User's Guide
Table Of Contents
- EMG3435-Q20A
- User’s Guide
- Technical Reference
- Status
- WAN
- Wireless LAN
- LAN
- Applications
- Security
- Maintenance
- Troubleshooting
- Customer Support
- Setting Up Your Computer’s IP Address
- Common Services
- Legal Information
- Index
Chapter 14 Security
EMG3435-Q20A User’s Guide
141
Ab o ut the EMG 3435- Q 20A Fire wa ll
The EMG3435-Q20A’s firewall feature physically separates the LAN and the WAN and acts as a secure
gateway for all data passing between the networks.
It is a stateful inspection firewall and is designed to protect against Denial of Service attacks when
activated (click the IPv4 Fire wa ll or IPv6 Fire wa ll tab under Se c urity and then click the Ena ble Fire wa ll
check box). The EMG3435-Q20A's purpose is to allow a private Local Area Network (LAN) to be securely
connected to the Internet. The EMG3435-Q20A can be used to prevent theft, destruction and
modification of data, as well as log events, which may be important to the security of your network.
The EMG3435-Q20A is installed between the LAN and a broadband modem connecting to the Internet.
This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
The EMG3435-Q20A has one Ethernet WAN port and four Ethernet LAN ports, which are used to
physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the
broadband (cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which needs security from the
outside world. These computers will have access to Internet services such as e-mail, FTP and the World
Wide Web. However, "inbound access" is not allowed (by default) unless the remote host is authorized to
use a specific service.
G uide line s Fo r Enha nc ing Se c urity With Your Fire wa ll
1 Change the default password via Web Configurator.
2 Think about access control before you connect to the network in any way, including attaching a
modem to the port.
3 Limit who can access your router.
4 Don't enable any local service (such as NTP) that you don't use. Any enabled service could present a
potential security risk. A determined hacker might be able to find creative ways to misuse the enabled
services to access the firewall or the network.
5 For local services that are enabled, protect against misuse. Protect by configuring the services to
communicate only with specific peers, and protect by configuring rules to block packets for the services
at specific interfaces.
6 Protect against IP spoofing by making sure the firewall is active.
7 Keep the firewall in a secured (locked) room.
14.2 IPv4 Fire wa ll Sc re e n
Use this screen to enable or disable the EMG3435-Q20A’s IPv4 firewall. Click Expe rt Mo de > Se c urity >
IPv4 Fire wa ll to open the firewall setup screen.