AllisLost
join:2008-03-21
| Zyxel p660r-elink Security - Adding a router?
Please bear with me, I'm trying to learn:
I have a Zyxel p660r-Elink modem with as tight a security configuration as I could seem to implement (block telnet, ftp, & so on). I also have Comodo (CFP3) ALSO as tight as possible, but of course am still failing the Shields Up stealth tests as this little modem has no apparent NAT stealthing capabilities and Comodo is behind this (I've been trying to teach myself this stuff PLEASE tell me where I'm wrong).
I have a couple "real" routers laying around (2 Lynksys and an SMC Barricade) and am wondering:
a) Would YOU (in the interest of security)employ the help of one of these routers ie; between the Zyxel and PC (again, if I'm off here let me know)?
b)Is it THAT important?
Please forgive the "noob-ness" of my queries, I'm merely trying to educate myself.
Thank you for your time and consideration!
|
|
skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Atlanta, GA
Host:
Charter HSI/CATV
Earthlink DSL
Embarq
ISP b2b etc
Cisco
| AllisLost  , hopefully all is not lost with you.  . I am going to move your post over to the Security forum, as your question is more of a security issue than an ISP problem. Welcome to the site. 
--
The foundations of character are built not by lecture, but by bricks of good example, laid day by day. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to AllisLost
The ZyXEL P660R is a Router. Its default setup mode is Router Mode and the ZyXEL P660R uses NAT/NAPT since the ZyXEL obtains a Public IP from EL and it hands our Private IPs to PCs connected to it on the LAN (multiple PCs can be added by purchasing a simple 10/100 Multi-Port Switch. As the first FAQ below states, The ZyXEL P660R once configured supports "up to" 32 PCs since it is preset to hand out that many Private IPs by default on its DHCP server settings page. It can actually be set to handle "up to" 253 PCs like any Router if you add enough ports.
»EarthLink DSL FAQ »What type of DSL modem does Earthlink provide?
»EarthLink DSL FAQ »HowTo setup a Zyxel P-660R-ELNK Router For PPPoE Mode
»EarthLink DSL FAQ » Zyxel 600 Series - Router Configuration (P-660R Units)
»EarthLink DSL FAQ »Can I see what the ZyXEL P-660R-ELNK Router Web Interface looks like?
»EarthLink DSL FAQ »Where can I get the User Guide for the ZyXEL P660R Series Router?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
AllisLost
join:2008-03-21
| reply to AllisLost
Thank you skj, for pointing me in the right direction - and for the warm welcome; I've been taking advantage of these forums for a little while and am now glad to be participating...
...and thank YOU Dr.Olds for your time the info & links. But to be honest I'm still in the dark a bit. I understand that the Zp660-elink is technically a router and yet seems to lack the firewall security features I want/need (in like-minded forums the p660r-elink is often referred to as a "router" almost jokingly) or if it does, I'm not seeing them (after reading the above posted links). So I'll rephrase my question:
Should I put one of these routers (w/firewall) between my Zyxel and PC to improve security?
a) Yes, if configured properly this will help.
b) No, there is no need to do this at all.
c) You just don't get it - read the manual again.
Please don't think me ungrateful, just still a little unclear.
Thanks again,
AIL |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to AllisLost
said by AllisLost :Please bear with me, I'm trying to learn: I have a Zyxel p660r-Elink modem with as tight a security configuration as I could seem to implement (block telnet, ftp, & so on). I also have Comodo (CFP3) ALSO as tight as possible, but of course am still failing the Shields Up stealth tests as this little modem has no apparent NAT stealthing capabilities I have a couple "real" routers laying around (2 Linksys and an SMC Barricade) and am wondering: I fail the True Stealth also. Want to know why? I allow pings. Simple, not a security threat ICMP echo aka ping so that my DSL Line Monitor works here at BBR.
The thing to worry about is any ports that are Red. If you do not have any Red ports, then you are secure.
Pick one of your Linksys Routers (see if you have either one of the two below listed in the EL Forum FAQ). Update it to the latest Firmware from Linksys.
Set your ZyXEL to Bridge Mode. Here is the FAQ for the P-660R-D1 (must match numbers on bottom label). Otherwise, find your Model Number in the EL Forum FAQ) and follow those instructions.
»EarthLink DSL FAQ »ZyXEL P-660R-D1 - How to Set the Modem to Bridge Mode
Now setup your Linksys Router.
»EarthLink DSL FAQ »How To Setup the Linksys BEFW11S4 Wireless Router for EarthLink DSL?
»EarthLink DSL FAQ »How To Setup the Linksys WRT54G Wireless-G Router for EarthLink DSL?
Just remember, you are on your own as EL will refuse to assist you when you supply your own Router. If you need support, they will refer you to the Linksys support since you purchased the Linksys Router on your own.
