information. Secure web
transactions are quite difficult to crack.
• Never reveal your IP address or other system networking information to people outside
your company. Be careful of files e-mailed to you from strangers. One common way of
getting BackOrifice on a system is to include it as a Trojan horse with other files.
• Change your passwords regularly. Also, use passwords that are not easy to figure out. The
most difficult passwords to crack are those with upper and lower case letters, numbers
and a symbol such as % or #.
Chapter 13 Firewalls
Prestige 662HW Series User's Guide
154