Monthly Archives: November 2011

How to Setup Content Filtering on Cisco RV220w

Cisco RV220W network security firewall

Content Filtering

 

 

Use the Firewall > Content Filtering page to enable and configure content filtering. For example, you can  block  potentially risky web components such as ActiveX or Java. You can  prevent web access by blocking all URLs, or you can  set up trusted domains by specifying websites and  identifying allowed URL keywords.

 

To open this page: In the navigation tree, choose Firewall > Content Filtering.

 

 

STEP   1  In the Content Filtering section, enter these settings:

 

•    Content Filtering—To enable Content Filtering, check the Enable box. To disable this feature, uncheck the box.

 

•    Enable Check Referer: Check the box to enable checking the HTTP referer header for allowed URLs. When enabled, this feature allows a user to access a link on an allowed web page even if the link goes to a different domain.

 

 

 

 

 

•    HTTP Ports—Enter the HTTP ports to which  content filtering applies. The default port is 80. If your networking using  an external HTTP proxy server which  listens on other ports, they can  be added here. Multiple ports can  be specified in a comma separated list.

 

•    After changing these settings, click Save to save your changes and  update the other fields  on the page. For example, the Approved URLs Table becomes available only after you enable Content Filtering.

 

STEP   2  In the Web Components section, check the box for each web component that you want to block. Although many reputable web sites use these components for legitimate purposes, these components can  be used by malicious websites to infect computers.

 

•    Proxy—A proxy server (or simply, proxy)  allows computers to route connections to other computers through the proxy, thus  circumventing certain firewall rules. For example, if connections to a specific IP address are blocked by a firewall rule, the requests can be routed through a proxy that is not blocked by the rule, rendering the restriction ineffective. Enabling this feature blocks proxy servers.

 

•    Java—Blocks java applets from being downloaded from pages that contain them. Java applets are small programs embedded in web pages that enable dynamic functionality of the page. A malicious applet can  be used to compromise or infect computers. Enabling this setting blocks Java applets from being downloaded.

 

•    ActiveX—Similar to Java applets, ActiveX controls are installed on a Windows computer while running  Internet Explorer. A malicious ActiveX control can be used to compromise or infect computers. Enabling this setting blocks ActiveX applets from being downloaded.

 

•    Cookies—Cookies are used to store session information by websites that usually  require login. However, several websites use cookies to store tracking information and  browsing habits. Enabling this option filters out cookies from being created by a website.

 

Note: Many websites require that  cookies be accepted in order for the site to be accessed properly. Blocking cookies can cause many websites to not function properly.

 

STEP   3  In the Approved URLs List Enable section, enable the following options:

 

•    Approved URLs List—Check the box to allow access to all URLs in the Approved URLs Table. Uncheck the box to disable this feature. Users will be allowed to access these web sites even if access would be blocked by other rules such as URL Blocking.

 

 

 

 

 

•    Block All URLs by Default: Check the box to block  access to all URLs that are not specifically allowed.

 

STEP   4  In the Approved URLs Table, perform these tasks:

 

•    To add a new entry, click Add. Choose Web site and  enter a full website address, or choose URL Keyword and  enter key words that  are allowed in any website address. For example, if you choose Web site and  enter

www.cisco.com, users can  always access that  specific web site. If you choose URL Keyword and  enter cisco, users can  always access any web site whose URL includes that  word.

 

•    To edit an entry, check the box and then click Edit. To select all entries, check the box in the heading row. Choose the type and  enter the website address or keyword, as described above.

 

•    To delete an entry, check the box and  then  click Delete. To select all entries, check the box in the heading row.

 

STEP   5  Click Save to save your settings, or click Cancel to reload the page with the current settings.

Categories: Cisco FireWallsBookmark

Attack Prevention on Cisco RV220w

Cisco RV220W network security firewall

Attack Prevention

 

 

Attacks are malicious security breaches or unintentional network issues that render the Cisco RV220W  unusable. Attack prevention allows you to manage WAN security threats such as continual ping requests and  discovery via ARP scans. TCP and  UDP flood attack prevention can  be enabled to manage extreme usage of WAN resources.

 

As well, certain Denial-of-Service (DoS) attacks can  be blocked. These attacks, if uninhibited, can  use up processing power and  bandwidth and  prevent regular network services from running  normally. ICMP packet flooding, SYN traffic flooding,  and  Echo storm thresholds can  be configured to temporarily suspend traffic from the offending source.

 

To open this page: In the navigation tree, choose Firewall > Attack Prevention.

