Wr1500, Port wireless dsl/cable router – ParkerVision WR1500 User Manual

Page 88

Advertising
background image

WR1500

4-Port Wireless DSL/Cable Router

®

90

12.2 Firewall Policies Overview - Continued
If you confi gure fi rewall rules without a good understanding of how they work, you might

inadvertently introduce security risks to the fi rewall and to the protected network. Make

sure you test your rules after you confi gure them.
For example, you may create rules to:

• Block certain types of traffi c, such as IRC (Internet Relay Chat), from the LAN to the Internet.

• Allow certain types of traffi c, such as Lotus Notes database synchronization, from specifi c

hosts on the Internet to specifi c hosts on the LAN.

• Allow everyone except your competitors to access a Web server.

• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.

These custom rules work by comparing the Source IP address, Destination IP address and

IP protocol type of network traffi c to rules set by the administrator. Your customized rules take

precedence and override the WR1500 Wireless Router’s default rules.

12.3 Rule Logic Overview
Study these points carefully before confi guring rules.

12.3.1 Rule Checklist
1. State the intent of the rule. For example, “This restricts all IRC access from the LAN to the

Internet.” Or, “This allows a remote Lotus Notes server to synchronize over the Internet to

an inside Notes server.”

2. Is the intent of the rule to forward or block traffi c?

3. What direction of traffi c does the rule apply to (refer to 12.2)1

4. What IP services will be affected?

5. What computers on the Internet will be affected? The more specifi c, the better. For example,

if traffi c is being allowed from the Internet to the LAN, it is better to allow only certain

machines on the Internet to access the LAN.

12.3.2 Security Ramifi cations
Once the logic of the rule has been defi ned, it is critical to consider the security ramifi cations

created by the rule:

1. Does this rule stop LAN users from accessing critical resources on the Internet? For

example, if IRC is blocked, are there users that require this service?

2. Is it possible to modify the rule to be more specifi c? For example, if IRC is blocked for all

users, will a rule that blocks just certain users be more effective?

3. Does a rule that allows Internet users access to resources on the LAN create a security

vulnerability? For example, if FTP ports (TCP 20,21) are allowed from the Internet to the

LAN, Internet users may be able to connect to computers with running FTP servers.

4. Does this rule confl ict with any existing rules?

Once these questions have been answered, adding rules is simply a matter of plugging the

information into the correct fi elds in the Web Confi guration Utility screensSource Address.

Advertising
Popular Brands
Popular manuals