Netgear Dgn 2200 M Manual

							41
3
3.   Protecting Your Network
This chapter describes how to use the basic firewall features of the wir\
eless modem router to protect your network. The chapter includes:
•     Protect Access to Your Wireless-N Modem Router 
•     Block Keywords, Sites, and Services
•     Set Times and Schedule Firewall Services
•     Enable Security Event Email Notification
•     Live Parental Controls
Protect Access to Your Wireless-N Modem Router
For security reasons, the wireless modem router has its own user name an\
d password. Also, 
after a period of inactivity for a set length of time, the login automat\
ically disconnects. You 
can use the following procedures to change the wireless modem router’\
s password and the 
period for the administrator’s login time-out.
Note:  The user name and password are not the same as any other user  name or password your might use to log in to your Internet 
connection.
NETGEAR recommends that you change this password to a more secure passwo\
rd. The 
ideal password should contain no dictionary words from any language and \
should be a 
mixture of both uppercase and lowercase letters, numbers, and symbols. Y\
our password can 
be up to 30 characters. 
						

							Protecting Your Network42
N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition 
Change the Built-In Password
To change the build-in password:
1. 
In the main menu, under Maintenance, select  Set Password.
2. To change the password, first enter the old password, and then enter the\
 new password 
twice.
3.  Click  Apply to save your changes. 
Note:   After changing the password, you are required to log in again to 
continue the configuration. If you have backed up the wireless 
modem router settings previously, you should do a new backup so 
that the saved settings file includes the new password.
Change the Administrator Login Time-Out
For security, the administrator’s login to the wireless modem router \
configuration times out 
after a period of inactivity. 
To change the login time-out period: 
1.  In the Set Password screen, type a number in the Administrator login tim\
es  out field. The 
suggested default value is 5 minutes. 
2.  Click  Apply to save your changes, or click  Cancel to keep the current period. 
Block Keywords, Sites, and Services
The wireless modem router provides a variety of options for blocking Int\
ernet-based content 
and communications services. With its content filtering feature, the wir\
eless modem router 
prevents objectionable content from reaching your computers. The wireles\
s modem router 
allows you to control access to Internet content by screening for keywor\
ds within web 
addresses. Key content filtering options include:
•     Keyword blocking of HTTP traffic. 
						

							Protecting Your Network43
 N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition
•     
Outbound service blocking. Limits access from your LAN to Internet locat\
ions or services 
that you specify as off-limits.
•     Denial of service (DoS) protection. Automatically detects and thwarts \
denial of service  (DoS) attacks such as Ping of Death, SYN flood, LAND Attack, and IP sp\
oofing.
•     Blocking unwanted traffic from the Internet to your LAN.
Block Sites
To block keywords and sites:
1.  In the main menu, under Content Filtering, select  Block Sites:
2. To enable keyword blocking, select one of the following:
•     Per Schedule. Turn on keyword blocking according to the settings in the Schedule 
screen.
•     Always . Turn on keyword blocking all the time, independent of the Schedule scr\
een.
3.  Enter a keyword or domain in the Keyword field, click  Add Keyword, and then click  Apply.
Some examples of keyword application follow:
•      If the keyword XXX is specified, the URL http://www.badstuff.com/xxx.htm\
l is blocked.
•     If the keyword .com is specified, only websites with other domain suffix\
es (such as  .edu or .gov) can be viewed.
•     Enter a period ( .) to block all Internet browsing access.
Up to 32 entries are supported in the Keyword list.
4.  To delete a keyword or domain, select it from the list, click Delete Keyword, and then click 
Apply .
5.  To specify a trusted user, enter that computer’s IP address in the Tr\
usted IP Address field, 
and click  Apply. 
						

							Protecting Your Network44
N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition 
You can specify one trusted user, which is a computer that will be exemp\
t from blocking 
and logging. Since the trusted user will be identified by an IP address,\
 you should 
configure that computer with a fixed IP address.
6.  Click  Apply to save your settings.
Block Services
To block services:
1. In the main menu, under Content Filtering, select  Block Services.
.
2. Select one of the following:
•     Per Schedule. Turn on keyword blocking according to the settings in the Schedule 
screen.
•     Always . Turn on keyword blocking all the time, independent of the Schedule scr\
een.
3.  Click  Add, and the following screen displays:
4. Either select a service from the Service Type drop-down list, or select \
 User Defined to 
create a custom service. 
						

