Operation Manual
Security Functions
11 NT/MPRI – 1 Introduction
The NT/MPRI does not establish a DSL connection until Internet
services are actually requested. During inactive periods the
NT/MPRI clears the connection after completing the last 60-sec-
ond phase begun.
l Tried and true filters and spoofing mechanisms intercept certain
protocol packets and prevent their unnecessary transmission over
ISDN to reduce the duration of the physical connection. The
NT/MPRI thus makes sure that the ISDN line is established almost
exclusively for effective data and keeps most of the background
data traffic in the LAN away from ISDN.
l Adjustable threshold values (per day, week and month) for the
maximum budget, maximum duration of the physical connection
and the maximum number of outgoing calls.
l Budgets definable for each destination.
l Cost assignment (COSO=Charge One Site Only), for instance, hav-
ing company headquarters take on all of the costs for connection
to the network.
Security Functions
The NT/MPRI offers security functions on two different levels. Through
its sophisticated access protection the NT/MPRI makes sure that only
authorized remote sites can access the LAN over ISDN. Data protection
ensures that no unauthorized access to the data occurs during trans-
mission.
Access Protection
The following functions are available:
l screening of the D-channel number of the calling side
l authentication with the PPP protocols PAP or CHAP.
The NT/MPRI supports authentication both on the local end and
at the remote site. Different passwords can be used on each end.
l security call-back for incoming calls
l firewall functions through preset and configurable IP filter profiles
l IP masquerading/Network Address Translation (NAT)
l configurable IPX RIP/SAP filters
ntmpri-e.book Seite 11 Donnerstag, 28. Februar 2002 11:26 11