beautypg.com

5 security – PLANET ADN-4000 User Manual

Page 65

background image

65

3.3.5 Security

Security is an important function of DSL; it protects the resources of a private network from
users from other networks. Also the item prevents unauthorized internet users form
accessing private networks connected to the internet. All messages entering or leaving the
intranet (i.e., the local network to which you are connected) must pass through the security
examines, which examines each message and blocks those that do not meet the specified
security criteria.
There are three basic types of security techniques:

z

IP packet filtering: The system examines each packet entering or leaving the

network and accepts or rejects it based on user-defined rules. Packet filtering is
fairly effective and transparent to users, but it is difficult to configure.

z

Circuit-level gateway implementation: This process applies security mechanisms

when a TCP or UDP connection is established. Once the connect has been made,
packets can flow between the hosts without further checking.

z

MAC frame filtering: The system examines each frame entering or leaving the

network form layer 2. And accord to user-defined rules accepts and rejects frame.

A security management program can be configured one of two basic ways:

z

A default-deny policy.

z

A default-allow policy.

A default-deny approach to security is by far the more secure, but due to the difficulty in
configuring and managing a network in that fashion, many networks instead use the
default-allow approach. Let's assume for the moment that your security management
program utilizes a default-deny policy, and you only have certain services enabled that you
want people to be able to use from the Internet.
NOTE: The security is like a firewall.

Figure: the Security application

Click “Security” -->” IP Filtering” to show the following interface. By default, the firewall is
enabled. The firewall is used to block document transmissions between the Internet and
your PC. It serves as a safety guard and only permits authorized documents to be sent into
the LAN.

Note: If the Router configured as bridge mode, the IP Filtering will disabled and the IP
filtering interface will disappear.
And if the Router configured as Non-Bridge mode PVC, the MAC Filtering will disabled
and the MAC Filtering interface will disappear.