Page 136 / 149 Scroll up to view Page 131 - 135
ReferenceManualfortheModelFR114P,FR114WandFM114PCable/DSLProSafe FirewallFamily
B-10
Networks, Routing, and Firewall Basics
IP Configuration by DHCP
When an IP-based local area network is installed, each PC must be configured with an IP address.
If the PCs need to access the Internet, they should also be configured with a gateway address and
one or more DNS server addresses. As an alternative to manual configuration, there is a method by
which each PC on the network can automatically obtain this configuration information. A device
on the network may act as a Dynamic Host Configuration Protocol (DHCP) server. The DHCP
server stores a list or pool of IP addresses, along with other information (such as gateway and DNS
addresses) that it may assign to the other devices on the network. The FR114P Firewall has the
capacity to act as a DHCP server.
The FR114P Firewall also functions as a DHCP client when connecting to the ISP. The firewall
can automatically obtain an IP address, subnet mask, DNS server addresses, and a gateway address
if the ISP provides this information by DHCP.
Internet Security and Firewalls
When your LAN connects to the Internet through a router, an opportunity is created for outsiders
to access or disrupt your network. A NAT router provides some protection because by the very
nature of the Network Address Translation (NAT) process, the network behind the NAT router is
shielded from access by outsiders on the Internet. However, there are methods by which a
determined hacker can possibly obtain information about your network or at the least can disrupt
your Internet access. A greater degree of protection is provided by a firewall router.
What is a Firewall?
A firewall is a device that protects one network from another, while allowing communication
between the two. A firewall incorporates the functions of the NAT router, while adding features
for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be
recognized when they occur. When an incident is detected, the firewall can log details of the
attempt, and can optionally send email to an administrator notifying them of the incident. Using
information from the log, the administrator can take action with the ISP of the hacker. In some
types of intrusions, the firewall can fend off the hacker by discarding all further packets from the
hacker’s IP address for a period of time.
Page 137 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
Networks, Routing, and Firewall Basics
B-11
Stateful Packet Inspection
Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to
ensure secure firewall filtering to protect your network from attacks and intrusions. Since
user-level applications such as FTP and Web browsers can create complex patterns of network
traffic, it is necessary for the firewall to analyze groups of network connection "states". Using
Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then
analyzed for state-related information associated with all network connections. A central cache
within the firewall keeps track of the state information associated with all network connections.
All traffic passing through the firewall is analyzed against the state of these connections in order to
determine whether or not it will be allowed to pass through or rejected.
Denial of Service Attack
A hacker may be able to prevent your network from operating or communicating by launching a
Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely
flooding your site with more requests than it can handle. A more sophisticated attack may attempt
to exploit some weakness in the operating system used by your router or gateway. Some operating
systems can be disrupted by simply sending a packet with incorrect length information.
Page 138 / 149
ReferenceManualfortheModelFR114P,FR114WandFM114PCable/DSLProSafe FirewallFamily
B-12
Networks, Routing, and Firewall Basics
Wireless Networking
The FR114W Wireless-Ready Firewall and FM114P Wireless Firewall with Print Server conform
to the Institute of Electrical and Electronics Engineers (IEEE) 802.11b standard for wireless LANs
(WLANs). On an 802.11b wireless link, data is encoded using direct-sequence spread-spectrum
(DSSS) technology and is transmitted in the unlicensed radio spectrum at 2.5GHz. The maximum
data rate for the wireless link is 11 Mbps, but it will automatically back down from 11 Mbps to 5.5,
2, and 1 Mbps when the radio signal is weak or when interference is detected.
The 802.11b standard is also called Wireless Ethernet or Wi-Fi by the Wireless Ethernet
Compatibility Alliance (WECA, see http://www.wi-fi.net), an industry standard group promoting
interoperability among 802.11b devices.
Wireless Network Configuration
The 802.11b standard offers two methods for configuring a wireless network - ad hoc and
infrastructure.
Ad-hoc Mode (Peer-to-Peer Workgroup)
In an ad hoc network, computers are brought together as needed; thus, there is no structure or fixed
points to the network - each node can generally communicate with any other node. There is no
Access Point involved in this configuration. This mode enables you to quickly set up a small
wireless workgroup and allows workgroup members to exchange data or share printers as
supported by Microsoft Networking in the various Windows operating systems. Some vendors
also refer to ad hoc networking as Peer-to-Peer group networking.
In this configuration, network packets are directly sent and received by the intended transmitting
and receiving stations. As long as the stations are within range of one another, this is the easiest
and least expensive way to set up a wireless network.
Infrastructure Mode
With a wireless Access Point, you can operate the wireless LAN in the infrastructure mode. This
mode provides wireless connectivity to multiple wireless network devices within a fixed range or
area of coverage, interacting with wireless nodes via an antenna.
Page 139 / 149
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall
Networks, Routing, and Firewall Basics
B-13
In the infrastructure mode, the wireless access point converts airwave data into wired Ethernet
data, acting as a bridge between the wired LAN and wireless clients. Connecting multiple Access
Points via a wired Ethernet backbone can further extend the wireless network coverage. As a
mobile computing device moves out of the range of one access point, it moves into the range of
another. As a result, wireless clients can freely roam from one Access Point domain to another and
still maintain seamless network connection.
Extended Service Set Identification (ESSID)
The Extended Service Set Identification (ESSID) is one of two types of Service Set Identification
(SSID). In an ad-hoc wireless network with no access points, the Basic Service Set Identification
(BSSID) is used. In an infrastructure wireless network that includes an access point, the Extended
Service Set Identification (ESSID) is used, but may still be referred to as SSID.
An SSID is a thirty-two character (maximum) alphanumeric key identifying the wireless local area
network. Some vendors refer to the SSID as network name. For the wireless devices in a network
to communicate with each other, all devices must be configured with the same SSID.
Authentication and WEP Encryption
The absence of a physical connection between nodes makes the wireless links vulnerable to
eavesdropping and information theft. To provide a certain level of security, the IEEE 802.11
standard has defined two types of authentication methods, Open System and Shared Key. With
Open System authentication, a wireless PC can join any network and receive any messages that are
not encrypted. With Shared Key authentication, only those PCs that possess the correct
authentication key can join the network. By default, IEEE 802.11 wireless devices operate in an
Open System network.
Wired Equivalent Privacy (WEP) data encryption is utilized when the wireless nodes or access
points are configured to operate in Shared Key authentication mode. There are two shared key
methods implemented in most commercially available products, 64-bit and 128-bit WEP data
encryption.
The 64-bit WEP data encryption method, allows for a five-character (40-bit) input. Additionally,
24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. (The 24
factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all
data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption
as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits
wide.
Page 140 / 149
ReferenceManualfortheModelFR114P,FR114WandFM114PCable/DSLProSafe FirewallFamily
B-14
Networks, Routing, and Firewall Basics
The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the
forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user
configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal
characters to ease encryption key entry.
Wireless Channel Selection
IEEE 802.11 wireless nodes communicate with each other using radio frequency signals in the
ISM (Industrial, Scientific, and Medical) band between 2.4Ghz and 2.5Ghz. Neighboring
channels are 5Mhz apart. However, due to spread spectrum effect of the signals, a node sending
signals using a particular channel will utilize frequency spectrum12.5Mhz above and below the
center channel frequency. As a result, two separate wireless networks using neighboring channels
(for example, channel 1 and channel 2) in the same general vicinity will interfere with each other.
Applying two channels that allow the maximum channel separation will decrease the amount of
channel cross-talk, and provide a noticeable performance increase over networks with minimal
channel separation.
The radio frequency channels used are listed in
Table B-3
:
Table B-3.
802.11 Radio Frequency Channels
Channel
Center Frequency
Frequency Spread
1
2412Mhz
2399.5Mhz - 2424.5Mhz
2
2417Mhz
2404.5Mhz - 2429.5Mhz
3
2422Mhz
2409.5Mhz - 2434.5Mhz
4
2427Mhz
2414.5Mhz - 2439.5Mhz
5
2432Mhz
2419.5Mhz - 2444.5Mhz
6
2437Mhz
2424.5Mhz - 2449.5Mhz
7
2442Mhz
2429.5Mhz - 2454.5Mhz
8
2447Mhz
2434.5Mhz - 2459.5Mhz
9
2452Mhz
2439.5Mhz - 2464.5Mhz
10
2457Mhz
2444.5Mhz - 2469.5Mhz
11
2462Mhz
2449.5Mhz - 2474.5Mhz
12
2467Mhz
2454.5Mhz - 2479.5Mhz
13
2472Mhz
2459.5Mhz - 2484.5Mhz

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top