ZyXEL Router Prestige 334 User Manual
Have a look at the manual ZyXEL Router Prestige 334 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 3 ZyXEL manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Prestige 334 User’s Guide Chapter 10 Trend Micro Security Services 120 10.5 Parental Controls Parental Controls lets a parent (LAN administrator) control a LAN users Internet access privileges by blocking specified categories. You can define time periods and days during which Parental Controls are enabled and block Web pages depending on which filter categories they are included. 10.6 Parental Controls Configuration Select the Parental Controls tab in TMSS under ADVANCED to configure parental controls. If your Trend Micro license is invalid, the following screen is displayed. Proceed to the Appendix for instructions on how to register with Trend Micro Security Services. Computer NameThis field displays the name of a client computer. Antivirus SoftwareThis field displays the current antivirus software on a client computer. Virus PatternThis field displays the current version number of the pattern file on a client computer. Scan EngineThis field displays the current virus scan program of the client computer. StatusThis field displays the Trend Micro antivirus version status on a client’s computer. Potential Threat: • A request has been sent from the Prestige to check the antivirus version on the clients’ computer. The Prestige is waiting for a response. • There is currently no Trend Micro antivirus installed on the client computer. • The clients’ computer has a UNIX operating system. Needs Update: • The Trend Micro antivirus version on the client computer is older than the Prestige Trend Micro antivirus version displayed in the Automatically check for update components section. Up to date: • The Trend Micro antivirus version on the client computer is the same Prestige Trend Micro antivirus version displayed in the Automatically check for update components section. ApplyClick Apply to save the settings. ResetClick Reset to begin configuring this screen afresh. Table 32 Virus Protection LABELDESCRIPTION Note: You must register or renew your license in the TM Security Services web page to view the Parental Controls configuration screen.
Prestige 334 User’s Guide 121 Chapter 10 Trend Micro Security Services Figure 41 Parental Controls License Status If you have registered with TMSS and your license is valid, you can configure the Parental Controls configuration screen.
Prestige 334 User’s Guide Chapter 10 Trend Micro Security Services 122 Figure 42 Parental Controls The following table describes the labels in this screen. Table 33 Parental Controls LABELDESCRIPTION Enable Parental ControlsSelect the check box to enable this feature on your Prestige. Note: The Prestige automatically checks the status of your Trend Micro license. If the license becomes invalid, Parental Controls is disabled and Figure 41 is shown. Blocking ScheduleNote: If configuration changes are made in this section, the same section in the CONTENT FILTER screen will also display these changes and vice versa. Day to Block Select everyday or the day(s) of the week to activate web page blocking
Prestige 334 User’s Guide 123 Chapter 10 Trend Micro Security Services Time of Day to Block (24- Hour Format)Select the time of day you want web page blocking to take effect. Configure blocking to take effect all day by selecting the All Day check box. You can also configure specific times by entering the start time in the Start (hr) and Start (min) fields and the end time in the End (hr) and End (min) fields. Enter times in 24-hour format; for example, 3:00pm should be entered as 15:00. Enter the hours from a minimum of 00:00 to a maximum of 23:00. Select Categories PornographySelecting this category excludes pages that contain sexually explicit material for the purpose of arousing a sexual or prurient interest. Illegal/QuestionableSelecting this category excludes pages that advocate or give advice on performing illegal acts such as service theft, evading law enforcement, fraud, burglary techniques and plagiarism. It also includes pages that provide or sell questionable educational materials, such as term papers. Note: This category includes sites identified as being malicious in any way (such as having viruses, spyware and etc.). Violence/Hate/RacismSelecting this category excludes pages that depict extreme physical harm to people or property, or that advocate or provide instructions on how to cause such harm. It also includes pages that advocate, depict hostility or aggression toward, or denigrate an individual or group on the basis of race, religion, gender, nationality, ethnic origin, or other characteristics. Illegal DrugsSelecting this category excludes pages that promote, offer, sell, supply, encourage or otherwise advocate the illegal use, cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants or chemicals and their related paraphernalia. Alcohol/TobaccoSelecting this category excludes pages that promote or offer the sale alcohol/tobacco products, or provide the means to create them. It also includes pages that glorify, tout, or otherwise encourage the consumption of alcohol/tobacco. It does not