Chapter

9

Network Security

This chapter guides you on how to protect your home network from cyber attacks

and unauthorized users by implementing these three network security functions. You

can protect your home network against DoS (Denial of Service) attacks from flooding

your network with server requests using DoS Protection, block or allow specific client

devices to access your network using Access Control, or you can prevent ARP spoofing

and ARP attacks using IP & MAC Binding function.

This chapter contains the following sections:

•

Protect the Network from Cyber Attacks

•

Access Control

•

IP & MAC Binding

58

Chapter 9

Network Security

9. 1.

Protect the Network from Cyber Attacks

The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection

protect the router from cyber attacks.

The SPI Firewall can prevent cyber attacks and validate the traffic that is passing

through the router based on the protocol. This function is enabled by default, and it’s

recommended to keep the default setting.

DoS Protection can protect your home network against DoS attacks from flooding your

network with server requests. Follow the steps below to configure DoS Protection.

1.

Visit

http://tplinkwifi.net

, and log in with the username and password you’ve set for

the router.

2.

Go to

Advanced

>

Security

>

Settings

.

3.

Enable

DoS Protection

.

4.

Set the level (

Off

,

Low

,

Middle

or

High

) of protection for

ICMP-FLOOD Attack

Filtering

,

UDP-FlOOD Attack Filtering

and

TCP-SYN-FLOOD Attack Filtering

.

•

ICMP-FLOOD Attack Filtering

- Enable to prevent the Internet Control Message

Protocol (ICMP) flood attack.

•

UDP-FlOOD Attack Filtering

- Enable to prevent the User Datagram Protocol

(UDP) flood attack.

•

TCP-SYN-FLOOD Attack Filtering

- Enable to prevent the Transmission Control

Protocol-Synchronize (TCP-SYN) flood attack.

Tips:

The level of protection is based on the traffic packets number. The protection will be triggered immediately

when the number of packets exceeds the preset threshold value (the value can be set on

Advanced

>

System

Tools

>

System Parameters

>

DoS Protection Level Settings

), and the vicious host will be displayed in the

Blocked DoS Host List

.

59

Chapter 9

Network Security

5.

Select

Ignore Ping Packet From WAN/LAN Port

if you want to ignore the ping

packets from WAN/LAN port.

6.

Click

Save

to make the settings effective.

9. 2.

Access Control

Access Control is used to block or allow specific client devices to access your network

(via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed

devices (Whitelist).

Block or allow specific client devices to access my network (via

wired or wireless).

1.

Visit

http://tplinkwifi.net

, and log in with the username and

password you’ve set for the router.

2.

Go to

Advanced

>

Security

>

Access Control

.

3.

Enable

Access Control

.

4.

Select the access mode to either block (recommended) or

allow the device(s) in the list.

To block specific device(s)

1 ) Select

Blacklist

and click

Save

.

2 ) Select the device(s) to be blocked in the

Devices Online

table by ticking the box.

I want to:

How can I

do that?

60

Chapter 9

Network Security

3 ) Click

Block

above the

Devices Online

table. The selected

devices will be added to

Devices in Blacklist

automatically.

To allow specific device(s)

1 ) Select

Whitelist

and click

Save

.

2 ) Click

Add

in Devices in Whitelist section. Enter the

Device Name

and

MAC Address

(You can copy and paste

the information from the following list if the device is

connected to your network).

3 ) Click

OK

.

Now you can block or allow specific client devices to access your

network (via wired or wireless) using the

Blacklist

or

Whitelist

.

Done!

61

Chapter 9

Network Security

9. 3.

IP & MAC Binding

IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind

network device’s IP address to its MAC address. This will prevent ARP Spoofing and

other ARP attacks by denying network access to an device with matching IP address in

the Binding list, but unrecognized MAC address.

Prevent ARP spoofing and ARP attacks.

1.

Visit

http://tplinkwifi.net

, and log in with the username and

password you’ve set for the router.

2.

Go to

Advanced

>

Security

>

IP & MAC Binding

.

3.

Enable

ARP Binding

.

4.

Bind your device(s) according to your need.

To bind the connected device(s):

Click

to add the

corresponding device to the

Binding List

.

To bind the unconnected device

1 ) Click

Add

in Binding List section.

2 ) Enter the

MAC address

and

IP address

that you want to

bind.

3 ) Tick the

Enable This Entry

check box and click

OK

.

Now you don’t need to worry about ARP spoofing and ARP

attacks!

I want to:

How can I

do that?

Done!