Page 26 / 39 Scroll up to view Page 21 - 25
22
Wireless Security Checklist
Wireless-G Business Ethernet Bridge
Appendix A
Appendix A:
Wireless Security Checklist
Wireless networks are convenient and easy to install, so
homes with high-speed Internet access are adopting them
at a rapid pace. Because wireless networking operates by
sending information over radio waves, it can be more
vulnerable to intruders than a traditional wired network.
Like signals from your cellular or cordless phones, signals
from your wireless network can also be intercepted. Since
you cannot physically prevent someone from connecting
to your wireless network, you need to take some additional
steps to keep your network secure.
1. Change the default wireless
network name or SSID
Wireless devices have a default wireless network name
or Service Set Identifier (SSID) set by the factory. This
is the name of your wireless network, and can be up
to 32 characters in length. Linksys wireless products
use
linksys
as the default wireless network name. You
should change the wireless network name to something
unique to distinguish your wireless network from other
wireless networks that may exist around you, but do not
use personal information (such as your Social Security
number) because this information may be available for
anyone to see when browsing for wireless networks.
2. Change the default password
For wireless products such as access points and routers,
you will be asked for a password when you want to change
their settings. These devices have a default password set
by the factory. The Linksys default password is
admin
.
Hackers know these defaults and may try to use them
to access your wireless device and change your network
settings. To thwart any unauthorized changes, customize
the device’s password so it will be hard to guess.
3. Enable MAC address filtering
Linksys routers give you the ability to enable Media Access
Control (MAC) address filtering. The MAC address is a
unique series of numbers and letters assigned to every
networking device. With MAC address filtering enabled,
wireless network access is provided solely for wireless
devices with specific MAC addresses. For example, you can
specify the MAC address of each computer in your home
so that only those computers can access your wireless
network.
4. Enable encryption
Encryption protects data transmitted over a wireless
network. Wi-Fi Protected Access (WPA/WPA2) and Wired
Equivalency Privacy (WEP) offer different levels of security
for wireless communication. Currently, devices that are
Wi-Fi certified are required to support WPA2, but are not
required to support WEP.
A network encrypted with WPA/WPA2 is more secure
than a network encrypted with WEP, because WPA/WPA2
uses dynamic key encryption. To protect the information
as it passes over the airwaves, you should enable the
highest level of encryption supported by your network
equipment.
WEP is an older encryption standard and may be the
only option available on some older devices that do not
support WPA.
General Network Security Guidelines
Wireless network security is useless if the underlying
network is not secure.
Password protect all computers on the network and
individually password protect sensitive files.
Change passwords on a regular basis.
Install
anti-virus
software
and
personal
firewall
software.
Disable file sharing (peer-to-peer). Some applications
may open file sharing without your consent and/or
knowledge.
Additional Security Tips
Keep wireless routers, access points, or gateways away
from exterior walls and windows.
Turn wireless routers, access points, or gateways
off when they are not being used (at night, during
vacations).
Use strong passphrases that are at least eight characters
in length. Combine letters and numbers to avoid using
standard words that can be found in the dictionary.
Page 27 / 39
23
Glossary
Wireless-G Business Ethernet Bridge
Appendix B
Appendix B:
Glossary
This glossary contains some basic networking terms you
may come across when using this product.
WEB:
For additional terms, please visit the
glossary at
www.linksys.com/glossary
Access Mode
Specifies the method by which user access
is granted to the system.
Access Point
A device that allows wireless-equipped
computers and other devices to communicate with a
wired network. Also used to expand the range of a wireless
network.
Access Profiles
Allows network managers to define
profiles and rules for accessing the device. Access to
management functions can be limited to user groups,
which are defined by the following criteria:
Ingress interfaces
Source IP address and/or Source IP subnets.
ACE
Filters in Access Control Lists (ACL) that determine
which network traffic is forwarded. An ACE is based on the
following criteria:
Protocol
Protocol ID
Source Port
Destination Port
Wildcard Mask
Source IP Address
Destination IP Address
ACL (Access Control List)
Access Control Lists are
used to grant, deny, or limit access devices, features, or
applications.
