Chapter 10 Network Security
This chapter guides you on how to protect your home network from cyber attacks and unauthorized users by implementing these three network security functions. You can protect your home network against DoS (Denial of Service) attacks from flooding your network with server requests using DoS Protection, block or allow specific client devices to access your network using Access Control, or you can prevent ARP spoofing and ARP attacks using IP & MAC Binding.
It contains the following sections:
1. Protect the Network from Cyber Attacks
The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection protect the router from cyber attacks.
The SPI Firewall can prevent cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default, and it’s recommended to keep the default settings.
DoS Protection can protect your home network against DoS attacks from flooding your network with server requests. Follow the steps below to configure DoS Protection.
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > Settings.
3.Enable DoS Protection.
4.Set the level (Off, Low, Middle or High) of protection for ICMP-FLOOD Attack Filtering, UDP-FlOOD Attack Filtering and TCP-SYN-FLOOD Attack Filtering.
•ICMP-FLOOD Attack Filtering - Enable to prevent the ICMP (Internet Control Message Protocol) flood attack.
•UDP-FlOOD Attack Filtering - Enable to prevent the UDP (User Datagram Protocol) flood attack.
•TCP-SYN-FLOOD Attack Filtering - Enable to prevent the TCP-SYN (Transmission Control Protocol-Synchronize) flood attack.
Tips:
The level of protection is based on the number of traffic packets. The protection will be triggered immediately when the number of packets exceeds the preset threshold value (the value can be set on Advanced > System Tools > System Parameters > DoS Protection Settings), and the vicious host will be displayed in the Blocked DoS Host List.
5.If you want to ignore the ping packets from the WAN port, select Forbid Wan Ping; if you want to ignore the ping packets form the LAN port, select Forbid Lan Ping.
6.Click Save.
Access Control is used to block or allow specific client devices to access your network (via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed devices (Whitelist).
I want to:
Block or allow specific client devices to access my network (via wired or wireless).
How can I do that?
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > Access Control.
3.Enable Access Control.
4.Select the access mode to either block (recommended) or allow the device(s) in the list.
To block specific device(s):
1 )Select Blacklist and click Save.
2 )Select the device(s) to be blocked in the Online Devices table by ticking the checkbox(es).
3 )Click Block above the Online Devices table. The selected devices will be added to Devices in Blacklist automatically.
To allow specific device(s):
1 )Select Whitelist and click Save.
2 )Click Add in the Devices in Whitelist section. Enter the Device Name and MAC Address (You can copy and paste the information from the Online Devices list if the device is connected to your network).
3 )Click OK.
Done!
Now you can block or allow specific client devices to access your network (via wired or wireless) using the Blacklist or Whitelist.
IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind network device’s IP address to its MAC address. This will prevent ARP Spoofing and other ARP attacks by denying network access to a device with matching IP address in the Binding list, but unrecognized MAC address.
I want to:
Prevent ARP spoofing and ARP attacks.
How can I do that?
1.Visit http://tplinkwifi.net, and log in with your TP-Link ID or the password you set for the router.
2.Go to Advanced > Security > IP & MAC Binding.
3.Enable ARP Binding.
4.Bind your device(s) according to your need.
To bind the connected device(s):
Click to add the corresponding device to the Binding List.
To bind the unconnected device:
1 )Click Add in the Binding List section.
2 )Enter the MAC address and IP address that you want to bind. Enter a Description for this binding entry.
3 )Tick the Enable This Entry checkbox and click OK.
Done! Now you don’t need to worry about ARP spoofing and ARP attacks!
Thank you for your feedback.
Sorry, something went wrong!