include pages that sell alcohol or tobacco as a subset of other products. GamblingSelecting this category excludes pages where a user can place a bet or participate in a betting pool (including lotteries) online. It also includes pages that provide information, assistance, recommendations, or training on placing bets or participating in games of chance. It does not include pages that sell gambling related products or machines. It also does not include pages for offline casinos and hotels (as long as those pages do not meet one of the above requirements). AbortionSelecting this category excludes pages that provide information or arguments in favor of or against abortion, describe abortion procedures, offer help in obtaining or avoiding abortion, or provide information on the effects, or lack thereof, of abortion. Exception ListUse the Exception List to specify which computers that are not to be restricted by Parental Controls. The default setting is to have Parental Controls enabled on all computers. Enforce Parental Control policies for all computersSelect the radio button to have Parental Controls enabled on all computers. This is the default setting. Include specified address ranges in the Parental Control enforcement.Select the radio button to apply Parental Controls to the computers with IP addresses displayed in the Selected IP Addresses box. Table 33 Parental Controls LABELDESCRIPTION
Prestige 334 User’s Guide Chapter 10 Trend Micro Security Services 124 10.6.1 Parental Controls Statistics The Prestige can display a record of attempted entries to Web pages or actual entries to Web pages from a list of content filtering categories. Exclude specified address ranges from the Parental Control enforcement.Select the radio button to apply Parental Controls to all of the computers in the network except those displayed in the Selected IP Addresses box. Available IP AddressesThis box displays the IP addresses of all computers in the network. Note: A maximum of 10 client IP addresses are displayed in this box. Selected IP AddressesThis box displays the IP addresses of the computer(s) chosen from the Available IP Addresses box, to which you want to apply or exclude from Parental Controls. Select Add>> to copy a computers IP address from the Address box to the Selected IP Addresses box. Select
Prestige 334 User’s Guide 125 Chapter 10 Trend Micro Security Services Figure 43 Parental Controls Statistics The following table describes the labels in this screen. Table 34 Parental Controls Statistics LABELDESCRIPTION CategoryAll categories are displayed including; Pornography, Illegal/Questionable, Violence/Hate/Racism, Illegal Drugs, Alcohol/Tobacco, Gambling and Abortion. Access AttemptsThis field displays the number of times an attempt has been made to access a web page from a category of restricted web pages. These attempts may be successful or blocked attempts. Actual AccessesThis field displays the number of times access has been successful to a web page from a category of web pages. ResetClick Reset to clear all of the fields in this screen. RefreshClick Refresh to renew the statistics screen. If a category has been selected in the previous screen a blocked attempt is displayed. If a category has not been selected in the previous screen, attempts a and accesses to Web pages within those categories are displayed.
Prestige 334 User’s Guide Chapter 11 Firewall126 CHAPTER11 Firewall This chapter gives some background information on firewalls and explains how to get started with the Prestige firewall. 11.1 Introduction 11.1.1 What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term firewall is a system or group of systems that enforces an access-control policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security problem. A firewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy. It should never be the only mechanism or method employed. For a firewall to guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a broad information-security policy. In addition, specific policies must be implemented within the firewall itself. 11.1.2 Stateful Inspection Firewall. Stateful inspection firewalls restrict access by screening data packets against defined access rules. They make access control decisions based on IP address and protocol. They also inspect the session data to assure the integrity of the connection and to adapt to dynamic protocols. These firewalls generally provide the best speed and transparency; however, they may lack the granular application level access control or caching that some proxies support. Firewalls, of one type or another, have become an integral part of standard security solutions for enterprises. 11.1.3 About the Prestige Firewall The Prestige firewall is a stateful inspection firewall and is designed to protect against Denial of Service attacks when activated (click FIREWALL and then click the Enable Firewall check box). The Prestiges purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The Prestige can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The Prestige is installed between the LAN and a broadband modem connecting to the Internet. This allows it to act as a secure gateway for all data passing between the Internet and the LAN.
