Encryption, Tcp/ip packet filters, The hiding place—ip masquerading (nat, pat) – ELSA Cable User Manual

Operating modes and functions

ELSA MicroLink Cable

31

Encryption

Since cable modems transfer data via a cable shared by many participants, data should
be encrypted to prevent access by the other participants.

All data between the modem of the provider and the modem of the end users is
automatically transferred in an encrypted state. This is where the DES encryption (Data
Encryption Standard) with a code length of 56 comes in. In addition, the code in use is
repeatedly changed during the transfer of data. This guarantees the highest level of
protection.

TCP/IP packet filters

You can use your entries in the routing table to determine quite precisely which data
should be transferred. Additionally, you can use a special entry in the 'Router-name' field
to reject whole groups of IP addresses.

Occasionally, you may wish to restrict a transmission even further. You can do this using
a characteristic of TCP/IP, which is to send port numbers for destination and source as
well as the source and destination IP addresses with a data packet. The destination port
in a data packet stands for the service to be addressed in the TCP/IP network. The
destination ports are fixed for the various services on the TCP/IP network. The source
ports, on the other hand, may be selected freely within certain ranges.

The IP router can check the source and destination ports of data packets using the TCP
or UDP protocols. It can then deduce the purpose of the data from these ports. For
example, FTP accesses or Telnet sessions can be identified. The appropriate filter table
can be used to determine that certain data is not to be transferred from the LAN to the
remote station. Data for particular ports can also be blocked from entering the LAN in
the same way.

In addition to the definition of the port range and the associated protocols, the filter table
can be used to determine whether the data packet concerned will be accepted or
rejected. Both interfaces of the cable modem (for the cable network and for the LAN) can
be set separately for incoming and outgoing data transfer.

This filter table can be found in the configuration tool

ELSA LANconfig in the 'TCP/IP'

configuration section on the 'Filter' tab, or in the

/Setup/IP router/firewall

menu.

The hiding place—IP masquerading (NAT, PAT)

One of today's most common tasks a for cable modem is connecting the numerous
workstation computers in a LAN to the ultimate network, the Internet. Everyone should
have the potential to access the WWW from his workstation and be able to fetch bang
up-to-date information for his work.