TD-W9960 V1.2 User Guide

Chapter 10 Network Security

This chapter guides you on how to protect your home network from unauthorized users by implementing these three network security functions. You can block or allow specific client devices to access your wireless network using MAC Filtering, or using Access Control for wired and wireless networks, or you can prevent ARP spoofing and ARP attacks by using IP & MAC Binding.

Firewall & DoS Protection

Service Filtering

Access Control

IP & MAC Binding

1. Firewall & DoS Protection

The SPI (Stateful Packet Inspection) Firewall and DoS (Denial of Service) Protection protect the router from cyber attacks.

The SPI Firewall can prevent cyber attacks and validate the traffic that is passing through the router based on the protocol. This function is enabled by default, and it’s recommended to keep the default settings.

DoS Protection can protect your home network against DoS attacks from flooding your network with server requests. Follow the steps below to configure DoS Protection.

1.Visit http://tplinkmodem.net, and log in with the account you set for the router.

2.Go to Advanced > Security > Firewall & DoS Protection.

3.Enable DoS Protection.

4.Set the level (Low, Middle or High) of protection for ICMP-Flood Attack Filtering, UDP-Flood Attack Filtering and TCP-Flood Attack Filtering.

ICMP-Flood Attack Filtering - Enable to prevent the ICMP (Internet Control Message Protocol) flood attack.

UDP-Flood Attack Filtering - Enable to prevent the UDP (User Datagram Protocol) flood attack.

TCP-Flood Attack Filtering - Enable to prevent the TCP (Transmission Control Protocol) flood attack.

5.Click Save.

Tips:

1.The level of protection is based on the number of traffic packets. Specify the level at DoS Protection Level Settings.

2.The protection will be triggered immediately when the number of packets exceeds the preset threshold value, and the vicious host will be displayed in the Blocked DoS Host List.

2. Service Filtering

With Service Filtering, you can prevent certain users from accessing the specified service, and even block internet access completely.

1.Visit http://tplinkmodem.net, and log in with the account you set for the router.

2.Go to Advanced > Security > Service Filtering.

3.Toggle on Service Filtering.

4.Click Add.

5.Select a Service Type from the drop-down list and the following four fields will be auto-populated. Select Custom when your desired service type is not listed, and enter the information manually.

6.Specify the IP address(es) that this filtering rule will apply to.

7.Click Save.

Note: If you want to disable this entry, click the icon.

3. Access Control

Access Control is used to block or allow specific client devices to access your network (via wired or wireless) based on a list of blocked devices (Blacklist) or a list of allowed devices (Whitelist).

I want to:

Block or allow specific client devices to access my network (via wired or wireless).

How can I do that?

1.Visit http://tplinkmodem.net, and log in with the account you set for the router.

2.Go to Advanced > Security > Access Control and enable Access Control.

3.Select the access mode to either block (recommended) or allow the device(s) in the list.

To block specific device(s)

1 )Select Blacklist and click Save.

2 )Select the device(s) to be blocked in the Online Devices table.

3 )Click Block above the Online Devices table. The selected devices will be added to Devices in Blacklist automatically.

To allow specific device(s)

1 )Select Whitelist and click Save.

2 )Click Add.

3 )Enter the Device Name and MAC Address. (You can copy and paste the information from Online Devices table if the device is connected to your network.)

4 )Click Save.

Done!

Now you can block or allow specific client devices to access your network (wired or wireless) using the Blacklist or Whitelist.

4. IP & MAC Binding

IP & MAC Binding, namely, ARP (Address Resolution Protocol) Binding, is used to bind a network device’s IP address to its MAC address. This will prevent ARP spoofing and other ARP attacks by denying network access to a device with a matching IP address in the Binding list, but an unrecognized MAC address.

I want to:

Prevent ARP spoofing and ARP attacks.

How can I do that?

1.Visit http://tplinkmodem.net, and log in with the account you set for the router.

2.Go to Advanced > Security > IP & MAC Binding and enable IP & MAC Binding.

3.Bind your device(s) according to your needs.

To bind the connected device(s)

1 )Select the device(s) to be bound in the ARP List.

2 )Click Bind to add to the Binding List.

To bind the unconnected device

1 )Click Add.

2 )Enter the MAC address and IP address that you want to bind.

3 )Select the check box to enable the entry and click Save.

Done!

Enjoy the internet without worrying about ARP spoofing and ARP attacks.

 
Feedback