Security 12-1
CC
CC
hh
hh
aa
aa
pp
pp
tt
tt
ee
ee
rr
rr
11
11
22
22
SS
SS
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
The Netopia R310 provides a number of security features to help protect its configuration screens and your
local network from unauthorized access. Although these features are optional, it is strongly recommended that
you use them.
This section covers the following topics:
■ “Suggested security measures” on page 12-1, lists actions for blocking potential security holes.
■ “User accounts,” beginning on page 12-1, shows you how to set up name/password combinations to
protect the Netopia R310’s configuration screens.
■ “Dial-in Console Access” on page 12-4
■ “Telnet access” on page 12-5, shows you how to control access to the Netopia R310 by those using the
Telnet protocol.
■ “About filters and filter sets,” beginning on page 12-5, and “Working with IP filters and filter sets,”
beginning on page 12-12, have information on what filters are, how they work, how to customize them, and
how to use them in sets.
■ “Firewall tutorial” on page 12-22
■ “Token Security Authentication” on page 12-30
Suggested security measures
In addition to setting up user accounts, Telnet access, and filters (all of which are covered later in this chapter),
there are other actions you can take to make the Netopia R310 and your network more secure:
■ Change the SNMP community strings (or passwords). The default community strings are universal and
could easily be known to a potential intruder.
■ Set the answer profile so it must match incoming calls to a connection profile.
■ Use CallerID.
■ Leave the “Enable Dial-in Console Access” option set to No.
■ Where possible, insist on using PAP, CHAP, or secure authentication token card to authenticate
connections to and from connection profiles.
■ In high risk areas, configure the Netopia R310 through the serial console port to ensure that your
communications cannot be intercepted.
User accounts
When you first set up and configure the Netopia R310, no passwords are required to access the configuration
screens. Anyone could tamper with the router’s configuration by simply connecting it to a console.