16 |

EMINENT ADVANCED MANUAL

18. Click ‘Next’.

19. Select ‘Permanent broadband connection’.

20. Click ‘Next’.

21. Click ‘Complete’.

22.

Close all Windows that are currently open.

23. Restart your PC

DHCP, Automatic allocation of ip-addresses

For the development of DHCP (Dynamic Host Configuration Protocol), TCP/IP settings

are configured manually on each TCP/IP client (such as your computer for example).

This can be a difficult job if it is a big network or if something has to be changed

regularly in the network. DHCP was developed to avoid always having to set up an IP

address. With DHCP, IP addresses are allocated automatically when necessary and

released when no longer required. A DHCP server has a series (‘pool’) of valid

addresses that it can allocate to the client. When a client starts for example, it will

send a message requesting an IP address. A DHCP server (there can be several in a

network) responds by sending back an IP address and configuration details. The client

will send a confirmation of receipt after which it can operate on the network.

Translating ip-adresses and domain names

IP addresses are far from user-friendly. Domain names are however easier to

remember and use. The process of translating a domain name into an address that is

understandable for a machine (such as your computer) is known as ‘name resolution’.

A ‘Domain Name System’ server carries out the afore-mentioned process. Thanks to

DNS, you use domain names instead of IP addresses when visiting a website or

sending e-mails.

Dynamic DNS or DDNS is a DNS-related option. You can still link your IP address to a

domain name using DDNS if your provider works with dynamic IP addresses

(‘dynamic’ here means that the IP addresses change frequently). After all, the IP

address to which your domain name refers will also change when your provider

changes your IP address. You must register with a Dynamic DNS provider such as

www.dyndns.org and www.no-ip.com in order to use Dynamic DNS.

Using a single ip-address for your entire

network

Network Address Translation (NAT) is an Internet standard with which a local network

can use private IP addresses. Private IP addresses are those used within an own

network. Private IP addresses are neither recognized nor used on the Internet. An IP

address used on the Internet is also called a public IP address.

17 |

EMINENT ADVANCED MANUAL

NAT enables you to share a single public IP address with several computers in your

network. NAT ensures the computers in your network can use the Internet without any

problems but users on the Internet will not have access to the computers in your

network. You will understand that NAT also offers a certain level of security partly due

to the fact that private IP addresses are not visible on the Internet.

Fortunately, most routers currently use NAT.

Security for your computer and your network

A firewall can be a software- or a hardware solution placed, as it were, between the

internal network and the outside world. Firewalls generally control incoming and

outgoing data. Firewalls can be adjusted to stop or allow certain information from the

Internet. Firewalls can also be adjusted to stop or allow requests from outside. Rules

or policies are used to adjust firewalls. These state what a firewall must stop or allow

and thus form a sort of filter.

Most routers have various firewall functions. The big advantage of a firewall in a router

(hardware solution) is that an attack from outside is averted before reaching your

network. If you wish to use a software firewall, you could for example, use the firewall

built into Windows XP Service Pack 2. There are better alternatives such as the free

ZoneAlarm and the commercial packages from Norman, Norton, Panda and McAfee.

These commercial packages also offer protection against viruses if required.

Making a computer available for Internet

users in your network

The DMZ or DeMilitarized Zone is the zone between the outside world – the Internet –

and the secure internal network. The computer placed within the DMZ is accessible

via the Internet. This is in contrast to the computers that are outside the DMZ and are

therefore secure. The DMZ is therefore also often used for servers that host websites.

Websites must after all always be accessible via the Internet. A computer is also often

placed within the DMZ if one plays a lot of online games. It is however advisable when

you place a computer in the DMZ to fit a software firewall (such as the free

ZoneAlarm). This is because the firewall opens all ports of the router for a computer

within the DMZ. There is therefore no restriction on data transmission while this is

however desirable in some situations.

Just like the DMZ function, Virtual Server enables you to make a computer, set up for

example, as an FTP- or a web server, accessible from the Internet. You can state

which ports in the firewall must be opened when using a Virtual Server. This is also

the most important difference with the DMZ: when you place a computer in the DMZ,

all ports are opened for the respective computer. If you use Virtual Server, you can

open only the ports important for the respective computer.

18 |

EMINENT ADVANCED MANUAL

Port Triggering or Special Apps is based on the same principle as Virtual Server. Port

Triggering also enables you to make a computer within your network set up for

example as an FTP- or webserver, accessible from the Internet. The ports you

allocate always remain open when you use Virtual Server. With Port Triggering

however, the respective ports will only be opened if requested by the respective

application.

Simplifying network management

UPnP ‘Universal Plug and Play’: The name suggests that UpnP is very similar to the

well-known – and notorious – ‘Plug & Play’. Nothing is further from the truth. UPnP is

completely different technology. The line of approach is that UPnP appliances must be

able to communicate with one another via TCP/IP irrespective of the operating

system, the programming language or the hardware. UPnP should make the user’s life

considerably easier.

As well as the products from a limited number of other manufacturers, most Eminent

network manufacturers support UPnP. For more information on UPnP, visit:

www.upnp.org.

Blocking websites with explicit content

Parental Control enables you to prevent one or more computers in your network from

accessing the Internet. Parental Control often consists of several functions such as

‘URL Blocking’. This function blocks websites by way of so-called ‘keywords’ or

catchwords. Websites with explicit content are blocked in this way. URL Blocking is

often combined with time and/or date blocks. Such blocks enable you to allow or block

Internet access at certain times.