Prestige 334 User’s Guide 127Chapter 11 Firewall The Prestige has one Ethernet WAN port and four Ethernet LAN ports, which are used to physically separate the network into two areas.The WAN (Wide Area Network) port attaches to the broadband (cable or DSL) modem to the Internet. The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP and the World Wide Web. However, inbound access is not allowed (by default) unless the remote host is authorized to use a specific service. 11.1.4 Guidelines For Enhancing Security With Your Firewall 1Change the default password via web configurator. 2Think about access control before you connect to the network in any way, including attaching a modem to the port. 3Limit who can access your router. 4Dont enable any local service (such as SNMP or NTP) that you dont use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. 5For local services that are enabled, protect against misuse. Protect by configuring the services to communicate only with specific peers, and protect by configuring rules to block packets for the services at specific interfaces. 6Protect against IP spoofing by making sure the firewall is active. 7Keep the firewall in a secured (locked) room. 11.2 Firewall Settings Screen From the MAIN MENU, click FIREWALL to open the Settings screen.
Prestige 334 User’s Guide Chapter 11 Firewall128 Figure 44 Firewall: Settings The following table describes the labels in this screen. Table 35 Firewall: Settings LABELDESCRIPTION Enable FirewallSelect this check box to activate the firewall. The Prestige performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle RouteSelect this check box to have the Prestige firewall ignore the use of triangle route topology on the network. See the appendix for more on triangle route topology. LAN to WANTo log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen. Packets to LogChoose what LAN to WAN packets to log. Choose from: No Log Log Blocked (blocked LAN to WAN services appear in the Blocked Services textbox in the Services screen (with Enable Services Blocking selected)) Log All (log all LAN to WAN packets) WAN to LANTo log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen. Packets to LogChoose what WAN to LAN and WAN to WAN/Prestige packets to log. Choose from: No Log Log Forwarded (see how to forward WAN to LAN traffic in the next section) Log All (log all WAN to LAN packets). Trusted Computer IP AddressYou can allow a specific computer to access all Internet resources without restriction. Enter the IP address of the trusted computer in this field. ApplyClick Apply to save the settings. ResetClick Reset to start configuring this screen again.
Prestige 334 User’s Guide 129Chapter 11 Firewall 11.3 The Firewall, NAT and Remote Management Figure 45 Firewall Rule Directions 11.3.1 LAN-to-WAN rules LAN-to-WAN rules are local network to Internet firewall rules. The default is to forward all traffic from your local network to the Internet. How can you block certain LAN to WAN traffic? You may choose to block certain LAN-to-WAN traffic in the Services screen (click the Services tab). All services displayed in the Blocked Services list box are LAN-to-WAN firewall rules that block those services originating from the LAN. Blocked LAN-to-WAN packets are considered alerts. Alerts are “higher priority logs” that include system errors, attacks and attempted access to blocked web sites. Alerts appear in red in the View Log screen. You may choose to have alerts e-mailed immediately in the Log Settings screen. LAN-to-LAN/Prestige means the LAN to the Prestige LAN interface. This is always allowed, as this is how you manage the Prestige from your local computer. 11.3.2 WAN-to-LAN rules WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from the Internet to your local network. How can you forward certain WAN to LAN traffic? You may allow traffic originating from the WAN to be forwarded to the LAN by: • Configuring NAT port forwarding rules in the web configurator SUA Server screen or SMT NAT menus. • Configuring One-to-One and Many-One-to-One NAT mapping rules in the web configurator Address Mapping screen or SMT NAT menus.