Cisco Systems WRV54G manual Appendix B Wireless Security, Brief Overview, What Are The Risks?

Page 67

Wireless-G VPN Broadband Router

Appendix B: Wireless Security

A Brief Overview

Whenever data - in the form of files, emails, or messages - is transmitted over your wireless network, it is open to attacks. Wireless networking is inherently risky because it broadcasts information on radio waves. Just like signals from your cellular or cordless phone can be intercepted, signals from your wireless network can also be compromised. What are the risks inherent in wireless networking? Read on.

What Are The Risks?

Computer network hacking is nothing new. With the advent of wireless networking, hackers use methods both old and new to do everything from stealing your bandwidth to stealing your data. There are many ways this is done, some simple, some complex. As a wireless user, you should be aware of the many ways they do this.

Every time a wireless transmission is broadcast, signals are sent out from your wireless PC or router, but not always directly to its destination. The receiving PC or router can hear the signal because it is within that radius. Just as with a cordless phone, cellular phone, or any kind of radio device, anyone else within that radius, who has their device set to the same channel or bandwidth can also receive those transmission.

Wireless networks are easy to find. Hackers know that, in order to join a wireless network, your wireless PC will typically first listen for "beacon messages". These are identifying packets transmitted from the wireless network to announce its presence to wireless nodes looking to connect. These beacon frames are unencrypted and contain much of the network's information, such as the network's SSID (Service Set Identifier) and the IP address of the network PC or router. The SSID is analogous to the network's name. With this information broadcast to anyone within range, hackers are often provided with just the information they need to access that network.

One result of this, seen in many large cities and business districts, is called "Warchalking". This is the term used for hackers looking to access free bandwidth and free Internet access through your wireless network. The marks they chalk into the city streets are well documented in the Internet and communicate exactly where available wireless bandwidth is located for the taking.

Even keeping your network settings, such as the SSID and the channel, secret won't prevent a hacker from listening for those beacon messages and stealing that information. This is why most experts in wireless networking strongly recommend the use of WEP (Wireless Equivalent Privacy). WEP encryption scrambles your wireless signals so they can only be recognized within your wireless network.

Appendix B: Wireless Security

Figure B-1: Warchalking

63

A Brief Overview

Image 67
Contents 802 GHz .11g Wireless- G Copyright and Trademarks How to Use this GuideWord definition Table of Contents Frequently Asked Questions Wireless SecurityWelcome IntroductionWhat’s in this Guide? Wireless-G Broadband VPN Router What’s an IP Address? Planning your Wireless NetworkRouter’s Functions IP AddressesDhcp Dynamic Host Configuration Protocol Servers Why do I need a VPN?Dynamic IP Addresses What is a VPN? VPN Router to VPN Router Wireless-G VPN Broadband Router Back Panel Getting to Know the Wireless-G VPN Broadband RouterDMZ Front PanelOverview Connecting the Wireless-G Broadband RouterWireless Connection to a PC Wired Connection to a PCWireless-G VPN Broadband Router Configuring Windows 98 and Millennium PCs Configuring the PCsProperties Configuring Windows 2000 PCsConfiguring Windows XP PCs Setup Configuring the RouterWireless Applications & Gaming Access RestrictionsAdministration SecurityInternet Setup How to Access the Web-based UtilitySetup Tab Basic Setup TabStatic Internet Connection Type Pptp Internet Connection Type Optional Settings Required by some ISPsNetwork Setup DynDNS.org Ddns TabAdvanced Routing MAC Address Clone Tab See FigureAdvanced Routing Tab MAC Clone10 Routing Table Static RoutingBasic Wireless Settings See Figure Wireless TabWireless Network WEP See Figure Wireless Security13 Wireless Network Access Wireless Network Access See Figure15 Advanced Wireless Settings Advanced Wireless Settings See FigureFirewall Security TabVPN 18 Manual Key Management 19 Advanced VPN Tunnel Setup WEP Access Restriction Access Restrictions Tab23 Internet Filter Summary Port Range Forwarding Applications and Gaming Tab27 Port Triggering Port Triggering28 UPnP Forwarding UPnP ForwardingDMZ Router Password Administration TabManagement Syslog Notification LogUPnP Email AlertGeneral Log DiagnosticsNotification Queue Length Alert Log33 Factory Default WAN Connections StatusRouter Information36 Local Network Local NetworkSystem Performance 38 WirelessCommon Problems and Solutions Appendix a TroubleshootingNeed to set a static IP address on a PC Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router TCP UDP Can’t get the Internet game, server, or application to work Need to upgrade the firmware To start over, I need to set the Router to factory defaultFirmware upgrade failed, and/or the Power LED is flashing Power LED flashes continuously My DSL service’s PPPoE is always disconnectingDoes the Router support IPX or AppleTalk? Frequently Asked QuestionsWhere is the Router installed on the network? Is IPSec Pass-Through supported by the Router?Does the Router support ICQ send file? What is Network Address Translation and what is it used for?How can I block corrupted FTP downloads? How many ports can be simultaneously forwarded? What is DMZ Hosting?What are the advanced features of the Router? Is the Router cross-platform compatible?What is infrastructure mode? What is the Ieee 802.11g standard?What Ieee 802.11b features are supported? What is ad-hoc mode?What is WEP? What is ISM band?What is Spread Spectrum? What is DSSS? What is FHSS? And what are their differences?How do I resolve issues with signal loss? How do I reset the Router?Have excellent signal strength, but I cannot see my network Brief Overview Appendix B Wireless SecurityWhat Are The Risks? Jamming Attacks Passive AttacksMan-in-the-Middle Attacks Maximizing Wireless SecurityActive Attacks Dictionary-Building or Table Attacks5SSID 8WEP Wireless-G VPN Broadband Router Figure B-2 WEP 4GHz/802.11b and 802.11g WEP EncryptionWRV54G EnvironmentFilter List 1 win-router How to Establish a Secure IPSec TunnelCreate an IPSec Policy Build Filter ListsFigure C-4 IP Filter List Filter List 2 router-winFigure C-7 IP Filter List Tunnel 1 win-router Configure Individual Tunnel RulesFigure C-13 Authentication Methods Tunnel 2 router-win Figure C-16 Tunnel Setting TabFigure C-19 IP Filter List Tab Figure C-22 Preshared Key Figure C-25 Connection Type Assign New IPSec PolicyFigure C-28 VPN Tab Create a Tunnel Through the Web-Based UtilityWindows 98 or Me Instructions Figure D-1 IP Configuration ScreenFigure D-3 MAC Address/Physical Address Windows 2000 or XP InstructionsAppendix E Snmp Functions Appendix F Upgrading Firmware Figure F-1 Upgrade FirmwareShared Resources Appendix G Windows HelpNetwork Neighborhood/My Network Places Appendix H Glossary Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Transmit Power 19dBm LEDs Appendix I SpecificationsUp to 54Mbps wireless, up to 100 Mbps LAN FCC Statement Appendix J Regulatory InformationFCC Part 68 Statement Safety Notices Limited Warranty Appendix K Warranty InformationAppendix L Contact Information