Protecting Your Network

5-1

202-10006-05, June 2005

Chapter 5

Protecting Your Network

This chapter describes how to use the basic firewall features of the DG834G Wireless ADSL

Firewall Router to protect your network.

Protecting Access to Your DG834G Wireless ADSL Firewall

Router

For security reasons, the router has its own user name and password. Also, after a period of

inactivity for a set length of time, the administrator login will automatically disconnect. When

prompted, enter

admin

for the router User Name and

password

for the router Password. You can

use procedures below to change the router's password and the amount of time for the

administrator’s login timeout.

Note:

The user name and password are not the same as any user name or password your may use

to log in to your Internet connection.

NETGEAR recommends that you change this password to a more secure password. The ideal

password should contain no dictionary words from any language, and should be a mixture of both

upper and lower case letters, numbers, and symbols.

Your password can be up to 30 characters.

How to Change the Built-In Password

1.

Log in to the router at its default LAN address of

with its default User Name

of

admin

, default password of

password

, or using whatever Password and LAN address you

have chosen for the router.

Figure 5-1:

Log in to the router

2.

From the Main Menu of the browser interface, under the Maintenance heading, select Set

Password to bring up the menu shown in

Figure 5-2

.

Reference Manual for the Model Wireless ADSL Firewall Router DG834G

5-2

Protecting Your Network

202-10006-05, June 2005

Figure 5-2:

Set Password menu

3.

To change the password, first enter the old password, and then enter the new password twice.

4.

Click Apply to save your changes.

Note:

After changing the password, you will be required to log in again to continue the

configuration. If you have backed up the router settings previously, you should do a new backup so

that the saved settings file includes the new password.

Changing the Administrator Login Timeout

For security, the administrator's login to the router configuration will timeout after a period of

inactivity. To change the login timeout period:

1.

In the Set Password menu, type a number in ‘Administrator login times out’ field. The

suggested default value is 5 minutes.

2.

Click Apply to save your changes or click Cancel to keep the current period.

Configuring Basic Firewall Services

Basic firewall services you can configure include access blocking and scheduling of firewall

security. These topics are presented below.

Reference Manual for the Model Wireless ADSL Firewall Router DG834G

Protecting Your Network

5-3

202-10006-05, June 2005

Blocking Keywords, Sites, and Services

The router provides a variety of options for blocking Internet based content and communications

services. With its content filtering feature, the DG834G wireless router prevents objectionable

content from reaching your PCs. The router allows you to control access to Internet content by

screening for keywords within Web addresses. Key content filtering options include:

•

Keyword blocking of HTTP traffic.

•

Outbound Service Blocking limits access from your LAN to Internet locations or services that

you specify as off-limits.

•

Denial of Service (DoS) protection. Automatically detects and thwarts Denial of Service

(DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.

•

Blocking unwanted traffic from the Internet to your LAN.

The section below explains how to configure your

router to perform these functions.

How to Block Keywords and Sites

The DG834G wireless router allows you to restrict access to Internet content based on functions

such as Web addresses and Web address keywords.

1.

Log in to the router at its default LAN address of

with its default User Name

of

admin

, default password of

password

, or using whatever Password and LAN address you

have chosen for the router.

2.

Select the Block Sites link of the Security menu.

Reference Manual for the Model Wireless ADSL Firewall Router DG834G

5-4

Protecting Your Network

202-10006-05, June 2005

Figure 5-3:

Block Sites menu

3.

To enable keyword blocking, select one of the following:

•

Per Schedule—to turn on keyword blocking according to the settings on the Schedule

page.

•

Always—to turn on keyword blocking all of the time, independent of the Schedule page.

4.

Enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply.

Some examples of Keyword application follow:

•

If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is

blocked.

•

If the keyword “.com” is specified, only Web sites with other domain suffixes (such as

.edu or .gov) can be viewed.

•

Enter the keyword “.” to block all Internet browsing access.

Up to 32 entries are supported in the Keyword list.

5.

To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.

6.

To specify a trusted user, enter that computer’s IP address in the Trusted IP Address box and

click Apply.

You can specify one trusted user, which is a computer that will be exempt from blocking and

logging. Since the trusted user will be identified by an IP address, you should configure that

computer with a fixed IP address.

Reference Manual for the Model Wireless ADSL Firewall Router DG834G

Protecting Your Network

5-5

202-10006-05, June 2005

7.

Click Apply to save your settings.

Firewall Rules

Firewall rules are used to block or allow specific traffic passing through from one side of the router

to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources,

selectively allowing only specific outside users to access specific resources. Outbound rules (LAN

to WAN) determine what outside resources local users can have access to.

A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of

the DG834G are:

•

Inbound: Block all access from outside except responses to requests from the LAN side.

•

Outbound: Allow all access from the LAN side to the outside.

You can define additional rules that will specify exceptions to the default rules. By adding custom

rules, you can block or allow access based on the service or application, source or destination IP

addresses, and time of day. You can also choose to log traffic that matches or does not match the

rule you have defined.

You can change the order of precedence of rules so that the rule that applies most often will take

effect first. See

“Order of Precedence for Rules” on page 5-11

for more details.

To access the rules configuration of the DG834G, click the Firewall Rules link on the main menu,

then click Add for either an Outbound or Inbound Service.

Figure 5-4:

Rules menu