8 configuring security, Figure 93 security, Table 66 security – ZyXEL Communications P-335WT User Manual

Page 206

Advertising
background image

P-335 Series User’s Guide

206

Chapter 15 Remote Management Screens

15.8 Configuring Security

To change your Prestige’s security settings, click REMOTE MGMT, then the Security tab.
The screen appears as shown.

If an outside user attempts to probe an unsupported port on your Prestige, an ICMP response
packet is automatically returned. This allows the outside user to know the Prestige exists.
Your Prestige supports anti-probing, which prevents the ICMP response packet from being
sent. This keeps outsiders from discovering your Prestige when unsupported ports are probed.

Figure 93 Security

The following table describes the labels in this screen.

Table 66 Security

LABEL

DESCRIPTION

ICMP

Internet Control Message Protocol is a message control and error-reporting

protocol between a host server and a gateway to the Internet. ICMP uses Internet

Protocol (IP) datagrams, but the messages are processed by the TCP/IP software

and directly apparent to the application user.

Respond to Ping

on

The Prestige will not respond to any incoming Ping requests when Disable is

selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply

to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both

incoming LAN and WAN Ping requests.

Do not respond to

requests for

unauthorized

services

Select this option to prevent hackers from finding the Prestige by probing for

unused ports. If you select this option, the Prestige will not respond to port

request(s) for unused ports, thus leaving the unused ports and the Prestige unseen.

By default this option is not selected and the Prestige will reply with an ICMP Port

Unreachable packet for a port probe on its unused UDP ports, and a TCP Reset

packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the Prestige's firewall mechanism

before reaching this anti-probing mechanism. Therefore if the firewall mechanism

blocks a probing packet, the Prestige reacts based on the firewall policy, which by

default, is to send a TCP reset packet for a blocked TCP packet. You can use the

command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall

mechanism blocks a UDP packet, it drops the packet without sending a response

packet.

Advertising
Popular Brands
Popular manuals