Auto-negotiation
Allows 10/100 Mbps or 10/100/1000
Mbps Ethernet ports to automatically establish the
optimal duplex mode, flow control, and speed.
Back Pressure
A mechanism used with Half Duplex mode
that enables a port not to receive a message.
Bandwidth
The transmission capacity of a given device
or network.
Bandwidth
Assignments
Indicates
the
amount
of
bandwidth assigned to a specific application, user, and/or
interface.
Baud
Indicates
the
number
of
signaling
elements
transmitted each second.
Best Effort
Indicates that traffic is assigned to the lowest
priority queue, and packet delivery is not guaranteed.
Bit
A binary digit.
Boot
To start a device and cause it to start executing
instructions.
Browser
An application program that provides a way to
look at and interact with all the information on the World
Wide Web.
Bridge
A device that connect two networks. Bridges are
hardware specific, however they are protocol independent.
Bridges operate at Layer 1 and Layer 2 levels.
Broadcast Domain
Devices sets that receive broadcast
frames originating from any device within a designated
set. Routers bind Broadcast domains, because routers do
not forward broadcast frames.
Broadcast Storm
An excessive amount of broadcast
messages simultaneously transmitted across a network
by a single port. Forwarded message responses are
heaped onto the network, overloading network resources
or causing the network to time out.
Burst
A packet transmission at faster than normal rates.
Bursts are limited in time and only occur under specific
conditions.
Burst Size
Indicates the burst size transmitted at a faster
than normal rate.
Byte
A unit of data that is usually eight bits long
Cable Modem
A device that connects a computer to the
cable television network, which in turn connects to the
Internet.
CBS (Committed Burst Size)
Indicates the maximum
number of data bits transmitted within a specific time
interval.
CIR (Committed Information Rate)
The data rate is
averaged over a minimum time increment.
Class Maps
An aspect of Quality of Service system that is
comprised of an IP ACL and/or a MAC ACL. Class maps are
configured to match packet criteria, and are matched to
packets in a first-fit fashion.
Combo Ports
A single logical port with two physical
connections, including an RJ-45 connection and a SFP
connection.
Communities
Specifies a group of users which retain the
same system access rights.
Page 28 / 39
24
Glossary
Wireless-G Business Ethernet Bridge
Appendix B
CoS (Class of Service)
The 802.1p priority scheme. CoS
provides a method for tagging packets with priority
information. A CoS value between 0-7 is added to the
Layer II header of packets, where zero is the lowest priority
and seven is the highest.
DDNS (Dynamic Domain Name System)
Allows the
hosting of a website, FTP server, or e-mail server with a
fixed domain name (e.g., www.xyz.com) and a dynamic IP
address.
Default Gateway
A device that forwards Internet traffic
from your local area network.
DHCP
(Dynamic
Host
Configuration
Protocol)
A
networking protocol that allows administrators to assign
temporary IP addresses to network computers by “leasing”
an IP address to a user for a limited amount of time, instead
of assigning permanent IP addresses.
DHCP Clients
An Internet host using DHCP to obtain
configuration parameters, such as a network address.
DHCP Server
An Internet host that returns configuration
parameters to DHCP clients.
DNS (Domain Name Server)
The IP address of your ISP’s
server, which translates the names of websites into IP
addresses.
Domain
A specific name for a network of computers.
Download
To receive a file transmitted over a network.
DSL (Digital Subscriber Line)
An always-on broadband
connection over traditional phone lines.
DSCP (DiffServ Code Point)
Provides a method of
tagging IP packets with QoS priority information.
Dynamic IP Address
A temporary IP address assigned by
a DHCP server.
EIGRP
(Enhanced
Interior
Gateway
Routing
Protocol)
Provides fast convergence, support for variable-
length subnet mask, and supports multiple network layer
protocols.
Encryption
Encoding data transmitted in a network.
