Fujitsu CONNECT2AIR AP-600RP-USB Benutzerhandbuch
CONNECT2AIR™ WLAN AP-600RP-USB
Page 46 / 62
8.5.2 Firewall
The firewall is a set of programs located at the gateway, which limits the exposure of a
computer or a group of computers to users in the WAN network or Internet. Based on the
default policies and the specified rules, network administrators can easily manage the traf-
fic from any network access. The default policies allow you to accept or block all traffic.
You can also define rules: these determine what to do with specific types of traffic where
rules override the default policies.
The firewall offers extended protection against DoS (denial of service) attacks. Clients
connected to the Internet are exposed to attacks of this nature. Here, a third party attempts
to render the client or the host network inaccessible by bombarding the client with count-
less IP packets until the client's resources become exhausted. With DDOS (distributed
denial of service), the attacks come in groups, which increases the extent of the damage.
The router is also equipped with NAT (Network Address Translation) to protect the local
network by means of a special mechanism: clients are non-transparent to the Internet.
This means that a local PC with the IP address 192.168.1.101 is not visible as the source
of a message through its address. The message is "masked" by NAT and the WAN IP ad-
dress of the router (i.e., AccessPoint) appears as the source. The AccessPoint itself saves
the data regarding the true identity of a message and can forward a reply from the Internet
to the proper source if necessary.
Increased firewall protection by closing the ports
The security level of a firewall can be increased by successively closing one port after an-
other since hackers as well as viruses always look for opportunities to penetrate the fire-
wall through open ports. It is therefore also useful to close any ports that are not absolutely
necessary.
The firewall is a set of programs located at the gateway, which limits the exposure of a
computer or a group of computers to users in the WAN network or Internet. Based on the
default policies and the specified rules, network administrators can easily manage the traf-
fic from any network access. The default policies allow you to accept or block all traffic.
You can also define rules: these determine what to do with specific types of traffic where
rules override the default policies.
The firewall offers extended protection against DoS (denial of service) attacks. Clients
connected to the Internet are exposed to attacks of this nature. Here, a third party attempts
to render the client or the host network inaccessible by bombarding the client with count-
less IP packets until the client's resources become exhausted. With DDOS (distributed
denial of service), the attacks come in groups, which increases the extent of the damage.
The router is also equipped with NAT (Network Address Translation) to protect the local
network by means of a special mechanism: clients are non-transparent to the Internet.
This means that a local PC with the IP address 192.168.1.101 is not visible as the source
of a message through its address. The message is "masked" by NAT and the WAN IP ad-
dress of the router (i.e., AccessPoint) appears as the source. The AccessPoint itself saves
the data regarding the true identity of a message and can forward a reply from the Internet
to the proper source if necessary.
Increased firewall protection by closing the ports
The security level of a firewall can be increased by successively closing one port after an-
other since hackers as well as viruses always look for opportunities to penetrate the fire-
wall through open ports. It is therefore also useful to close any ports that are not absolutely
necessary.
L
This method of increasing security is available to users who are familiar with the
resources of the applications used. Remote administration programs, for example,
in some cases use ports that have been reserved specially for the application.
Please obtain details from the vendors regarding the software used.
resources of the applications used. Remote administration programs, for example,
in some cases use ports that have been reserved specially for the application.
Please obtain details from the vendors regarding the software used.
Service Function
TCP
UDP
AUTH Authentication
Service
113
113
BOOTPC
Bootstrap Protocol Client
67
DNS
Domain Name Server
53
FTP
File Transfer Protocol
21
HTTP
Hyper Text Transfer Protocol
80
NETBIOS-SSN Netbios
Session
Service
139
NNTP
Network News Transfer Protocol
119
NPP Network
Printing
Protocol
92
NTP
Network Time Protokol
123
POP3
Post Office Protocol V3
110
PPTP
Point to Point Tunneling Protocol (VPN)
1723
SMTP
Simple Mail Transfer Protocol
25
SNMP
Simple Network Management Protocol
161
Telnet Terminal
Emulation Protocol
23
TFTP
Trivial File Transfer Protocol
69
Different applications are available on the Internet for checking the firewall from the Inter-
net. Also make inquiries at anti-virus SW vendors regarding ports that are attacked by vi-
ruses and take appropriate measures.