Security 13-1CCCChhhhaaaapppptttteeeerrrr 11113333SSSSeeeeccccuuuurrrriiiittttyyyyThe Netopia R9100 provides a number of security features to help protect its configuration screens and yourlocal network from unauthorized access. Although these features are optional, it is strongly recommended thatyou use them.This section covers the following topics: “Suggested security measures” on page 13-1 “User accounts” on page 13-1 “Dial-in console access” on page 13-3 “Enable SmartStart/SmartView/Web server” on page 13-4 “Telnet access” on page 13-4 “About filters and filter sets” on page 13-4 “Working with IP filters and filter sets” on page 13-12 “IPX filters” on page 13-21. “Firewall tutorial” on page 13-29Suggested security measuresIn addition to setting up user accounts, Telnet access, and filters (all of which are covered later in this chapter),there are other actions you can take to make the Netopia R9100 and your network more secure: Change the SNMP community strings (or passwords). The default community strings are universal andcould easily be known to a potential intruder. Set the answer profile so it must match incoming calls to a connection profile. Set the Enable Dial-in Console Access option to No. When using AURP, accept connections only from configured partners. Configure the Netopia R9100 through the serial console port to ensure that your communications cannotbe intercepted.User accountsWhen you first set up and configure the Netopia R9100, no passwords are required to access the configurationscreens. Anyone could tamper with the router’s configuration by simply connecting it to a console.However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. Useraccounts are composed of name/password combinations that can be given to authorized users.