You use ‘rules’ or ‘policies’ to set up your own

schedule of blocks (see also ‘Schedule Rule’). These rules describe exactly when and

on what, a certain action, in this case, a block, must be applied.

Checking data traffic at package level

The package filter (or ‘Packet Inspection’) is a programme that checks data packages

while they are passing. The intelligent package filter checks the passing dataflow or

business-specific definitions such as the IP- or user address, time and date, function

and a number of other definitions. The package filter can best be imagined as a

gatekeeper. The ‘gatekeeper’ screens the passers-by: ‘Who are you and where are

you going?’ The passers-by whom the gatekeeper considers unsafe or unreliable are

kept out.

You do not have to configure the package filter in most appliances. You only have the

option of activating these. The use of this option is therefore also definitely

recommended.

19 |

EMINENT ADVANCED MANUAL

Blocking a complete domain

A ‘Domain Filter’ will enable you to block an entire domain. A domain is a location on

the Internet such as a website. A Domain Filter is therefore very similar to a ‘URL

Filter’, apart from the fact that a Domain Filter blocks the entire domain. If, for

example, you wish to protect your children from explicit content on a certain website,

as well as blocking the website by way of catchwords (see: ‘Parental Control’), you

can block the entire website. You can do this using the Domain Filter.

Carrying out actions based on date or time

You can configure when a certain option may be available using the ‘Schedule Rule’

function. Imagine you wish to make your ‘Virtual Server’ available at set times. You

can use the Schedule Rule to stipulate when Internet users may approach your Virtual

Server. It will then not be possible for Internet users to make a connection with your

Virtual Server outside the period set. Schedule Rule is a handy option for automating

certain access blocks.

A safe remote connection

VPN (Virtual Private Networking) enables you to create a secure connection so you

can, for example, use your business network while at home. A VPN connection is

actually nothing more than a highly secure tunnel, which makes a connection with

another computer or network via the Internet. Data sent via a VPN and received by

third parties will still be unusable thanks to advanced encryption technology.

Remote network management

The Simple Network Management Protocol (SNMP) is a control function enabling you

to collect information from the router. The above-mentioned information consists of

details on the number of computers connected to the router, their IP- and MAC

addresses and the amount of data traffic processed when the information is

requested. SNMP enables the system administrator to control the router remotely.

This is often done using special applications supporting the SNMP protocol.

Allocating or blocking network access

A MAC address is a unique code which each network product has. This code can

often be found on a sticker on the product. You can also find the MAC address by

clicking on ‘Start’, ‘Execute’. Type ‘CMD’ and press ‘Enter’. Then type ‘ipconfig /all’

and press ‘Enter’ again. The MAC address is shown under ‘Physical Address’. A MAC

address consists of six pairs each of two hexadecimal characters. For example, 00-

0C-6E-85-03-82. MAC Address Control enables you to set up rules for MAC

addresses and therefore to deny for example, certain network products access to your

20 |

EMINENT ADVANCED MANUAL

network. When you use a wireless network, you can meanwhile use MAC Address

Control to configure for example, your wireless network adapter to be able to connect

to your network without the neighbouring network adapter being able to do so. MAC

Address Control is a possibility, as well as WEP or WPA of providing extra security for

your wireless network.

Making your wireless network secure

WEP encryption is a form of security encoding the wireless signal from your wireless

router or modem so the data cannot be simply intercepted by third parties. The

security level is expressed in bits. 64-Bit WEP encryption is the lowest security level

ranging up to 128-Bit for the highest level of security offered by WEP encryption: 256-

Bit. You must enter a hexadecimal- or an ASCII series of characters in order to set up

WEP encryption. Hexadecimal characters consist of the characters ‘A’ to ‘F’ and ‘0’ to

‘9’. ASCII characters include all characters, including symbols. When you have

selected the correct level of security and entered the key, you must also enter exactly

the same key into all wireless appliances within the same network. Bear in mind that –

when you activate the key in the first appliance – the connection with the network will

be broken. You can re-establish the network by systematically providing all wireless

appliance products with the same key.

WPA is a form of security encoding the wireless signal from your wireless router or

modem so the data cannot be simply intercepted by third parties. WPA stands for ‘Wi-

Fi Protected Access’ and is a big improvement on wireless security. WPA uses a ‘Pre

Shared Key (PSK)’. This is a key that must be put into operation on all appliances

connected to the wireless network. This WPA key may not be any longer than 63

(random) characters and no shorter than 8 (random) characters. The best form of

wireless protection is currently however formed by WPA2. The above-mentioned

standard is only supported by a few manufacturers – including Eminent – and is

therefore difficult to combine with other makes of wireless networks.

If you wish to use WPA or perhaps even WPA2, make sure that all appliances in your

wireless network support this form of security. The combining of various types of

security in a wireless network is not possible and will result in the loss of the

connection.

Expanding the range of your wireless

network

WDS (Wireless Distribution System) or ‘Bridging’ is an option with which you can

easily expand the range of your wireless network should the range of your wireless

network remain limited. Appliances linked via WDS can share your Internet

connection. You therefore do not need to interlink appliances sharing WDS by way of

a physical connection (such as a cable). Appliances supporting WDS or Bridging