Filter
Top Products
Security 15-1
CC
CC
hh
hh
aa
aa
pp
pp
tt
tt
ee
ee
rr
rr
11
11
55
55
SS
SS
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
The Netopia R3100 provides a number of security features to help protect its configuration screens and your
local network from unauthorized access. Although these features are optional, it is strongly recommended that
you use them.
This section covers the following topics:
■ “Suggested security measures” on page 15-1, lists actions for blocking potential security holes.
■ “User accounts,” beginning on page 15-2, shows you how to set up name/password combinations to
protect the Netopia R3100’s configuration screens.
■ “Dial-in Console Access” on page 15-3
■ “Telnet access” on page 15-4, shows you how to control access to the Netopia R3100 by those using the
Telnet protocol.
■ “About filters and filter sets,” beginning on page 15-4, and “Working with IP filters and filter sets,”
beginning on page 15-12, have information on what filters are, how they work, how to customize them, and
how to use them in sets. For information on IPX filters and filter sets, see “IPX filters,” beginning on
page 15-22.
■ “Firewall tutorial” on page 15-30
■ “Token Security Authentication” on page 15-37
Suggested security measures
In addition to setting up user accounts, Telnet access, and filters (all of which are covered later in this chapter),
there are other actions you can take to make the Netopia R3100 and your network more secure:
■ Change the SNMP community strings (or passwords). The default community strings are universal and
could easily be known to a potential intruder.
■ Set the answer profile so it must match incoming calls to a connection profile.
■ Use CallerID.
■ Leave the “Enable Dial-in Console Access” option set to No.
■ Where possible, insist on using PAP, CHAP, or secure authentication token card to authenticate
connections to and from connection profiles.
■ When using AURP, accept connections only from configured partners.
■ In high risk areas, configure the Netopia R3100 through the serial console port to ensure that your
communications cannot be intercepted.