Firewall, Port triggering, Wireless security – ADS Technologies Wireless Cable Modem Gateway SBG1000 User Manual
Page 23: Firewall dmz port triggering wireless security
17
SBG1000 User Guide
X
Exit
Overview Installation Troubleshooting Contact
FAQ Specifications Glossary License
Configuration: Basic Gateway TCP/IP Wireless Print Server USB
Firewall
The SBG1000 firewall protects the SBG1000 LAN from undesired attacks and other intrusions from the Internet. It
provides an advanced integrated
firewall supporting intrusion detection, session tracking, and
denial-of-service attack prevention. The firewall:
•
Maintains state data for every
session on the
network and transport layers
•
Monitors all incoming and outgoing
, applies the firewall policy to each one, and screens for improper
packets and intrusion attempts
•
Provides comprehensive logging for all:
— User authentications
— Rejected internal and external connection requests
— Session creation and termination
— Outside attacks (intrusion detection)
You can configure the firewall filters to set rules for port usage. For information about choosing a predefined
firewall policy template, see “
DMZ
A de-militarized zone (
) is one or more computers logically located outside the firewall between an SBG1000
LAN and the Internet. A DMZ prevents direct access by outside users to private data.
For example, you can set up a web server
on a DMZ computer to enable outside users to access your website
without exposing confidential data on your network.
A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can
leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more
information, see “
Gaming Configuration Guidelines
Port Triggering
When you run a PC application that accesses the Internet, it typically initiates communications with a computer on
the Internet. In some applications, especially gaming, the computer on the Internet also initiates communications
with your PC. Because NAT does not normally allow these incoming connections to occur, the SBG1000 supports
port triggering.
The SBG1000 is preconfigured with port triggering for common applications. You can also configure additional
port triggers if needed on the
Gateway > PORT TRIGGERS — custom Page
Wireless Security
Because wireless LAN signals are transmitted using radio signals, it may be possible for your neighbor or
someone else you do not want to access your wireless LAN. To prevent unauthorized eavesdropping of data
transmitted over the wireless LAN, you must enable wireless security. The default SBG1000 settings provide no
security for transmitted data.
The SBG1000 enables you to use the following wireless security measures:
•
Restrict access to computers having the same unique network name as the SBG1000.
•
Encrypt data transmitted over the wireless interface by configuring a Wired Equivalency Privacy (WEP) key
on the SBG1000 and wireless LAN clients (stations).
•
Define a MAC access control list to restrict wireless LAN access to clients based on the MAC address.