Navigation: Configuration > Configuration Guide (Web Mode) > Configuring Toll Fraud Prevention >
This topic describes how to isolate the public network from the private network, configure the whitelist, and configure the user login right and login authentication for preventing theft of the administrator right.
Isolating Private and Public Networks
To ensure security, the device is required to be deployed on the private network. If the device is deployed on the public network, risks (such as network attacks, unauthorized registration, and account theft) may occur. If the device must be deployed on the public network, take network isolation approaches, for example, disabling SSH service port 22 and Telnet management port 23 on the SBC and firewall to prevent communication through these ports. For details about the port numbers, see the Communication Matrix.
If the device is deployed on the public network or the preceding ports are not disabled on the SBC or firewall, unauthorized users may log in to the device and modify the configuration data.
Configuring IP Address Whitelists
If users on the public network need to access the device, configure the whitelist. Users with the whitelisted IP addresses can perform administrator operations on the device through the public network. For details about how to configure the whitelist.
Parent Topic: Configuring Toll Fraud Prevention