Protecting Your Network

4-1

Chapter 4

Protecting Your Network

This chapter describes how to use the basic firewall features of the DG824M Wireless ADSL

Modem Gateway to protect your network.

Protecting Access to Your DG824M Wireless ADSL Modem

Gateway

For security reasons, the gateway has its own user name and password. Also, after a period of

inactivity for a set length of time, the administrator login will automatically disconnect. When

prompted, enter

admin

for the gateway User Name and

password

for the gateway Password. You

can use procedures below to change the gateway's password and the amount of time for the

administrator’s login timeout.

Note:

The user name and password are not the same as any user name or password your may use

to log in to your Internet connection.

NETGEAR recommends that you change this password to a more secure password. The ideal

password should contain no dictionary words from any language, and should be a mixture of both

upper and lower case letters, numbers, and symbols.

Your password can be up to 30 characters.

Procedure 4-1:

Changing the Built-In Password

1.

Log in to the gateway at its default LAN address of http://192.168.0.1 with its default User

Name of

admin

, default password of

password

, or using whatever Password and LAN

address you have chosen for the gateway.

Figure 4-1: Log in to the gateway

Reference Manual for the Model DG824M Wireless ADSL Modem Gateway

4-2

Protecting Your Network

2.

From the Main Menu of the browser interface, under the Maintenance heading, select Set

Password to bring up the menu shown in

Figure 4-2

.

Figure 4-2: Set Password menu

3.

To change the password, first enter the old password, and then enter the new password twice.

4.

Click Apply to save your changes.

Note:

After changing the password, you will be required to log in again to continue the

configuration.

If you have backed up the gateway settings previously, you should do a new

backup so that the saved settings file includes the new password.

Procedure 4-1:

Changing the Administrator Login Timeout

For security, the administrator's login to the

gateway

configuration will timeout after a period of

inactivity. To change the login timeout period:

1.

In the Set Password menu, type a number in ‘Administrator login times out’ field.The

suggested default value is 5 minutes.

2.

Click Apply to save your changes or click Cancel to keep the current period.

Reference Manual for the Model DG824M Wireless ADSL Modem Gateway

Protecting Your Network

4-3

Configuring Basic Firewall Services

Basic firewall services you can configure include access blocking and scheduling of firewall

security. These topics are presented below.

Blocking Keywords, Sites, and Services

The

gateway provides a variety of options for blocking Internet based content and

communications services.

With its content filtering feature, the DG824M gateway prevents

objectionable content from reaching your PCs. The Model RT311 router allows you to control

access to Internet content by screening for keywords within Web addresses. Key content filtering

options include:

•

Blocks access from your LAN to Internet locations that you specify as off-limits.

•

Keyword blocking of newsgroup names.

•

Outbound Services Blocking limits access from your LAN to Internet locations or services

that you specify as off-limits.

•

Denial of Service (DoS) protection. Automatically detects and thwarts Denial of Service

(DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.

•

Blocks unwanted traffic from the Internet to your LAN.

The section below explains how to configure your

gateway to perform these functions.

Procedure 4-2:

Block Keywords and Sites

The DG824M gateway allows you to restrict access to Internet content based on functions such as

Java or Cookies, Web addresses and Web address keywords.

1.

Log in to the gateway at its default LAN address of http://192.168.0.1 with its default User

Name of

admin

, default password of

password

, or using whatever Password and LAN

address you have chosen for the gateway.

Reference Manual for the Model DG824M Wireless ADSL Modem Gateway

4-4

Protecting Your Network

2.

Click on the Block Sites link of the Security menu.

Figure 4-3: Block Sites menu

3.

To enable keyword blocking, check “Turn keyword blocking on”, enter a keyword or domain

in the Keyword box, click Add Keyword, then click Apply.

Some examples of Keyword application follow:

•

If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is

blocked, as is the newsgroup alt.pictures.xxx.

•

If the keyword “.com” is specified, only websites with other domain suffixes (such as .edu

or .gov) can be viewed.

•

Enter the keyword “.” to block all Internet browsing access.

Up to 32 entries are supported in the Keyword list.

4.

To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.

5.

To specify a Trusted User, enter that PC’s IP address in the Trusted User box and click Apply.

You may specify one Trusted User, which is a PC that will be exempt from blocking and

logging. Since the Trusted User will be identified by an IP address, you should configure that

PC with a fixed IP address.

Reference Manual for the Model DG824M Wireless ADSL Modem Gateway

Protecting Your Network

4-5

6.

Click Apply to save your settings.

Rules

Firewall rules are used to block or allow specific traffic passing through from one side to the other.

Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing

only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine

what outside resources local users can have access to.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the DG824M are:

•

Inbound: Block all access from outside except responses to requests from the LAN side.

•

Outbound: Allow all access from the LAN side to the outside.

You may define additional rules that will specify exceptions to the default rules. By adding custom

rules, you can block or allow access based on the service or application, source or destination IP

addresses, and time of day. You can also choose to log traffic that matches or does not match the

rule you have defined.