Ethernet
IEEE standard network protocol that specifies
how data is placed on and retrieved from a common
transmission medium.
Firmware
The programming code that runs a networking
device.
Flow
Control
Enables
lower
speed
devices
to
communicate
with
higher
speed
devices.
This
is
implemented by the higher speed device refraining from
sending packets.
FTP (File Transfer Protocol)
A protocol used to transfer
files over a TCP/IP network.
Full Duplex
The ability of a networking device to receive
and transmit data simultaneously.
GARP
(General
Attributes
Registration
Protocol)
Registers
client
stations
into
a
multicast
domain.
Gateway
A device that interconnects networks with
different, incompatible communications protocols.
GBIC (GigaBit Interface Converter)
A hardware module
used to attach network devices to fiber-based transmission
systems. GBIC converts the serial electrical signals to serial
optical signals and vice versa.
GVRP (GARP VLAN Registration Protocol)
Registers
client stations into a VLANs.
Half Duplex
Data transmission that can occur in two
directions over a single line, but only one direction at a
time.
HTTP
(HyperText
Transport
Protocol)
The
communications protocol used to connect to servers on
the World Wide Web.
HTTPS
(HyperText Transport
Protocol
Secure)
An
extension to the standard HTTP protocol that provides
confidentiality by encrypting the traffic from the website.
By default this protocol uses TCP port 443.
ICMP (Internet Control Message Protocol)
Allows the
gateway or destination host to communicate with the
source host. For example, to report a processing error.
IGMP (Internet Group Management Protocol)
Allows
hosts to notify their local switch or router that they want
to receive transmissions assigned to a specific multicast
group.
IP (Internet Protocol)
A protocol used to send data over
a network.
IP Address
The address used to identify a computer or
device on a network.
IPCONFIG
A Windows 2000 and XP utility that displays
the IP address for a particular networking device.
IPSec (Internet Protocol Security)
A VPN protocol used
to implement secure exchange of packets at the IP layer.
ISP (Internet Service Provider)
A company that provides
access to the Internet.
Jumbo Frames
Enable transporting identical data in
fewer frames. Jumbo Frames reduce overhead, lower
processing time, and ensure fewer interrupts.
LAG (Link Aggregated Group)
Aggregates ports or
VLANs into a single virtual port or VLAN.
LAN
The computers and networking products that make
up your local network.
Page 29 / 39
25
Glossary
Wireless-G Business Ethernet Bridge
Appendix B
MAC (Media Access Control) Address
The unique
address that a manufacturer assigns to each networking
device.
Mask
A filter that includes or excludes certain values, for
example parts of an IP address.
Mbps (MegaBits Per Second)
One million bits per
second; a unit of measurement for data transmission.
MD5 (Message Digest 5)
An algorithm that produces a
128-bit hash. MD5 is a variation of MD4, and increases MD4
security. MD5 verifies the integrity of the communication
and authenticates the origin of the communication.
MDI (Media Dependent Interface)
A cable used for end
stations.
MDIX (Media Dependent Interface with Crossover)
A
cable used for hubs and switches.
MIB (Management Information Base)
MIBs contain
information
describing
specific
aspects
of
network
components.
Multicast
Transmits copies of a single packet to multiple
ports.
Network
A series of computers or devices connected for
the purpose of data sharing, storage, and/or transmission
between users.
NMS (Network Management System)
An interface that
provides a method of managing a system.
OID (Object Identifier)
Used by SNMP to identify
managed objects. In the SNMP Manager/Agent network
management paradigm, each managed object must have
an OID to identify it.
Packet
A unit of data sent over a network.
Ping (Packet INternet Groper)
An Internet utility used
to determine whether a particular IP address is online.
Policing
Determines if traffic levels are within a specified
profile. Policing manages the maximum traffic rate used
to send or receive packets on an interface.
Port
The connection point on a computer or networking
device used for plugging in cables or adapters.
