Presentation is loading. Please wait.

Presentation is loading. Please wait.

D-Link Airplus Xtreme G DI-624 Wireless Router Packet Filtering Firewall w/NAT H. Victoria Bryant.

Published byFelicity Jennings Modified over 8 years ago

Similar presentations

Presentation on theme: "D-Link Airplus Xtreme G DI-624 Wireless Router Packet Filtering Firewall w/NAT H. Victoria Bryant."— Presentation transcript:

1 D-Link Airplus Xtreme G DI-624 Wireless Router Packet Filtering Firewall w/NAT H. Victoria Bryant

2 Packet Filtering Firewall The DI-624’s firewall is static packet filtering firewall which can be set, via the web-based control panel, to allow or deny deny packets based on administrator defined rules.The DI-624’s firewall is static packet filtering firewall which can be set, via the web-based control panel, to allow or deny deny packets based on administrator defined rules. Packets can be marked as “allow” or “deny” based on:Packets can be marked as “allow” or “deny” based on: –Their source and/or destination IP address, destination port number, protocol (TCP, UDP, TCMP) and interface type –If a packet is denied, the packet is dropped at the firewall, if the packet is allowed, the it is forwarded onto its destination, or the firewall can choose to send a reply message to the source of the packet.

3 Network Address Translation Network Access Translation or NAT, is a way in which IP addresses can be preserved.Network Access Translation or NAT, is a way in which IP addresses can be preserved. NATs map outer IP addresses to inner IP addresses and vice versaNATs map outer IP addresses to inner IP addresses and vice versa –When the packet arrives at the NAT the IP address in the packet's header is replaced with the corresponding inner or outer IP address depending on whether it is incoming or outgoing –The packet's checksum is recalculated and verified –Finally, the TCP header's checksum is recalculated with the new IP address The DI-624's NAT is static, so the inner IP addresses are statically assigned to a non-user defined outer IP addressThe DI-624's NAT is static, so the inner IP addresses are statically assigned to a non-user defined outer IP address

4 WEP/WPA The DI-624's firewall allows both 64-bit and 126-bit encryption.The DI-624's firewall allows both 64-bit and 126-bit encryption. It uses WEP (Wired Equivalent Privacy) for the 64-bit encryption that encrypts packets with a RC4 keyIt uses WEP (Wired Equivalent Privacy) for the 64-bit encryption that encrypts packets with a RC4 key –RC4 key is a pre-shared 64-bit key composed of: A 24-bit Initialization Vector and a 40 -bit WEP keyA 24-bit Initialization Vector and a 40 -bit WEP key –Encrypts the packet with an XOR of the RC4 cipher stream and the original packet WPA (Wi-Fi Protected Access) is used for the 128-bit encryption encrypts packets with either a shared key or individually assigned keys from an authentication serverWPA (Wi-Fi Protected Access) is used for the 128-bit encryption encrypts packets with either a shared key or individually assigned keys from an authentication server –Key is composed of a 48-bit user-defined Initialization Vector with the 128-bit WPA key, and an 8-byte MIC –Dynamically changes the key while in use with Temporal Key Integrity Protocol

5 Domain Blocking Domain Blocking allows one or more domains to be blocked or allowed based on keywordsDomain Blocking allows one or more domains to be blocked or allowed based on keywords DI-624's firewall allows either all domains containing a keyword to be either blocked or allowed.DI-624's firewall allows either all domains containing a keyword to be either blocked or allowed. The more detailed the keyword, the more domains will either be allowed or blockedThe more detailed the keyword, the more domains will either be allowed or blocked Not only blocks URLs on a domain, but all p2p, FTP and any other applications originating from that domainNot only blocks URLs on a domain, but all p2p, FTP and any other applications originating from that domain

6 Filtering: IP/URL/MAC Three types of filters are provided:Three types of filters are provided: –IP filter Blocks or allows all traffic to or from listed LAN IP addressesBlocks or allows all traffic to or from listed LAN IP addresses –URL filter Allows or blocks all URLs containing a certain keyword, unlike domain blocking, only the URL is blocked, not the whole domainAllows or blocks all URLs containing a certain keyword, unlike domain blocking, only the URL is blocked, not the whole domain –MAC filter Allows or denies the listed MAC addresses to access the networkAllows or denies the listed MAC addresses to access the network –Most helpful when set to allow only the listed MAC addresses, so that only the machines that are supposed to be on the network are able to access the internet over the wireless network Helps to prevent hackers from using the network to perform illegal acts on your networkHelps to prevent hackers from using the network to perform illegal acts on your network

7 VPN Passthrough The firewall provided with the DI-624 allows for VPN (Virtual Private Network) passthroughThe firewall provided with the DI-624 allows for VPN (Virtual Private Network) passthrough Machines inside of the firewall can connect to a VPN server from a locally installed VPN client programMachines inside of the firewall can connect to a VPN server from a locally installed VPN client program A VPN connection provides an encrypted connection to a machine outside of the firewallA VPN connection provides an encrypted connection to a machine outside of the firewall VPN is helpful when sending and receiving private data over the internetVPN is helpful when sending and receiving private data over the internet

8 Scheduling Scheduling allows the network administrator to set a schedule when the individual filters are turned on or off, domains are blocked and packets are allowed or deniedScheduling allows the network administrator to set a schedule when the individual filters are turned on or off, domains are blocked and packets are allowed or denied For instance, a parent could choose to block certain domains Monday-Friday from 3:00 pm to 10:00pm, and Satuday-Sunday from 6:00am to 12:00am and allow access to those domains at all other times.For instance, a parent could choose to block certain domains Monday-Friday from 3:00 pm to 10:00pm, and Satuday-Sunday from 6:00am to 12:00am and allow access to those domains at all other times.

9 References DI-624's website on www.dlink.com www.dlink.com http://www.dlink.com/products/?sec=3&pid=6 http://www.dlink.com/products/?sec=3&pid=6http://www.dlink.com/products/?sec=3&pid=6 “Network Access Translation” White Paper, Enteratsys, http://www.enterasys.com/products/whitepapers/ssr/network-trans/. http://www.enterasys.com/products/whitepapers/ssr/network-trans/ “WEP (Wired Equivalent Privacy)”, www.NetworkWorld.com Encyclopedia, excerpt from What's wrong with WEP?,Network World, 09/09/02. What's wrong with WEP? http://www.networkworld.com/details/715.html “Wi-Fi Protected Access”, Wikipedia.org http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access “What is Domain Blocking?” www.firewalling.com http://www.firewalling.com/concepts/DomainBlocking.htm “URL Filtering”, www.CrossBeamSystems.com http://www.crossbeamsystems.com/products_urlfiltering.asp “What is MAC Filtering?” www.firewalling.com http://www.firewalling.com/concepts/MACfiltering.htm

Download ppt "D-Link Airplus Xtreme G DI-624 Wireless Router Packet Filtering Firewall w/NAT H. Victoria Bryant."

Similar presentations

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.

Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Subnetting.

Subnetting.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
DVG-N5402SP.

DVG-N5402SP.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN

Similar presentations

Ads by Google