background image

their device set to the same channel or bandwidth can also receive those transmission.
Wireless networks are easy to find. Hackers know that, in order to join a wireless network, your
wireless PC will
typically first listen for "beacon messages". These are identifying packets transmitted from the
wireless network
to announce its presence to wireless nodes looking to connect. These beacon frames are
unencrypted and
contain much of the network's information, such as the network's SSID (Service Set Identifier) and
the IP address
of the network PC or router. The SSID is analogous to the network's name. With this information
broadcast to
anyone within range, hackers are often provided with just the information they need to access that
network.
One result of this, seen in many large cities and business districts, is called "Warchalking". This is
the term used
for hackers looking to access free bandwidth and free Internet access through your wireless
network. The marks
they chalk into the city streets are well documented in the Internet and communicate exactly where
available
wireless bandwidth is located for the taking.
Even keeping your network settings, such as the SSID and the channel, secret won't prevent a
hacker from
listening for those beacon messages and stealing that information. This is why most experts in
wireless
networking strongly recommend the use of WEP (Wireless Equivalent Privacy). WEP encryption
scrambles your
wireless signals so they can only be recognized within your wireless network.

Figure B-1: Warchalking

But even WEP has its problems. WEP's encryption algorithm is referred to as "simple", which also
means
"weak", because the technology that scrambles the wireless signal isn't too hard to crack for a
persistent hacker.
There are five common ways that hackers can break into your network and steal your bandwidth
as well as your
data. The five attacks are popularly known as:
1. Passive Attacks
2. Jamming Attacks
3. Active Attacks
4. Dictionary-building or Table Attacks
5. Man-in-the-Middle Attacks

Passive Attacks

There's no way to detect a passive attack because the hacker is not breaking into your network.
He is simply
listening (eavesdropping, if you will) to the information your network broadcasts. There are
applications easily
available on the Internet that can allow a person to listen into your wireless network and the
information it
broadcasts. Information such as MAC addresses, IP addresses, usernames, passwords, instant
message
conversations, emails, account information, and any data transmitted wirelessly, can easily be
seen by someone
outside of your network because it is often broadcast in clear text. Simply put, any information
transmitted on a
wireless network leaves both the network and individual users vulnerable to attack. All a hacker
needs is a

Summary of Contents for R930706G

Page 1: ...Windows XP PCs Chapter 6 Configuring the Router Overview How to Access the Web based Utility The Setup Tab The Wireless Tab The Security Tab The Access Restrictions Tab The Applications and Gaming Tab...

Page 2: ...ions Appendix E SNMP Functions Appendix F Upgrading Firmware Appendix G Windows Help Appendix H Glossary Appendix I Specifications Appendix J Warranty Information Appendix K Regulatory Information App...

Page 3: ...pass through and can be configured to filter internal users access to the Internet Configuration is a snap with the web browser based configuration utility With the Wireless AP VPN Router at the cente...

Page 4: ...ix G Finding the MAC Address and IP Address for your Ethernet Adapter This appendix describes how to find the MAC address for your computer s Ethenet adapter so you can use the MAC filtering and or MA...

Page 5: ...outers requires an IP address to identify its location or address on the network This applies to both the Internet and LAN connections There are two ways of assigning an IP address to your network dev...

Page 6: ...more than one DHCP server on your network you will experience network errors such as conflicting IP addresses To disable DHCP on the Router see the DHCP section in Chapter 6 The Router s Web based Ut...

Page 7: ...travels over the Internet Data travelling over the Internet will often pass through many different servers around the world before reaching its final destination That s a long way to go for unsecured...

Page 8: ...ternet distance is not a factor Using the VPN the telecommuter now has a secure connection to the central office s network as if he were physically connected IMPORTANT You must have at least one VPN R...

Page 9: ...ings etc and replace them with the factory defaults Do not reset the Router if you want to retain these settings Figure 3 1 Back Panel The Front Panel The Router s LEDs where information about network...

Page 10: ...nect one end of an Ethernet network cable to one of the LAN ports labeled 1 4 on the back of the Router see Figure 4 1 and the other end to an Ethernet port on a PC 3 Repeat this step to connect more...

Page 11: ...front panel will light up green as soon as the power adapter is connected properly The Power LED will flash for a few seconds then light up steady when the self test is complete If the LED flashes for...

Page 12: ...tings and click the Control Panel icon Double click the Network icon 2 On the Configuration tab select the TCP IP line for the applicable Ethernet adapter as shown in Figure 5 1 Do not choose a TCP IP...

