tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...

More documents

Recommendations

Info

Security functions 6 Security functions 6.1 Packet Filter Security > Packet Filter Function The TAINY xMOD contains a stateful inspection firewall. A stateful inspection firewall is a packet filtering method. Packet filters only let IP packets through if this has been defined previously using firewall rules. The following is defined in the firewall rules: � which protocol (TCP, UDP, ICMP) can go through, � the permitted source of the IP packets (From IP / From port) � the permitted destination of the IP packets (To IP / To port) It is likewise defined here what will be done with IP packets that are not allowed through (discard, reject). For a simple packet filter it is always necessary to create two firewall rules for a connection: � One rule for the query direction from the source to the destination, and � a second rule for the query direction from the destination to the source. It is different for a TAINY xMOD with a stateful inspection firewall. Here a firewall rule is only created for the query direction from the source to the destination. The firewall rule for the response direction from the destination to the source results from analysis of the data previously sent. The firewall rule for the responses is closed again after the responses are received or after a short time period has elapsed. Thus responses can only go through if there was a previous query. This means that the response rule cannot be used for unauthorised access. What is more, special procedures make it possible for UDP and ICMP data to also go through, even though these data were not requested before. Firewall Rules (Incoming) The Firewall Rules (Incoming) are used to define how to handle IP packets that are received from external networks (e.g. the Internet) via UMTS/GPRS. The source is the sender of this IP packet. The destination is the local applications on the TAINY xMOD. In the factory setting, no incoming firewall rule is set initially, i.e. no IP packets can go through. New Adds an additional firewall rule that you can then fill out. Delete Removes firewall rules that have been created. Page 52 of 111 TAINY xMOD
Security functions Protocol Select the protocol for which this rule will be valid. The following selections are available: TCP, UDP, ICMP. If you select All, the rule is valid for all three protocols. Note If you select All for protocol, a port assignment is not effective. From IP Enter the IP address of the external remote station that is allowed to send IP packets to the local network. Do this by specifying the IP address or an IP range for the remote station. 0.0.0.0/0 means all addresses. To specify a range, use the CIDR notation - see Chapter 11. From port Enter the port from which the external remote station is allowed to send IP packets. (is only evaluated for the protocols TCP and UDP) To IP Enter the IP address in the local network to which IP packets may be sent. Do this by specifying the IP address or an IP range of the application in the local network. 0.0.0.0/0 means all addresses. To specify a range, use the CIDR notation - see Chapter 11. To port Enter the port to which the external remote station is allowed to send IP packets. Action Select how incoming IP packets are to be handled: Accept – The data packets can go through, Reject – The data packets are rejected, and the sender receives a corresponding message. Drop – The data packets are discarded without any feedback to the sender. Firewall Rules (Outgoing) The Firewall Rules (Outgoing) are used to define how to handle IP packets that are received from the local network. The source is an application in the local network. The destination is an external remote station, e.g. on the Internet or in a private network. In the factory setting, no outgoing firewall rule is set initially, i.e. no IP packets can go through. New Adds an additional firewall rule that you can then fill out. Protocol Select the protocol for which this rule will be valid. The following selections are available: TCP, UDP, ICMP. If you select All, the rule is valid for all three protocols. From IP Enter the IP address of the local application that is allowed to send IP packets to the external network. Do this by specifying the IP address or an IP range for the local application. 0.0.0.0/0 means all addresses. To specify a range, use the CIDR notation - see Chapter 11. From port Enter the port from which the local network is allowed to send IP packets. Do this by specifying the port number. (is only evaluated for the protocols TCP and UDP) To IP Enter the IP address in the external network to which IP packets may be sent. Do this by specifying the IP address or an IP range of the application in the network. 0.0.0.0/0 means all addresses. To specify a range, use the CIDR notation - see Chapter 11. TAINY xMOD Page 53 of 111
Page 1 and 2: User Manual TAINY HMOD-V3-IO, TAINY
Page 3 and 4: Products ! Safety instructions The
Page 5 and 6: Firmware with open source GPL/LGPL
Page 7 and 8: Contents Contents 1 Introduction ..
Page 9 and 10: 1 Introduction Introduction Product
Page 11 and 12: Introduction Local applications cou
Page 13 and 14: Terms Here are definitions of terms
Page 15 and 16: 2 Setup 2.1 Step by step Set up the
Page 17 and 18: 2.3 Overview 2.4 Service button Set
Page 19 and 20: TAINY EMOD Lamp Status Meaning S (S
Page 21 and 22: 2.6 Connections LAN0, LAN1 (10/100
Page 23 and 24: 24V / 0V power supply The TAINY xMO
Page 25 and 26: 3 Configuration 3.1 Overview Remote
Page 27 and 28: Preferred DNS server Configuration
Page 29 and 30: The start page is not displayed If
Page 31 and 32: Signal (CSQ Level) Indicates the st
Page 33 and 34: Carrying out configuration ONLY TAI
Page 35 and 36: Function Access to the TAINY xMOD i
Page 37 and 38: 4 Local interface 4.1 IP addresses
Page 39 and 40: 4.3 DNS to local network Local Netw
Page 41 and 42: Poll interval Serve system time to
Page 43 and 44: Provider selection mode - Manual Pr
Page 45 and 46: Provider selection mode - Automatic
Page 47 and 48: Activity on faulty connection Renew
Page 49 and 50: Remote host 0.0.0.0 Group group Use
Page 51: 5.7 Volume supervision External net
Page 55 and 56: 6.2 Port Forwarding Security > Port
Page 57 and 58: 6.4 Firewall Log Security > Firewal
Page 59 and 60: Requirements for the remote network
Page 61 and 62: VPN connections CA certificate The
Page 63 and 64: VPN connections ISAKMP-SA mode Agre
Page 65 and 66: VPN Standard Mode Edit Settings Con
Page 67 and 68: VPN connections Remote net address
Page 69 and 70: VPN Standard Mode Edit IKE VPN conn
Page 71 and 72: 7.4 Loading VPN certificates IPsec
Page 73 and 74: 7.6 Supervision of VPN connections
Page 75 and 76: Number of connect attempts until re
Page 77 and 78: Action Define how access to the spe
Page 79 and 80: Factory setting The factory setting
Page 81 and 82: 9 Status, log and diagnosis 9.1 Log
Page 83 and 84: Status, log and diagnosis Function
Page 85 and 86: Status, log and diagnosis Function
Page 87 and 88: Additional functions Text Here ente
Page 89 and 90: Port number 26864 Firewall Rules No
Page 91 and 92: The following parameters of the TAI
Page 93 and 94: Target host NONE Target port 162 Ta
Page 95 and 96: Asymmetric encryption CIDR Small le
Page 97 and 98: Small lexicon of routers CSQ / RSSI
Page 99 and 100: Small lexicon of routers EGPRS EGPR
Page 101 and 102: IPsec MIB See SNMP Small lexicon of
Page 103 and 104:
Protocol, Transfer protocol Small l
Page 105 and 106:
X.509 certificate A type of "seal"
Page 107 and 108:
Network B Computer B1 B2 B3 B4 Addi
Page 109 and 110:
Conformity CE Conforms to Directive
Page 111:
Protection class IP20 Dimensions 11
show all

tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...

Create successful ePaper yourself

Delete template?

Save as template?