Zyxel F1000 Router Manual PDF (Setup & Configuration Guide)

Page 186 / 359 Scroll up to view Page 181 - 185

Chapter 12 USB Service

eircom F1000 Modem User’s Guide

186

Page 187 / 359

eircom F1000 Modem User’s Guide

187

C

HAPTER

13

Firewall

13.1

Overview

This chapter shows you how to enable and configure the Device’s security settings. Use the firewall

to protect your Device and network from attacks by hackers on the Internet and control access to

it. By default the firewall:

•

allows traffic that originates from your LAN computers to go to all other networks.

•

blocks traffic that originates on other networks from going to the LAN.

The following figure illustrates the default firewall action. User

A

can initiate an IM (Instant

Messaging) session from the LAN to the WAN (1). Return traffic for this session is also allowed (2).

However other traffic initiated from the WAN is blocked (3 and 4).

Figure 108

Default Firewall Action

13.1.1

What You Can Do in this Chapter

•

Use the

General

screen to configure the security level of the firewall on the Device (

Section 13.2

on page 189

).

•

Use the

Protocol

screen to add or remove predefined Internet services and configure firewall

rules (

Section 13.3 on page 189

).

•

Use the

Access Control

screen to view and configure incoming/outgoing filtering rules (

Section

13.4 on page 191

).

•

Use the

DoS

screen to activate protection against Denial of Service (DoS) attacks (.

Section 13.5

on page 194

).

WAN

LAN

3

4

1

2

A

Page 188 / 359

Chapter 13 Firewall

eircom F1000 Modem User’s Guide

188

13.1.2

What You Need to Know

SYN Attack

A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the

targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that

follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-

ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates

the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests,

making the system unavailable for legitimate users.

DoS

Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the

Internet. Their goal is not to steal information, but to disable a device or network so users no longer

have access to network resources. The ZyXEL Device is pre-configured to automatically detect and

thwart all known DoS attacks.

DDoS

A DDoS attack is one in which multiple compromised systems attack a single target, thereby

causing denial of service for users of the targeted system.

LAND Attack

In a LAND attack, hackers flood SYN packets into the network with a spoofed source IP address of

the target system. This makes it appear as if the host computer sent the packets to itself, making

the system unavailable while the target system tries to respond to itself.

Ping of Death

Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum

65,536 bytes of data allowed by the IP specification. This may cause systems to crash, hang or

reboot.

SPI

Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is

valid. Filtering decisions are based not only on rules but also context. For example, traffic from the

WAN may only be allowed to cross the firewall in response to a request from the LAN.

Page 189 / 359

Chapter 13 Firewall

eircom F1000 Modem User’s Guide

189

13.2

The Firewall Screen

Use this screen to set the security level of the firewall on the Device. Firewall rules are grouped

based on the direction of travel of packets to which they apply.

Click

Security > Firewall

to display the

General

screen.

Figure 109

Security > Firewall > General

The following table describes the labels in this screen.

13.3

The Protocol Screen

You can configure customized services and port numbers in the

Protocol

screen. For a

comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number

Authority) website. See

Appendix F on page 347

for some examples.

Table 76

Security > Firewall > General

LABEL

DESCRIPTION

Firewall

Select

Enable

to activate the firewall feature on the Device.

Easy

Select

Easy

to allow LAN to WAN and WAN to LAN packet directions.

Medium

Select

Medium

to allow LAN to WAN but deny WAN to LAN packet directions.

High

Select

High

to deny LAN to WAN and WAN to LAN packet directions.

Apply

Click

Apply

to save your changes.

Cancel

Click

Cancel

to restore your previously saved settings.

Page 190 / 359

Chapter 13 Firewall

eircom F1000 Modem User’s Guide

190

Click

Security > Firewall > Protocol

to display the following screen.

Figure 110

Security > Firewall > Protocol

The following table describes the labels in this screen.

13.3.1

Add/Edit a Service

Use this screen to add a customized service rule that you can use in the firewall’s ACL rule

configuration. Click

Add new service entry

or the edit icon next to an existing service rule in the

Service

screen to display the following screen.

Figure 111

Service: Add/Edit

Table 77

Security > Firewall > Protocol

LABEL

DESCRIPTION

Add new

service entry

Click this to add a new service.

Name

This is the name of your customized service.

Description

This is the description of your customized service.

Ports/Protocol

Number

This shows the IP protocol (

TCP

,

UDP

,

ICMP

, or

TCP/UDP

) and the port number or range

of ports that defines your customized service.

Other

and the protocol number displays if the

service uses another IP protocol.

Modify

Click the

Edit

icon to edit the entry.

Click the

Delete

icon to remove this entry.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share