Technical Reference; Stateful Inspection Firewall; Guidelines For Enhancing Security With Your Firewall - ZyXEL Communications MAX-206M2 User Manual

Chapter 15 The Firewall Screens
Table 68 TOOLS > Firewall > Service Setting (continued)
LABEL
Port Number
Add
Delete
Clear All
Schedule to Block
Day to Block
Time of Day to
Block
Apply
Reset

15.4 Technical Reference

The following section contains additional technical information about the WiMAX Modem
features described in this chapter.

15.4.1 Stateful Inspection Firewall.

Stateful inspection firewalls restrict access by screening data packets against defined access
rules. They make access control decisions based on IP address and protocol. They also
"inspect" the session data to assure the integrity of the connection and to adapt to dynamic
protocols. These firewalls generally provide the best speed and transparency; however, they
may lack the granular application level access control or caching that some proxies support.
Firewalls, of one type or another, have become an integral part of standard security solutions
for enterprises.

15.4.2 Guidelines For Enhancing Security With Your Firewall

1 Change the default password via web configurator.
2 Think about access control before you connect to the network in any way.
3 Limit who can access your router.
4 Don't enable any local service (such as telnet or FTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able to find
creative ways to misuse the enabled services to access the firewall or the network.
5 For local services that are enabled, protect against misuse. Protect by configuring the
services to communicate only with specific peers, and protect by configuring rules to
block packets for the services at specific interfaces.
6 Protect against IP spoofing by making sure the firewall is active.
7 Keep the firewall in a secured (locked) room.
164
DESCRIPTION
Enter the range of port numbers that defines the service. For example, suppose
you want to define the Gnutella service. Select TCP type and enter a port range of
6345-6349.
Click this to add the selected service in Available Services to the Blocked
Services list.
Select a service in the Blocked Services, and click this to remove the service
from the list.
Click this to remove all the services in the Blocked Services list.
Select which days of the week you want the service blocking to be effective.
Select what time each day you want service blocking to be effective. Enter times in
24-hour format; for example, 3:00pm should be entered as 15:00.
Click to save your changes.
Click to restore your previously saved settings.
User's Guide