SMC Networks Router SMCWBR14T User Manual
Have a look at the manual SMC Networks Router SMCWBR14T User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 10 SMC Networks manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
SECURITY 4-33 MAC Filter Use this page to block access to your network using MAC addresses. The Barricade can also limit the access of hosts within the local area network (LAN). The MAC Filtering Table allows the Barricade to enter up to 32 MAC addresses that are allowed access to the WAN port. All other devices will be denied access. By default, this feature is disabled. Click Save Settings to proceed, or Cancel to change your settings.
CONFIGURING THE BAR RICADE 4-34 Parental Control The Barricade allows the user to block access to web sites from a particular PC by entering either a full URL address or just a keyword. This feature can be used to protect children from accessing violent or pornographic web sites. You can define up to 30 sites or keywords here. To configure the Parental Control feature, use the table to specify the web sites (www.somesite.com) and/or keywords you want to block on your network. To complete this configuration, you will need to create or modify an access rule in “Access Control Add PC” on page 4-32. To modify an existing rule, click the Edit option next to the rule you want to modify. To create a new rule, click on the Add PC option. From the Access Control, Add PC section, check the option for WWW with Parental Control in the Client PC Service table to filter out the web sites and keywords selected below, on a specific PC. Click Save Settings to proceed, or Cancel to change your settings.
SECURITY 4-35 Intrusion Detection The Barricade’s firewall inspects packets at the application layer, maintains TCP and UDP session information including timeouts and number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as Denial-of-Service (DoS) attacks.
CONFIGURING THE BAR RICADE 4-36 Network attacks that deny access to a network device are called DoS attacks. DoS attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The Barricade protects against DoS attacks including: Ping of Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack. Note:The firewall does not significantly affect system performance, so we advise enabling the prevention features to protect your network.
SECURITY 4-37 The table below lists the Intrusion Detection parameters and their descriptions. Parameter Defaults Description Intrusion Detection Feature SPI and Anti-DoS firewall protectionNo The Intrusion Detection feature of the Barricade limits the access of incoming traffic at the WAN port. When the Stateful Packet Inspection (SPI) feature is turned on, all incoming packets are blocked except those types marked with a check in the SPI section at the top of the screen. RIP Defect Disabled If the router does not reply to an IPX RIP request packet, it will stay in the input queue and not be released. Accumulated packets could cause the input queue to fill, causing severe problems for all protocols. Enabling this feature prevents the packets accumulating. Discard Ping to WANDon’t discardPrevents a ping on the router’s WAN port from being routed to the network.
CONFIGURING THE BAR RICADE 4-38 Stateful Packet InspectionThis option allows you to select different application types that are using dynamic port numbers. If you wish to use Stateful Packet Inspection (SPI) for blocking packets, click on the Yes radio button in the “Enable SPI and Anti-DoS firewall protection” field and then check the inspection type that you need, such as Packet Fragmentation, TCP Connection, UDP Session, FTP Service and TFTP Service. It is called a “stateful” packet inspection because it examines the contents of the packet to determine the state of the communication; i.e., it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until a connection to the specific port is requested. When particular types of traffic are checked, only the particular type of traffic initiated from the internal LAN will be allowed. For example, if the user only checks FTP Service in the Stateful Packet Inspection section, all incoming traffic will be blocked except for FTP connections initiated from the local LAN. When hackers attempt to enter your network, we can alert you by email Your E-mail AddressEnter your email address. SMTP Server AddressEnter your SMTP server address (usually the part of the email address following the “@” sign). POP3 Server AddressEnter your POP3 server address (usually the part of the email address following the “@” sign). User Name Enter your email account user name. Parameter Defaults Description
SECURITY 4-39 Password Enter your email account password. Connection Policy Fragmentation half-open wait10 secs Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the unassembled packet, freeing that structure for use by another packet. TCP SYN wait 30 secs Defines how long the software will wait for a TCP session to reach an established state before dropping the session. TCP FIN wait 5 secs Specifies how long a TCP session will be managed after the firewall detects a FIN-exchange. TCP connection idle timeout3600 secs (1 hour)The length of time for which a TCP session will be managed if there is no activity. UDP session idle timeout30 secs The length of time for which a UDP session will be managed if there is no activity. DoS Detect Criteria Total incomplete TCP/UDP sessions HIGH300 sessionsDefines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions. Total incomplete TCP/UDP sessions LOW250 sessionsDefines the rate of new unestablished sessions that will cause the software to stop deleting half-open sessions. Incomplete TCP/UDP sessions (per min.) HIGH250 sessionsMaximum number of allowed incomplete TCP/UDP sessions per minute. Incomplete TCP/UDP sessions (per min.) LOW200 sessionsMinimum number of allowed incomplete TCP/UDP sessions per minute. Maximum incomplete TCP/UDP sessions number from same host10 sessionsMaximum number of incomplete TCP/UDP sessions from the same host. Parameter Defaults Description
CONFIGURING THE BAR RICADE 4-40 Note:We do not recommend modifying the default parameters shown above. Click Save Settings to proceed, or Cancel to change your settings. Incomplete TCP/UDP sessions detect sensitive time period300 msecs Length of time before an incomplete TCP/UDP session is detected as incomplete. Maximum half-open fragmentation packet number from same host30 sessionsMaximum number of half-open fragmentation packets from the same host. Half-open fragmentation detect sensitive time period1 sec Length of time before a half-open fragmentation session is detected as half-open. Flooding cracker block time300 secs Length of time from detecting a flood attack to blocking the attack. Parameter Defaults Description
SECURITY 4-41 DMZ If you have a client PC that cannot run an Internet application properly from behind the firewall, you can open the client up to unrestricted two-way Internet access. Enter the IP address of a DMZ (Demilitarized Zone) host on this screen. Adding a client to the DMZ may expose your local network to a variety of security risks, so only use this option as a last resort.
CONFIGURING THE BAR RICADE 4-42 Wireless The Barricade can be quickly configured for roaming clients by setting the Service Set Identifier (SSID) and channel number. It supports data encryption and client filtering. To use the wireless feature, check the Enable check box and click Save Settings. To begin configuring your wireless security settings, click Wireless Encryption.