D-Link 502G User Guide - Page 55

Advanced Filter & Firewall

Get D-Link 502G - DSL Router - EN PDF manuals and user guides View all D-Link 502G manuals
Add to My Manuals
Save this manual to your list of manuals

Page 55 highlights

DSL-502G ADSL Router User's Guide Advanced Filter & Firewall One of the most important elements of any network security implementation is the firewall. Packet filtering is a basic firewall security measure and should be used on any network that is exposed to security risk. A packet filter system examines data packets and scrutinizes them in order to control network access. Filtering rules determine whether packets are passed through the Router from either side of the gateway. The rules are created and controlled by the network administrator and can be precisely defined. These rules are used to block access to the LAN from outside the network and/or to deny access to the WAN from within the network. The Router uses filtering rules to examine data packet headers for specific information. Packets passing through the Router that do not meet the criteria specified by the rule set are dropped. In order to improve network security without severely limiting network efficiency, it is important to carefully plan the sets of access rules. Effective implementation of packet filtering requires detailed knowledge of network services and communication protocols. An overly complicated filtering scheme can adversely effect routing performance, while an inadequate set of rules may needlessly compromise security. Packet filtering can be used in conjunction with NAT, port redirection and proxy servers to help provide basic firewall protection. However, these measures do not address many security issues and should be used as only one part of an overall network security strategy. It is important to remember that IP packet filtering examines only the packet header and is not concerned with application information. Therefore, packet filtering does not protect against higher-level security threats that may operate at the application or other level. Filtering rules can be precisely defined based upon source and destination IP address, as well as port and protocol information. Up to four filter sets can be used; each set contains up to sixteen filtering rules subsets. Figure 24. Filter & Firewall Menu 1 The first Filter & Firewall menu lists the four filtering sets, each followed by an identifying comment. Below the list are two drop-down menus. The filtering sets are sets of filtering rules defined in the menus shown below. When you are finished defining the rules for each set, use the If not matched menu to select Pass or Block for all the sets listed. From the IP Filter menu, select enabled or disabled to enable or disable the listed filtering sets. When all the changes are made to the sets as you want them, click on the OK button. You can save the sets and reboot the system now or continue to make other changes. 43

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
DSL-502G ADSL Router User’s Guide
43
Advanced Filter & Firewall
One of the most important elements of any network security implementation is the firewall. Packet filtering is a
basic firewall security measure and should be used on any network that is exposed to security risk. A packet
filter system examines data packets and scrutinizes them in order to control network access. Filtering rules
determine whether packets are passed through the Router from either side of the gateway. The rules are created
and controlled by the network administrator and can be precisely defined. These rules are used to block access to
the LAN from outside the network and/or to deny access to the WAN from within the network. The Router uses
filtering rules to examine data packet headers for specific information. Packets passing through the Router that
do not meet the criteria specified by the rule set are dropped.
In order to improve network security without severely limiting network efficiency, it is important to carefully
plan the sets of access rules. Effective implementation of packet filtering requires detailed knowledge of network
services and communication protocols. An overly complicated filtering scheme can adversely effect routing
performance, while an inadequate set of rules may needlessly compromise security.
Packet filtering can be used in conjunction with NAT, port redirection and proxy servers to help provide basic
firewall protection. However, these measures do not address many security issues and should be used as only one
part of an overall network security strategy. It is important to remember that IP packet filtering examines only
the packet header and is not concerned with application information. Therefore, packet filtering does not protect
against higher-level security threats that may operate at the application or other level.
Filtering rules can be precisely defined based upon source and destination IP address, as well as port and
protocol information. Up to four filter sets can be used; each set contains up to sixteen filtering rules subsets.
Figure 24. Filter & Firewall Menu 1
The first Filter & Firewall menu lists the four filtering sets, each followed by an identifying comment. Below the
list are two drop-down menus. The filtering sets are sets of filtering rules defined in the menus shown below.
When you are finished defining the rules for each set, use the
If not matched
menu to select
Pass
or
Block
for
all the sets listed. From the
IP Filter
menu, select
enabled
or
disabled
to enable or disable the listed filtering sets.
When all the changes are made to the sets as you want them, click on the
OK
button. You can save the sets and
reboot the system now or continue to make other changes.