Corporate Design PowerPoint-Basis

Download Report

Transcript Corporate Design PowerPoint-Basis

Security on the Internet
Today, commercially available
routers are equipped with a
firewall. The standard
configuration is such that
telegrams from LAN to WAN can
pass, but not vice versa.
Internet
WAN
In place of “firewall“, terms like
“application configuration“ or
“NAT / PAT“ are used also.
LAN
secure
unsecure
Firewall
Security
Router
DynDNS
Browser
Exercise
Term: NAT
NAT stands for
“Net Address Translation“
Internet
NAT
WAN
212.4.82.178
192.168.2.1
Firewall
LAN
192.168.2.199
Security
Router
DynDNS
Browser
Exercise
192.168.2.10
Router – Port Forwarding
A port in a network is like a key
Port 80 is the default key equals a door handle
The router must be configured manually.
Please observe: Services such as IGD, WCN and AOSS are not supported.
Security
Router
DynDNS
Browser
Exercise
Router – Port Forwarding
2
10
2
10
Port 80 (http)
Port 443 (https)
Web Server Operation with Web Browser
Encrypted Web Server Operation with Web Browser
Port 21 (ftp)
Port 50005 ()
ACS File transfer (Message history and Offline Trend)
ACS Operation
Port 22 (scp)
HQ Zug OZW Web Server Remote Support
Security
Router
DynDNS
Browser
Exercise
DynDNS – Opening an Account
Open user account under https://www.dyndns.com/, for example, and add hostnames.
Security
Router
DynDNS
Browser
Exercise
DynDNS – Adding a new Host
Select domain names for the web server
Select service type ”Host with IP address“
Auto detect transfers your current IP address to the ”IP Address“ field
Security
Router
DynDNS
Browser
Exercise
DynDNS – Make adjustments in the router
Make the adjustments in the router
DynDNS.org
smartweb.dyndns.biz
ozw772
Security
Router
DynDNS
Browser
Exercise
Browser
Calling up the web server via the browser:
With port forwarding to default port 80
Security
Router
DynDNS
Browser
Exercise
Term: PAT
PAT stands for “Port Address Translation“.
Other terms used are
“Port Forwarding“ and “Port Mapping“
Internet
WAN
Firewall
PAT
192.168.2.1
212.4.82.178:
55000
LAN
192.168.2.10:80
192.168.2.199
Security
Router
DynDNS
Browser
Exercise
192.168.2.10
Router – Port Mapping
A port in a network is like a key
Private Ports is a special key equals a security key
Result: Port 55000 on the WAN side is translated to port 80 on the
LAN side.
List of free ports: http://www.iana.org/assignments/port-numbers
Recommendation: Use private ports from 49152 through 65535.
Security
Router
DynDNS
Browser
Exercise
Router – Port Mapping
Example:
Port 80 (http):
Port 21 (ftp):
Security
Router
Web server operation via browser
File transfer (history file)
DynDNS
Browser
Exercise
2
10
2
10
DynDNS – Adding a new Host
As previous: Select the dyndns properties in the dyndns account and in the
router
Security
Router
DynDNS
Browser
Exercise
Browser
Calling up the web server via the browser:
With port forwarding to private port e.g. 55000
Security
Router
DynDNS
Browser
Exercise
Exercise 6
Commissioning WAN
Configure your router at your workplace such that the following
actions will be possible:
•
Access to the web server via http protocol.
For security reasons, the WAN port shall be translated to 55000
•
Access to the message history via ftp protocol
•
Access via dyndns from a remote location : smartweb.dyndns.biz
Security
Router
DynDNS
Browser
Exercise
Exercise
smartweb.dyndns.biz =
212.4.82.178
Internet
dynDNS
Server
Ethernet
(DHCP)
IP-Adresse:
212.4.82.178
(typ.
dynamic)
GPRS
Router
Router
192.168.2.10
Security
Router
DynDNS
Browser
Exercise
Exercise
smartweb.dyndns.biz =
212.4.82.178
Internet
dynDNS
Server
IP-Adresse:
212.4.82.178
(typ.
dynamic)
Router
Router
Static:
DHCP:
192.168.2.10 192.168.2.199
Security
Router
DynDNS
Browser
Exercise
GPRS
Exercise
smartweb.dyndns.biz =
212.4.82.178
Red = VPN
connection
Internet
dynDNS
Server
IP-Adresse:
212.4.82.178
(typ.
dynamic)
GPRS
Standard
Gateway
(Router)
172.16.99.230
Security
Router
DynDNS
Ethernet
(DHCP)
Browser
Exercise
ww020.
siemens.
net