							Protecting Your Network45
 N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition
5. 
Click  Add to create the service, and the service is listed in the Service Table:
6. Click  Apply to save your settings.
Set Times and Schedule Firewall Services
The wireless modem router uses the Network Time Protocol (NTP) to obta\
in the current time 
and date from one of several network time servers on the Internet. On th\
e router menu, 
select Schedule under Security to display the Security screen: 
						

							Protecting Your Network46
N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition 
Set Your Time Zone
To localize the time for your log entries:
1. 
In the Schedule screen, select your time zone. 
This setting is used for the blocking schedule according to your local t\
ime zone and for 
time-stamping log entries.
2.  If your time zone is currently in daylight savings time, select the  Adjust for Daylight 
Savings Time  check box.
Note:  If your region uses daylight savings time, you need to manually 
select Adjust for Daylight Savings Time  on the first day of daylight 
savings time, and clear it at the end. Enabling daylight savings time 
causes 1 hour to be added to the standard time.
3.  The wireless modem router has a list of NETGEAR NTP servers. If you woul\
d prefer to use 
a particular NTP server as the primary server, select the  Use this NTP Server check box, 
and enter its IP address.
4.  Click  Apply to save your settings.
Schedule Firewall Services
If you enabled service blocking in the Block Services screen or port for\
warding in the Port 
Forwarding/Port Triggering screen, you can set up a schedule for when bl\
ocking occurs or 
when access is not restricted. 
To block Internet services based on a schedule:
1. From the Schedule screen, select  Every Day, or select one or more days. 
2.  If you want to limit access completely for the selected days, select  All Day. Otherwise, to 
limit access during certain times for the selected days, or enter times \
in the Start Time and 
End Time fields.
Note:  Enter the values in 24-hour time format. For example, 10:30 a.m. 
would be 10
  hours and 30 minutes, and 10:30 p.m. would be 22 
hours and 30 minutes. If you set the start time after the end time, the \
schedule will be effective through midnight the next day.
3.  Click  Apply to save your changes. 
						

							Protecting Your Network47
 N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition
View, Select, and Save Logged Information
The wireless modem router logs security-related events such as denied in\
coming service 
requests, hacker probes, and administrator logins. If you enable content\
 filtering in the Block 
Sites screen, the Logs screen show you when someone on your network trie\
s to access a 
blocked site. If you enable email notification, you will receive these l\
ogs in an email message. 
To view the log, under Content Filtering, select 
Logs. A screen similar to the following 
displays:
You can write the logs to a computer running a syslog program. To activa\
te this feature, 
select Broadcast on LAN , or enter the IP address of the server where the syslog file will be 
written.
Table 5.  Security log entry descriptions  
FieldDescription
Date and time The date and time the log entry was recorded.
Description or action The type of event and what action was taken, if any.
Source IP The IP address of the initiating device for this log entry.
Source port and interface The service port number of the initiating device, and whether it 
originated from the LAN or WAN.
Destination The name or IP address of the destination device or website.
Destination port and interface The service port number of the destination device, and whether it is 
on the LAN or WAN. 
						

							Protecting Your Network48
N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition 
Examples of Log Messages
Following are examples of log messages. In all cases, the log entry show\
s the time stamp as
 
day, year-month-date    hour:minute:second.
Activation and Administration
Tue, 2011-05-21 18:48:39 - NETGEAR activated 
This entry indicates a power-up or reboot with initial time entry.
Tue, 2011-05-21 18:55:00 - Administrator login successful-IP:192.168.0.2\
 
Thu, 2011-05-21 18:56:58 - Administrator logout - IP:192.168.0.2 
This entry shows an administrator logging in to and out from IP address \
192.168.0.2.
Tue, 2011-05-21 19:00:06 - Login screen timed out - IP:192.168.0.2
This entry shows a time-out of the administrator login.
Wed, 2011-05-22 22:00:19 - Log emailed
This entry shows when the log was emailed.
Dropped Packets 
Wed, 2011-05-22 07:15:15 - TCP packet dropped - Source:64.12.47.28,4787,\
WAN - 
Destination:134.177.0.11,21,LAN - [Inbound Default rule match]
Sun, 2011-05-22 12:50:33 - UDP packet dropped - Source:64.12.47.28,10714\
,WAN - 
Destination:134.177.0.11,6970,LAN - [Inbound Default rule match]
Sun, 2011-05-22 21:02:53 - ICMP packet dropped - 
Source:64.12.47.28,0,WAN - Destin
ation:134.177.0.11,0,LAN - [Inbound Default 
rule match]
These entries show an inbound FTP (port 21) packet, a User Datagram Pr\
otocol (UDP) 
packet (port 6970), and an Internet Control Message Protocol (ICMP) \
packet (port 0) being 
dropped as a result of the default inbound rule, which states that all i\
nbound packets are 
denied. 
						

