Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

Find a Hotspot...

Add this search code to your site!
Copyright 2003Jupitermedia
  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.


 
 Sonicwall SOHO Internet Security Appliance

Page 2 

 Author: Tim Higgins
 Review Date: 9/29/2000


Comin' through!

NOTE: Opening holes in your firewall can compromise your LAN's security if done incorrectly.

(You may want to refer to the Access Controls Management Interface page as you read this section. NOTE that the SOHO does not have the DMZ function, so you won't see the DMZ checkboxes.)

The SOHO's access controls manage the flow of traffic (data) through its firewall and are based on Services and Rules:  

  • Each Service is a Name / single Port Number / Protocol association.  
    For example, the HTTP (Webserver) rule is defined as Port 80, with the TCP Protocol.  
    The SOHO comes with common Services such as HTTP, FTP, DNS, POP3, SMTP, etc. already defined and you can add your own services up to a total of 128 Services.

  • Each Rule contains an Action (Allow or Deny), Source IP address, Destination IP address, and IP protocol to decide if the IP traffic is allowed to pass through the firewall.


The Default rules that come with the router ALLOW all traffic to pass from LAN to WAN and DENY all traffic to pass from WAN to LAN.  The Help page that can be accessed from the Access page does a good job of explaining the process and mechanics of establishing new rules.  Once you have defined Services, you can set up new rules on either the Services page or Rules page.  The Services page method may be more familiar to users of inexpensive routers; the Rules page method may be more familiar to users accustomed to dealing with professional level firewall products.  Note that you can't modify or disable the stateful packet inspection features of the firewall, so you're always protected against Denial of Service (DoS) attacks and port scans.  But since custom (user defined) Rules take precedence over stateful packet inspection, you can weaken the firewall by Rules that open too many ports or ports used by applications such as Back Orifice

Other Access features are a checkbox that will allow Microsoft Networking (NetBIOS) traffic flow from LAN to WAN, and a "stealth" mode that will cause inbound packets to be dropped instead of the firewall responding with a message that the port is closed (this is NOT enabled by default).  You can also change the outbound connection timeout from its default of 5 minutes.

 

User administration

User privileges are a little tricky to understand, so let's start with the easy stuff first. Any Access controls you define apply to all users, both LAN and WAN based, by default.  You can define up to 100 users with privileged access rights, with two privileges available:

  1. Unrestricted access to the LAN from a remote location on the Internet 
  2. Unrestricted access to the Internet from the LAN (bypassing Web, News, Java, and ActiveX blocking) 

The first privilege is available only if you are not using NAT, i.e. are just using the firewall features of the SOHO and have routable IP addresses assigned to all your LAN machines.  The second feature is available no matter what mode you're using and allows selected users to bypass any filtering that you establish.

The last Access feature is control of the Management interface.  The default is control from LAN only, and you can choose to enable control from the LAN and WAN, or from SonicWall's Global Management System.  The WAN Management Access is fully encrypted via IPsec and you must install a VPN client (downloadable from the Sonicwall Web site) on whatever computers that you will use to manage the SOHO remotely.  You won't get that kind of remote management security from the cheaper routers!

That's pretty much it for how to control WHO has access to your LAN.  Now let's see how you can control WHAT they can look at! 

  • Page 1
  • Page 3
  • Page 4
  • Page 5
  • Page 6

  •  Add YOUR Opinion  

     Opinion Summary:     72.2%   |   27.8%  |   out of 36 reviews  
     Read Reviews by Users  

    Print this Page 









    Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


    Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums