Manuals / Cisco Systems / Computer Equipment / Webcam

Cisco Systems WVC2300 manual Security Threats Facing Wireless Networks

Models: WVC2300

1 122
Download 122 pages 2.81 Kb
Page 14
Image 14

Planning Your Wireless Network

2

 

Security Threats Facing Wireless Networks

 

 

 

 

 

Most wireless networking devices will give you the option of broadcasting the SSID. While this option may be more convenient, it allows anyone to log into your wireless network. This includes hackers. So, don’t broadcast the SSID.

Wireless networking products come with a default SSID set from the factory. (The Cisco default SSID is “ciscosb”.) Hackers know these defaults and can check these against your network. Change your SSID to something unique and not something related to your company or the networking products you use.

Change your SSID regularly so that any hackers who have gained access to your wireless network will have to start from the beginning in trying to break in.

MAC Addresses. Enable MAC Address filtering. MAC Address filtering allows you to provide access to only those wireless nodes with certain MAC Addresses. This makes it harder for a hacker to access your network with a random MAC Address.

WEP Encryption. Wired Equivalent Privacy (WEP) is often looked upon as a cure-all for wireless security concerns. This is overstating WEP’s ability. Again, this can only provide enough security to make a hacker’s job more difficult. There are several ways that WEP can be maximized:

Use the highest level of encryption possible

Use “Shared Key” authentication

Change your WEP key regularly

WPA/WPA2 Personal. WPA stands for Wi-Fi Protected Access, which is a security standard stronger than WEP encryption. A network encrypted with WPA/WPA2 is more secure than a network encrypted with WEP, because WPA/WPA2 uses dynamic key encryption. To protect the information as it passes over the airwaves, you should enable the highest level.

WPA/WPA Enterprise. Enterprise refers to using RADIUS server for authentication, while RADIUS stands for Remote Authentication Dial-In User Service. This type of authentication requires some advanced expertise because it involves setting up a RADIUS server for authentication and, in some cases, creation of certificates for both the RADIUS server and the camera.

If you are using WPA/WPA2 Enterprise security, you will need to upload security certificates to the camera. Certificates must be in the following format:

Root certificate: DER encoded binary x.509 (CER/PEM)

User certificate: Personal Information Exchange (PKCS#12(.PFX))

Cisco PVC2300 and WVC2300 Internet Video Cameras with Audio Administration Guide

7

Page 13 Page 15
Page 14
Image 14
Cisco Systems WVC2300 manual Security Threats Facing Wireless Networks
Page 13 Page 15