							Protecting Your Network49
 N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition
Enable Security Event Email Notification
To receive logs and alerts by email, you need to provide your email info\
rmation in the E-mail 
screen and specify which alerts you would like to receive and how often.\
In the main menu, under Security, select 
E-mail. The E-mail screen displays.
You can make the following selections:
•     Turn E-mail Notification On . Select this check box if you want to receive email logs and 
alerts from the wireless modem router.
•     Your Outgoing Mail Server. Enter the name or IP address of your ISP’s outgoing  (SMTP) mail server (such as mail.myISP.com). You might be able to fi\
nd this information 
in the configuration settings of your email program.
•      Send to This E-mail Address . Enter the email address to which logs and alerts are sent. 
This email address is also used as the From address. If you leave this f\
ield blank, log and 
alert messages are not sent through email. 
•      My mail server requires authentication. If you use an outgoing mail server provided by 
your current ISP, you do not need to select this check box. If you use a\
n email account 
that is not provided by your ISP, select this check box, and enter the r\
equired user name 
and password information.
•      Send Alert immediately . Select this check box if you would like immediate notification of 
a significant security event, such as a known attack, port scan, or atte\
mpted access to a 
blocked site.
•     Send logs according to this schedule. Specifies how often to send the logs: Hourly,  Daily, Weekly, or When Full.  
						

							Protecting Your Network50
N300 Wireless ADSL2+ Modem Router DGN2200M Mobile Edition 
-
Day for sending log 
Specifies which day of the week to send the log. Relevant when the log i\
s sent weekly.
- Time for sending log   
Specifies the time of day to send the log. Relevant when the log is sent\
 daily or 
weekly.
If the Weekly, Daily, or Hourly option is selected and the log fills up \
before the specified 
period, the log is automatically emailed to the specified email address.\
 After the log is 
sent, it is cleared from the wireless modem router’s memory. If the w\
ireless modem router 
cannot email the log file, the log buffer might fill up. In this case, t\
he wireless modem 
router overwrites the log and discards its contents.
Live Parental Controls
NETGEAR Live Parental Controls, powered by OpenDNS, is a router-based we\
b filtering 
solution available on NETGEAR Wireless-N router and gateway products. De\
signed to 
protect you from identity theft and scams, Live Parental Control blocks \
up to 50 categories of 
Internet content.
Live Parental Controls helps keep your family safe online, but like all \
web filtering tools, it is 
not perfect. NETGEAR reminds you there is no substitute for keeping the \
family computer in 
a common area and in plain sight where you can monitor the websites your\
 kids are visiting, 
and taking caution when visiting websites requesting personal or financi\
al information.
Download Live Parental Controls from this website: http://www.netgear.com/lpc
Web-Based Access 
Live Parental Controls is the first to allow parents or network administ\
rators to manage 
settings while away from home or office. This is particularly convenient\
 when access 
exceptions need to be made. And since settings are stored on the web, us\
ing a browser 
interface to manage them is not difficult at all.
Total Home Protection 
Live Parental Controls protects all Internet-connected devices through t\
he router. It protects 
not only computers, but also set-top boxes, iPhones, iPods, and gaming c\
onsoles that are 
attached to your network. You no longer need to worry about phones and g\
aming consoles 
not being protected when kids use them in their own rooms. Even guest co\
mputers 
accessing the Internet through your network are protected.
Flexible Settings 
You might have your own computer, or you might be sharing a computer wit\
h other members 
in the family. Default and settings for individual users allow you to cu\
stomize configuration for 
different computing arrangements and personalize the settings for each p\
erson. Setting 
according to time allow Internet access during scheduled time slots to h\
elp manage the 
balance between work and play.