Cisco Systems WRV54G manual Active Attacks, Dictionary-Building or Table Attacks

Page 69

Wireless-G VPN Broadband Router

Active Attacks

Hackers use Active Attacks for three purposes: 1) stealing data, 2) using your network, and 3) modifying your network so it's easier to hack in the next time.

In an Active Attack, the hacker has gained access to all of your network settings (SSID, WEP keys, etc.) and is in your network. Once in your wireless network, the hacker has access to all open resources and transmitted data on the network. In addition, if the wireless network's router is connected to a switch, the hacker will also have access to data in the wired network.

Further, spammers can use your Internet connection and your ISP's mail server to send tens of thousands of e-mails from your network without your knowledge.

Lastly, the hacker could make hacking into your network even easier by changing or removing safeguards such as MAC address filters and WEP encryption. He can even steal passwords and user names for the next time he wants to hack in.

Dictionary-Building or Table Attacks

Dictionary-building, or Table attacks, is a method of gaining network settings (SSID, WEP keys, etc.) by analyzing about a day's worth of network traffic, mostly in the case of business networks. Over time, the hacker can build up a table of network data and be able to decrypt all of your wireless transmissions. This type of attack is more effective with networks that transmit more data, such as businesses.

Man-in-the-Middle Attacks

A hacker doesn't need to log into your network as a user - he can appear as one of the network's own routers, setting himself up as the man-in-the-middle. To do this, the hacker simply needs to rig an router with your network's settings and send out a stronger signal that your router. In this way, some of your network's PCs may associate with this rogue router, not knowing the difference, and may begin sending data through it and to this hacker.

The trade-off for the convenience and flexibility wireless networking provides is the possibility of being hacked into through one of the methods described here. With wireless networks, even with WEP encryption, open to the persistent hacker, how can you protect your data? The following section will tell you how to do just that.

Maximizing Wireless Security

Security experts will all tell you the same thing: Nothing is guaranteed. No technology is secure by itself. An unfortunate axiom is that building the better mousetrap can often create a better mouse. This is why, in the

Appendix B: Wireless Security

65

What Are The Risks?

Page 68 Page 70
Image 69
Page 68 Page 70
Contents 802 GHz .11g Wireless- G How to Use this Guide Copyright and TrademarksWord definition Table of Contents Frequently Asked Questions Wireless SecurityWelcome IntroductionWhat’s in this Guide? Wireless-G Broadband VPN Router Router’s Functions Planning your Wireless NetworkIP Addresses What’s an IP Address?Why do I need a VPN? Dhcp Dynamic Host Configuration Protocol ServersDynamic IP Addresses What is a VPN? VPN Router to VPN Router Wireless-G VPN Broadband Router Back Panel Getting to Know the Wireless-G VPN Broadband RouterDMZ Front PanelOverview Connecting the Wireless-G Broadband RouterWireless Connection to a PC Wired Connection to a PCWireless-G VPN Broadband Router Configuring Windows 98 and Millennium PCs Configuring the PCsProperties Configuring Windows 2000 PCsConfiguring Windows XP PCs Configuring the Router SetupWireless Administration Access RestrictionsSecurity Applications & GamingSetup Tab How to Access the Web-based UtilityBasic Setup Tab Internet SetupStatic Internet Connection Type Pptp Internet Connection Type Optional Settings Required by some ISPsNetwork Setup DynDNS.org Ddns TabAdvanced Routing Tab MAC Address Clone Tab See FigureMAC Clone Advanced Routing10 Routing Table Static RoutingWireless Tab Basic Wireless Settings See FigureWireless Network WEP See Figure Wireless Security13 Wireless Network Access Wireless Network Access See Figure15 Advanced Wireless Settings Advanced Wireless Settings See FigureFirewall Security TabVPN 18 Manual Key Management 19 Advanced VPN Tunnel Setup WEP Access Restriction Access Restrictions Tab23 Internet Filter Summary Port Range Forwarding Applications and Gaming Tab27 Port Triggering Port Triggering28 UPnP Forwarding UPnP ForwardingDMZ Administration Tab Router PasswordManagement UPnP LogEmail Alert Syslog NotificationNotification Queue Length DiagnosticsAlert Log General Log33 Factory Default Router StatusInformation WAN Connections36 Local Network Local NetworkSystem Performance 38 WirelessAppendix a Troubleshooting Common Problems and SolutionsNeed to set a static IP address on a PC Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router TCP UDP Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Need to upgrade the firmwareFirmware upgrade failed, and/or the Power LED is flashing Power LED flashes continuously My DSL service’s PPPoE is always disconnectingWhere is the Router installed on the network? Frequently Asked QuestionsIs IPSec Pass-Through supported by the Router? Does the Router support IPX or AppleTalk?Does the Router support ICQ send file? What is Network Address Translation and what is it used for?How can I block corrupted FTP downloads? What are the advanced features of the Router? What is DMZ Hosting?Is the Router cross-platform compatible? How many ports can be simultaneously forwarded?What Ieee 802.11b features are supported? What is the Ieee 802.11g standard?What is ad-hoc mode? What is infrastructure mode?What is Spread Spectrum? What is ISM band?What is DSSS? What is FHSS? And what are their differences? What is WEP? How do I reset the Router? How do I resolve issues with signal loss? Have excellent signal strength, but I cannot see my network Appendix B Wireless Security Brief OverviewWhat Are The Risks? Jamming Attacks Passive AttacksActive Attacks Maximizing Wireless SecurityDictionary-Building or Table Attacks Man-in-the-Middle Attacks5SSID 8WEP Wireless-G VPN Broadband Router Figure B-2 WEP 4GHz/802.11b and 802.11g WEP EncryptionWRV54G EnvironmentCreate an IPSec Policy How to Establish a Secure IPSec TunnelBuild Filter Lists Filter List 1 win-routerFigure C-4 IP Filter List Filter List 2 router-winFigure C-7 IP Filter List Tunnel 1 win-router Configure Individual Tunnel RulesFigure C-13 Authentication Methods Tunnel 2 router-win Figure C-16 Tunnel Setting TabFigure C-19 IP Filter List Tab Figure C-22 Preshared Key Figure C-25 Connection Type Assign New IPSec PolicyFigure C-28 VPN Tab Create a Tunnel Through the Web-Based UtilityWindows 98 or Me Instructions Figure D-1 IP Configuration ScreenFigure D-3 MAC Address/Physical Address Windows 2000 or XP InstructionsAppendix E Snmp Functions Appendix F Upgrading Firmware Figure F-1 Upgrade FirmwareAppendix G Windows Help Shared ResourcesNetwork Neighborhood/My Network Places Appendix H Glossary Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Appendix I Specifications Transmit Power 19dBm LEDsUp to 54Mbps wireless, up to 100 Mbps LAN FCC Statement Appendix J Regulatory InformationFCC Part 68 Statement Safety Notices Limited Warranty Appendix K Warranty InformationAppendix L Contact Information
Top Page Image Contents