»EarthLink DSL FAQ »What is Earthlink's policy on networking and sharing an internet connection
Enjoy.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to AllisLost
said by AllisLost :...and thank YOU Dr.Olds for your time the info & links. But to be honest I'm still in the dark a bit. I understand that the Zp660-elink is technically a router and yet seems to lack the firewall security features I want/need (in like-minded forums the p660r-elink is often referred to as a "router" almost jokingly) or if it does, I'm not seeing them (after reading the above posted links). So I'll rephrase my question: Should I put one of these routers (w/firewall) between my Zyxel and PC to improve security? a) Yes, if configured properly this will help. b) No, there is no need to do this at all. c) You just don't get it - read the manual again. Please don't think me ungrateful, just still a little unclear. Thanks again, AIL Since you already have the extra Router then you can certainly use it but retest your security now as it is. OK?
There is a dedicated ZyXEL Networking Products Forum here at BBR you can read. Most of the EL supplied ZyXELs are discussed in the Earthlink DSL Forum though.
A Router is a Router as they all translate IP addresses so that (in the case of your residential DSL) the single Public IP can be easily shared between multiple PCs on the LAN side (when you add a Multi-port 10/100 Switch) as Private IPs are being used on those LAN connected PCs.
»Networking Forum FAQ »What is a router?
»Networking Forum FAQ »What is the difference between a Hub, Switch, and Router
»Networking Forum FAQ »How to link multiple routers
»Networking Forum FAQ »How do I share my connection using a cable/dsl router?
Will using two Routers truly make a difference in your Security?? Maybe, Maybe Not -- as the Router (or in your case Multiple Routers) are but one facet of Security and without layering your Security over the other facets, it leaves other vulnerabilities open.
»Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
AllisLost
join:2008-03-21
| reply to AllisLost
Awesome Dr,
You sealed the deal. As far as security goes, the only thing I'm missing is this (from: Security - layered approach):
"NAT ROUTER:
NAT ROUTER -If connecting via Cable/DSL, make the very important and relatively small investment in a Router (How Routers Work) with NAT (How NAT or Network Address Translation Works). In today's hostile Internet environment, no system should be without this protection ( »Security »When is an NAT router inadequate protection? ).
One example is the LinkSys Etherfast Cable/DSL BEFSR41. The price has dropped way down (05-2004: $40-$60US), and it will serve well in protecting against the hordes of INBOUND nasties.
It is very easy to set, and operation is, for the most part, "set and forget". Relevant DSL resources are: The DSL Linksys Forum FAQ: Tricks, Tips and Firmware , and the DSL Linksys Forum itself. There are other good routers.
Make sure the Router is properly configured (at a minimum, change its password, block WAN requests, disable "remote management", enable Stateful Packet Inspection or SPI, if applicable)."
It's the WAN requests & Stealthing that I'm most concerned about.
You've given me all the info I needed,
Thanks again. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by AllisLost :Awesome Dr, You sealed the deal. As far as security goes, the only thing I'm missing is this (from: Security - layered approach): "NAT ROUTER: The ZyXEL P-660R series are NAT Routers. I can't emphasize this enough. I don't know where you are getting that it is not a NAT Router.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
AllisLost
join:2008-03-21
edit:
March 28th, @01:27AM
| reply to AllisLost
Wow, it must have been hard not to call me "stupid" - you've shown the utmost restraint and patience, doctor.
I had not seen these options. Currently reading the manual.
Again, thank you.
(for the record; it wasn't that I thought it wasn't NAT (of course) it's the NAT/stealthing capabilities - of which I'm obviously unfamiliar) |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by AllisLost :Wow, it must have been hard not to call me "stupid" - you've shown the utmost restraint and patience, doctor. I had not seen these options. Currently reading the manual. Again, thank you. (for the record; it wasn't that I thought it wasn't NAT (of course) it's the NAT/stealthing capabilities - of which I'm obviously unfamiliar) No problem.  Just wanted to make sure we are on the same page in this discussion and I understand that you are just getting up to speed on ZyXEL Hardware you have not worked with before.
Glad to be able to help.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
AllisLost
join:2008-03-21
| reply to AllisLost
Doctor,
Just a follow up post here:
I have subsequently bridged my Zyxel Elnk modem to my Linksys wrt54gl without incident, and am currently passing all the port tests I can find.
I accomplished this only after you took the time to spell out a few things for me + the help of your posts regarding both of these models (I also learned a bit from the thread "Zyxel P-660R-ELNK Home Networking Problem" and took some contrary action).
Fully stealthed, great speeds, excellent connections - I'm a happy camper.
Thank you again for your help and patience.
A I L |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs: | Glad to hear of your success! |
|
