Network Router User's Manual

ManualsBrandsFujitsu ManualsNetwork RouterCONNECT2AIR AP-600RP-USB

CONNECT2AIR™ WLAN AP-600RP-USB Page 46 / 62

8.5.2 Firewall

The firewall is a set of programs located at the gateway, which limits the exposure of a

computer or a group of computers to users in the WAN network or Internet. Based on the

default policies and the specified rules, network administrators can easily manage the traf-

fic from any network access. The default policies allow you to accept or block all traffic.

You can also define rules: these determine what to do with specific types of traffic where

rules override the default policies.

The firewall offers extended protection against DoS (denial of service) attacks. Clients

connected to the Internet are exposed to attacks of this nature. Here, a third party attempts

to render the client or the host network inaccessible by bombarding the client with count-

less IP packets until the client's resources become exhausted. With DDOS (distributed

denial of service), the attacks come in groups, which increases the extent of the damage.

The router is also equipped with NAT (Network Address Translation) to protect the local

network by means of a special mechanism: clients are non-transparent to the Internet.

This means that a local PC with the IP address 192.168.1.101 is not visible as the source

of a message through its address. The message is "masked" by NAT and the WAN IP ad-

dress of the router (i.e., AccessPoint) appears as the source. The AccessPoint itself saves

the data regarding the true identity of a message and can forward a reply from the Internet

to the proper source if necessary.

Increased firewall protection by closing the ports

The security level of a firewall can be increased by successively closing one port after an-

other since hackers as well as viruses always look for opportunities to penetrate the fire-

wall through open ports. It is therefore also useful to close any ports that are not absolutely

necessary.

L This method of increasing security is available to users who are familiar with the

resources of the applications used. Remote administration programs, for example,

in some cases use ports that have been reserved specially for the application.

Please obtain details from the vendors regarding the software used.

Service Function TCP UDP

AUTH Authentication Service 113 113

BOOTPC Bootstrap Protocol Client 67

DNS Domain Name Server 53

FTP File Transfer Protocol 21

HTTP Hyper Text Transfer Protocol 80

NETBIOS-SSN Netbios Session Service 139

NNTP Network News Transfer Protocol 119

NPP Network Printing Protocol 92

NTP Network Time Protokol 123

POP3 Post Office Protocol V3 110

PPTP Point to Point Tunneling Protocol (VPN) 1723

SMTP Simple Mail Transfer Protocol 25

SNMP Simple Network Management Protocol 161

Telnet Terminal Emulation Protocol 23

TFTP Trivial File Transfer Protocol 69

Different applications are available on the Internet for checking the firewall from the Inter-

net. Also make inquiries at anti-virus SW vendors regarding ports that are attacked by vi-

ruses and take appropriate measures.