LANCOM Systems Support KnowledgeBase - Support Information
Document No: 1309.2711.4324.RHOO

Securing LANCOM routers and access points operating a Public Spot
Description:

This document describes the recommended configuration settings for securing the access to LANCOM routers and access points which are operating a Public Spot.


Requirements:


Procedure:

1) Configure secure access control

1.1) Open the configuration for the LANCOM router or access point in LANconfig and switch to the menu item Configuration -> Management -> Admin.

1.2) Enable the option SNMP read-only community 'Public' disabled.


    1.3) Depending on the local interface you are using to operate the Public Spot (LAN or WLAN), you should, under Access rights -> From the local network... and/or the Access rights -> From the wireless LAN, see that the logging protocols on the LANCOM router or LANCOM access point are restricted.

    Information:
    In the following example the potentially insecure protocols are disabled. We recommend that you configure this as a minimum security setting.

    If you have configured Configuration -> Public Spot -> General on HTTPS, the access rights for HTTP in these dialog fields can be declared as denied.





2) Block Public Spot users from accessing WEBconfig

2.1) Open the configuration for the LANCOM router or access point in LANconfig and switch to the menu item Configuration -> Public Spot -> Server.

2.2) Ensure that the option WEBconfig access by Public Spot interfaces limited to authentication pages is enabled.

    Information:
    If you carry out a new configuration of a Public Spot, this setting is enabled by default.