ZyXEL nbg-4615 사용자 가이드
Chapter 23 Firewall
NBG4615 User’s Guide
197
The NBG4615 is installed between the LAN and a broadband modem connecting to
the Internet. This allows it to act as a secure gateway for all data passing between
the Internet and the LAN.
the Internet. This allows it to act as a secure gateway for all data passing between
the Internet and the LAN.
The NBG4615 has one Ethernet WAN port and four Ethernet LAN ports, which are
used to physically separate the network into two areas.The WAN (Wide Area
Network) port attaches to the broadband (cable or DSL) modem to the Internet.
used to physically separate the network into two areas.The WAN (Wide Area
Network) port attaches to the broadband (cable or DSL) modem to the Internet.
The LAN (Local Area Network) port attaches to a network of computers, which
needs security from the outside world. These computers will have access to
Internet services such as e-mail, FTP and the World Wide Web. However, "inbound
access" is not allowed (by default) unless the remote host is authorized to use a
specific service.
needs security from the outside world. These computers will have access to
Internet services such as e-mail, FTP and the World Wide Web. However, "inbound
access" is not allowed (by default) unless the remote host is authorized to use a
specific service.
Guidelines For Enhancing Security With Your Firewall
1
Change the default password via Web Configurator.
2
Think about access control before you connect to the network in any way,
including attaching a modem to the port.
including attaching a modem to the port.
3
Limit who can access your router.
4
Don't enable any local service (such as NTP) that you don't use. Any enabled
service could present a potential security risk. A determined hacker might be able
to find creative ways to misuse the enabled services to access the firewall or the
network.
service could present a potential security risk. A determined hacker might be able
to find creative ways to misuse the enabled services to access the firewall or the
network.
5
For local services that are enabled, protect against misuse. Protect by configuring
the services to communicate only with specific peers, and protect by configuring
rules to block packets for the services at specific interfaces.
the services to communicate only with specific peers, and protect by configuring
rules to block packets for the services at specific interfaces.
6
Protect against IP spoofing by making sure the firewall is active.
7
Keep the firewall in a secured (locked) room.