1 control access to your device, 2 wireless security, 3 firewall – ZyXEL Communications NBG410W3G User Manual
Page 37
Chapter 1 Getting to Know Your ZyXEL Device
NBG410W3G Series User’s Guide
37
1.4 Configuring Your ZyXEL Device’s Security Features
Your ZyXEL Device comes with a variety of security features. This section summarizes these
features and provides links to sections in the User’s Guide to configure security settings on
your ZyXEL Device. Follow the suggestions below to improve security on your ZyXEL
Device and network.
1.4.1 Control Access to Your Device
Ensure only people with permission can access your ZyXEL Device.
• Control physical access by locating devices in secure areas, such as locked rooms. Most
ZyXEL Devices have a reset button. If an unauthorized person has access to the reset
button, they can then reset the device’s password to its default password, log in and
reconfigure its settings.
• Change any default passwords on the ZyXEL Device, such as the password used for
accessing the ZyXEL Device’s web configurator (if it has a web configurator). Use a
password with a combination of letters and numbers and change your password regularly.
Write down the password and put it in a safe place.
• Avoid setting a long timeout period before the ZyXEL Device’s web configurator
automatically times out. A short timeout reduces the risk of unauthorized person accessing
the web configurator while it is left idle.
See
for instructions on changing your password and setting the
timeout period.
• Configure remote management to control who can manage your ZyXEL Device. See
for more information. If you enable remote management, ensure
you have enabled remote management only on the IP addresses, services or interfaces you
intended and that other remote management settings are disabled.
1.4.2 Wireless Security
Wireless devices are especially vulnerable to attack. If your ZyXEL Device has a wireless
function, take the following measures to improve wireless security.
• Enable wireless security on your ZyXEL Device. Choose the most secure encryption
method that all devices on your network support. If you have a RADIUS server, enable
IEEE 802.1x or WPA(2) user identification on your network so users must log in. This
method is more common in business environments.
• Hide your wireless network name (SSID). The SSID can be regularly broadcast and
unauthorized users may use this information to access your network.
• Enable the MAC filter to allow only trusted users to access your wireless network or deny
unwanted users access based on their MAC address.
See
for directions on these wireless security measures.
1.4.3 Firewall
See
for more information on the following security measures
• Ensure the firewall is turned on. Traffic initiated from your WAN is blocked by default.