 

 

STEP   1  In the WAN (Internet) Security Checks section, check or uncheck the  Enable box to enable or disable the following security checks:

 

•    Respond to Ping on WAN (Internet)—To configure the Cisco RV220W  to allow a response to an Internet Control Message Protocol (ICMP) Echo (ping) request on the WAN interface, check this box. This setting is used as a diagnostic tool for connectivity problems. Not enabled by default.

 

•    Stealth Mode—If Stealth Mode is enabled, the router will not respond to port scans from the WAN. This feature makes the network less susceptible to discovery and  attacks. Enabled by default.

 

•    Flood—If this option is enabled, the router will drop all invalid TCP packets.

This feature protects the network from a SYN flood attack. Enabled by default.

 

 

 

 

 

STEP   2  In the LAN (Local Network) Security Checks section, check or uncheck the Enable box to enable or disable Block  UDP Flood. When this option is enabled, the router accepts no more than  25 simultaneous, active UDP connections from a single computer on the LAN. Enabled by default.

 

STEP   3  In the ICSA Settings section, check or uncheck the Enable box to enable or disable the following International Computer Security Association requirements:

 

•    Block Anonymous ICMP Messages—ICSA requires the firewall to silently block  without sending an ICMP notification to the sender. Some protocols, such as MTU Path  Discovery, require ICMP notifications. Enable this setting to operate in “stealth” mode. Enabled by default.

 

•    Block Fragmented Packets—ICSA requires the firewall to block fragmented packets from ANY to ANY. Enabled by default.

 

•    Block Multicast Packets—ICSA requires the firewall to block  multicast packets. Enabled by default.

 

STEP   4  Click Save to save your settings, or click Cancel to reload the page with the current settings.

Categories: Cisco FireWallsBookmark

How to Wireless Security on Cisco RV220w

Cisco RV220W network security firewall

Security Settings for Wireless Networks

 

Use the Wireless > Basic Settings > Security Settings page to configure security for the selected wireless network. All devices on this network (SSID) must  use the same security mode and  settings to work correctly. Cisco recommends using  the highest level of security that  is supported by the devices in your network.

 

To open this page: From the Wireless > Basic Settings page, select a network and  then  click Edit Security Mode.

 

NOTE   To configure a network with WPA Enterprise, WPA2 Enterprise, or WPA2 Enterprise Mixed security mode, you must first add a RADIUS Server configuration. See Using the Cisco RV220W With a RADIUS Server, page 146.

 

 

STEP   1  If needed, select a different network in the Select SSID  list.

 

STEP   2  Enter these settings for the selected network:

 

•    Wireless Isolation within SSID—Check Enable to prevent clients on this wireless network from accessing devices on other wireless networks. To allow access, click Disable.

 

•    Security—Choose a security mode:

 

–     Disabled—Any device can  connect to the network. Not recommended.

 

–     Wired Equivalent Privacy (WEP)—  Weak security with a basic encryption method that is not as secure as WPA. WEP may be required if your network devices do not support WPA; however, it is not recommended.

 

–     Wi-Fi Protected Access (WPA) Personal—WPA is part of the wireless security standard (802.11i) standardized by the Wi-Fi Alliance  and  was intended as an intermediate measure to take the place of WEP while the

802.11i standard was being prepared. It supports TKIP/AES encryption. The personal authentication is the Preshared Key (PSK) that  is an alphanumeric passphrase shared with the wireless peer.

 

–     WPA Enterprise—Allows you to use WPA with RADIUS server authentication.

 

–     WPA2 Personal—WPA2 is the implementation of security standard specified in the final 802.11i standard. It supports AES encryption and this option uses PSK based authentication.

 

–     WPA2 Personal Mixed—Allows both WPA and WPA2 clients to connect simultaneously using  PSK authentication.

 

 

 

 

 

–     WPA2 Enterprise—Allows you to use WPA2 with RADIUS server authentication.

 

–     WPA2 Enterprise Mixed—Allows both WPA and  WPA2 clients to connect simultaneously using  RADIUS authentication.

 

•    Encryption Type—An option is chosen automatically, based on the selected security mode.

 

–     TKIP+AES is used for WPA Personal, WPA Enterprise, WPA2 Personal

Mixed, and  WPA2 Enterprise Mixed.

 

–     AES is used for WPA2 Personal and  WPA2 Enterprise.

 

If you chose WPA Enterprise or WPA2 Enterprise Mixed, no further settings are required. You can  save the settings.

 

STEP   3  If you chose WPA Personal, WPA2 Personal, or WPA2 Personal Mixed, enter these settings:

 

•    WPA Key—Enter the pre-shared key for WPA/WPA2 PSK authentication.

