Filter
Top Products
Appendix A: General Information Security - Page 115
Security
The IPNC provides a number of measures for the protection of your data and
systems against intrusion – either unintentional or malicious – from both the
Internet and unauthorised dial-in users. These include:
– A Firewall.
– Encrypted Passwords.
– CLI.
– Time Profiles.
– NAT / Proxy Server.
In essence, a firewall creates a barrier between your subnet and the outside
world, and controls who leaves and who enters, according to one or all of several
criteria. Anyone who fails the test is prevented from entering or leaving, i.e.,
starting a session with an internal or external application. The main criteria can
be defined as:
1. All common TCP/IP protocols can be restricted to incoming or outgoing only.
This means that, for example, your network administrator alone could be
permitted to use diagnostic and management protocols, and further restrict
his use of them to incoming access only.
2. Access to and from services with specific IP addresses and masks can be
prevented.
3. Filters can be defined to search for specific data patterns. Traffic containing a
match can then be allowed through the firewall or not, as required.
The systems security features can be combined for maximum protection. For
example, the network administrator’s restrictions can include a time profile,
limiting access to outside normal working hours, and a user profile set up to
check that the CLI of the incoming call matches the number of his home or
mobile phone. This gives full coverage for an out-of-hours emergency with
maximum protection in normal circumstances.
For Internet services, the system includes a proxy server providing NAT / IP
masquerading to conceal your local addresses from other Internet users.
Password protection, with optional password encryption, is available for all
services, including dial-in services.
The importance of security cannot be over-emphasised and the part users play
cannot be under-estimated. Just as you take care of your credit cards, you must
be mindful of security issues. No matter how powerful a password verification
technique is, it is no use if the password is written on a note stuck to your PC.
Your system’s security is ultimately your own responsibility. You must:
– Store back-ups and all system information securely, for both security and
disaster recovery purposes
– Change all passwords regularly
– Change the default start IP address of your system
– Install a reliable virus protection program and keep it up to date
– Ensure that all members of your staff are aware of security issues.
We recommend that you utilise your default firewall by naming it and including it's
user and service profiles where appropriate. Punch additional holes in the firewall
only as and when experience shows they are needed.
YOU MUST CHANGE YOUR REMOTE ACCESS PASSWORD.
INDeX IPNC Cassette Administration Manual Appendix A: General Information - Page 115
38DHB0002UKDD – Issue 7 (22/11/02) Security