Port Mirroring
Monitors and mirrors network traffic by
forwarding copies of incoming and outgoing packets
from one port to a monitoring port.
Power over Ethernet (PoE)
A technology enabling an
Ethernet network cable to deliver both data and power.
QoS (Quality of Service)
Provides policies that contain
sets of filters (rules). QoS allows network managers
to decide how and what network traffic is forwarded
according to priorities, application types, and source and
destination addresses.
RADIUS
(Remote
Authentication
Dial-In
User
Service)
A protocol that uses an authentication server to
control network access.
RJ-45 (Registered Jack-45)
An Ethernet connector that
holds up to eight wires.
RMON
(Remote
Monitoring)
Provides
network
information to be collected from a single workstation.
Router
A networking device that connects multiple
networks together.
RSTP (Rapid Spanning Tree Protocol)
Detects and uses
network topologies that allow a faster convergence of the
spanning tree, without creating forwarding loops.
Server
Any computer whose function in a network is to
provide user access to files, printing, communications,
and other services.
SMTP (Simple Mail Transfer Protocol)
The standard e-
mail protocol on the Internet.
SNMP (Simple Network Management Protocol)
A
widely used network monitoring and control protocol.
SSH
Secure Shell. A utility that uses strong authentication
and secure communications to log in to another computer
over a network.
SSL (Secure Socket Layer)
Encryption technology for
the Internet used to provide secure transactions, such as
the transmission of credit card numbers for e-commerce.
Static IP Address
A fixed address assigned to a computer
or device that is connected to a network.
STP (Spanning Tree Protocol)
Prevents loops in network
traffic. The Spanning Tree Protocol (STP) provides tree
topography for any arrangement of bridges. STP provides
one path between end stations on a network, eliminating
loops.
Subnet
(Sub-network)
Subnets
are
portions
of
a
network that share a common address component. In
TCP/IP networks, devices that share a prefix are part of
the same subnet. For example, all devices with a prefix of
157.100.100.100 are part of the same subnet.
Subnet Mask
An address code that determines the size
of the network.
Switch
Filters
and
forwards
packets
between
LAN
segments. Switches support any packet protocol type.
TACACS+ (Terminal Access Controller Access Control
System Plus)
Proprietary Cisco enhancement to Terminal
Access Controller Access Control System (TACACS). Provides
additional support for authentication, authorization, and
accounting.
Page 30 / 39
26
Glossary
Wireless-G Business Ethernet Bridge
Appendix B
TCP (Transmission Control Protocol)
A network protocol
for transmitting data that requires acknowledgement
from the recipient of data sent.
TCP/IP
(Transmission
Control
Protocol/Internet
Protocol)
A set of instructions PCs use to communicate
over a network.
Telnet
A user command and TCP/IP protocol used for
accessing remote PCs.
TFTP (Trivial File Transfer Protocol)
A version of the
TCP/IP FTP protocol that has no directory or password
capability.
Throughput
The amount of data moved successfully
from one node to another in a given time period.
Trunking
Link Aggregation. Optimizes port usage by
linking a group of ports together to form a single trunk
(aggregated groups).
TX Rate
Transmission Rate.
UDP (User Data Protocol)
Communication protocol that
transmits packets but does not guarantee their delivery.
Upgrade
To replace existing software or firmware with a
newer version.
Upload
To transmit a file over a network.
URL (Uniform Resource Locator)
The address of a file
located on the Internet.
VLAN (Virtual Local Area Networks)
Logical subgroups
that constitute a Local Area Network (LAN). This is done in
software rather than defining a hardware solution.
WAN (Wide Area Network)
Networks that cover a large
geographical area.
Wildcard Mask
Specifies which IP address bits are
used, and which bits are ignored. A wild card mask
of 255.255.255.255 indicates that no bit is important.
A wildcard of 0.0.0.0 indicates that all the bits are
important.
For example, if the destination IP address is 149.36.184.198
and the wildcard mask is 255.36.184.00, the first two bits
of the IP address are used, while the last two bits are
ignored.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top