8 configuring security – ZyXEL Communications Parental Control Gateway HS100/HS100W User Manual

Page 192

Advertising
background image

HomeSafe User’s Guide

14-10

Remote Management Screens

14.8 Configuring Security

To change your HomeSafe’s security settings, click REMOTE MGMT, then the Security tab.
The screen appears as shown.

If an outside user attempts to probe an unsupported port on your HomeSafe, an ICMP response

packet is automatically returned. This allows the outside user to know the HomeSafe exists. Your

HomeSafe supports anti-probing, which prevents the ICMP response packet from being sent. This

keeps outsiders from discovering your HomeSafe when unsupported ports are probed.

Figure 14-8 Remote Management : Security

The following table describes the labels in this screen.

Table 14-7 Remote Management : Security

LABEL DESCRIPTION

ICMP

Internet Control Message Protocol is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol
(IP) datagrams, but the messages are processed by the TCP/IP software and directly
apparent to the application user.

Respond to Ping

on

The HomeSafe will not respond to any incoming Ping requests when Disable is
selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to
incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both
incoming LAN and WAN Ping requests.

Do not respond

to requests for

unauthorized

services

Select this option to prevent hackers from finding the HomeSafe by probing for
unused ports. If you select this option, the HomeSafe will not respond to port
request(s) for unused ports, thus leaving the unused ports and the HomeSafe
unseen. By default this option is not selected and the HomeSafe will reply with an
ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a TCP
Reset packet for a port probe on its unused TCP ports.

Note that the probing packets must first traverse the HomeSafe's firewall mechanism
before reaching this anti-probing mechanism. Therefore if the firewall mechanism
blocks a probing packet, the HomeSafe reacts based on the firewall policy, which by
default, is to send a TCP reset packet for a blocked TCP packet. You can use the
command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks a UDP packet, it drops the packet without sending a response
packet.

Advertising
Popular Brands
Popular manuals