The clients also need to be configured with the same password. As you type the password, a message indicates the strength. For a stronger password, enter at least eight  characters including a variety of character types (numbers, upper- and  lowercase letters, and  symbols).

 

•    Unmask Password—Check the box if you want to see the key as typed.

Otherwise, the password is masked.

 

•    Key Renewal—Enter the number of seconds after which the Cisco RV120W will generate a new key. These keys are internal keys exchanged between the Cisco RV120W  and  connected devices. The default value  (3600 seconds) is usually  adequate unless you are experiencing network problems.

 

STEP   4  If you chose WEP, enter these settings:

 

•    Authentication—Choose the option that  is supported by your network devices: Open System or Shared Key. In either case, the client must provide the correct shared key (password) in order to connect to the wireless network.

 

•    Encryption—Choose 64-bit or 128-bit. 64-bit WEP has  a 40-bit key, and

128-bit WEP has  a 104-bit key. A larger key provides stronger encryption, because the key is more difficult to crack.

 

 

 

 

 

•    WEP passphrase (Optional)—Enter an alphanumeric phrase (longer than eight  characters for optimal security) and  click Generate Key to generate four unique WEP keys in the WEP Key fields  below. Otherwise, you can manually enter one  or more keys in the fields.

 

•    WEP Key 1-4—If you did not use the WEP Passphrase to generate keys, enter one  or more valid keys. Select a key to use as the shared key that devices must have in order to use the wireless network. The length of the key must  be 5 ASCII characters (or 10 hexadecimal characters) for 64-bit WEP and  13 ASCII characters (or 26 hexadecimal characters) for 128-bit WEP. Valid hexadecimal characters are “0” to “9” and  “A” to “F”.

 

STEP   5  Click Save to save your settings, or click Cancel to reload the page with the current settings. Click Back to return to the Wireless > Basic Settings page.

 

If you need to configure the settings for another network, select it from the Select

SSID  list, and  then  repeat this procedure.

Categories: Cisco FireWallsBookmark

How to setup Dynamic DNS on Cisco RV220w

Cisco RV220W network security firewall

Dynamic DNS (DDNS) is an Internet service that  allows routers with dynamic public IP addresses to be located by using Internet domain names. To use DDNS, set up an account with a DDNS provider such as DynDNS.com or TZO.com.

 

When this feature is enabled, and  you have an active account with a DDNS provider, the Cisco RV220W  notifies DDNS servers of changes in the WAN IP address, so that any public services on your network can  be accessed by using the domain name.

 

To open this page: In the navigation tree, choose Networking > Dynamic DNS.

 

 

STEP   1  Select the Dynamic DNS Service you are using. Selecting None disables this service.

 

STEP   2   Enter the settings for the selected service.

 

•    If you selected DynDNS.com, enter these settings:

 

–     Specify the complete Host Name and  Domain Name for the DDNS

service.

 

–     Enter the DynDNS account Username.

 

–     Enter the DynDNS account Password. Re-enter it in the Confirm

Password box.

 

–     Check the Use Wildcards box to enable the wildcards feature, which allows all subdomains of your DynDNS Host Name to share the same public IP as the Host Name. You can enable this option here if not done on the DynDNS website.

 

–     Enter the Update Period in hours. This value  is the interval at which  the router sends updates to the Dynamic DNS Service. The default value  is

360  hours.

 

•    If you selected TZO.com, enter these settings:

 

–     Specify the complete Host Name and  Domain Name for the DDNS

service.

 

–     Enter the User E-mail Address for the TZO account.

 

–     Enter the User Key for the TZO account.

 

 

 

 

 

–     Enter the Update Period in hours. This value  is the interval at which  the router sends updates to the Dynamic DNS Service. The default value  is

360  hours.

 

STEP   3  Click Save to save your settings, or click Cancel to reload the page with the current settings.

Categories: Cisco FireWallsBookmark

Setting Up the Cisco RV220W Jumbo Frames

Cisco RV220W network security firewall

Use the Jumbo Frames page to allow devices to send frames within the LAN

containing up to 9,000 bytes of data per  frame. A standard Ethernet frame contains

1,500 bytes of data.

 

To open this page: Choose Networking > LAN (Local Network) > Jumbo

Frames.

 

 

STEP   1   Check the Enable box to enable this feature. Uncheck the box to disable it.

 

STEP   2  Click Save to save your settings, or click Cancel to reload the page with the current settings

Categories: Cisco FireWallsBookmark