Page 13: ...he following instructions assume you are running Windows XP with the default interface If you are using the Classic interface where the icons and menus look like previous Windows versions please follo...

Page 14: ...net connection and network settings on this screen DDNS To enable the Router s Dynamic Domain Name System DDNS feature complete the fields on this screen MAC Address Clone If you need to clone a MAC a...

Page 15: ...use of special purpose services use this screen Administration Management On this screen alter router access privileges and UPnP settings Log If you want to view or save activity logs click this tab D...

Page 16: ...rd Screen Static See Figure 6 3 If you are required to use a permanent IP address to connect to the Internet then select Static IP IP Address This is the Router s IP address when seen from the WAN or...

Page 17: ...the Router s Subnet Mask as seen by external users on the Internet including your ISP Your ISP will provide you with the Subnet Mask Default Gateway Your ISP will provide you with the Default Gateway...

Page 18: ...ommended that you leave the Router enabled as a DHCP server Local DHCP Server DHCP is already enabled by factory default If you already have a DHCP server on your network set the Router s DHCP option...

Page 19: ...d making your changes on this tab click the Save Settings button to save these changes or click the Cancel Changes button to undo your changes TZO com Tab Email Address TZO Password Key and Domain Nam...

Page 20: ...of network data select the protocol you want RIP1 or RIP2 Transmit RIP Version To use dynamic routing for transmission of network data select the protocol you want RIP1 RIP1 Compatible or RIP2 Figure...

Page 21: ...e Save Settings button to save these changes or click the Cancel Changes button to undo your changes Figure 6 10 Routing Table Hot Spot Tab The Hot Spot tab is for business owners who want to generate...

Page 22: ...d Key WPA gives you one encryption method TKIP with dynamic encryption keys Select the type of algorithm TKIP Enter a WPA Shared Key of 8 63 characters Then enter a Group Key Renewal period which inst...

Page 23: ...anumeric characters This Passphrase function is compatible with Wireless AP VPN Router wireless products only and cannot be used with Windows XP Zero Configuration If you want to communicate with non...

Page 24: ...a WEP key for authentication For Shared Key authentication the sender and recipient use a WEP key for authentication If you want to use only Shared Key authentication then select Shared Key CTS Prote...

Page 25: ...e Fragmentation Threshold too low may result in poor network performance Only minor modifications of this value are recommended Figure 6 19 Advanced Wireless Settings The Security Tab Firewall When yo...

Page 26: ...kets at the IP layer To allow IPSec Passthrough click the Enabled button To disable IPSec Passthrough click the Disabled button PPTP Pass Through Point to Point Tunneling Protocol Passthrough is the m...

Page 27: ...t traffic to the correct computer Refer to the Port Range Forwarding tab of the Applications and Gaming tab The Remote Secure Group is the computer s on the remote end of the tunnel that can access th...

Page 28: ...6 26 Subnet Any Authentication Authentication acts as another level of security There are two types of authentication MD5 and SHA SHA is recommended because it is more secure As with encryption either...

Page 29: ...me Authentication method Authentication Key This field specifies a key used to authenticate IP traffic and the Authentication Key is generated yourself The hexadecimal value is acceptable in this fiel...

Page 30: ...optionally select to have the key expire at the end of a time period of your choosing Enter the number of seconds you d like the key to be used until a re key negotiation between each endpoint is comp...

Page 31: ...rious services accessed over the Internet such as FTP or Telnet by selecting a service from the drop down menus next to Blocked Services If a service isn t listed you can click the Add Service button...

Page 32: ...ort Triggering is used for special Internet applications whose outgoing ports differ from the incoming ports For this feature the Router will watch outgoing data for specific port numbers See Figure 6...

Page 33: ...ware DMZ Public IP DMZ host can be assigned one public IP addr which was provided by ISP Private IP DMZ host own private IP addr It s different from LAN Hosts Figure 6 38 DMZ Figure 6 39 Management Th...

Page 34: ...nferencing To enable UPnP click Enabled Allow User to make Configuration Changes When enabled this feature allows you to make manual changes while still using the UPnP feature Allow users to disable I...

Page 35: ...the test Click the Clear Result button to clear the results The results of the test will display in the window Figure 6 41 Ping Test Factory Default See Figure 6 42 If you have exhausted all other op...

Page 36: ...re check the Neo Meridian website at www Neo Meridian com Common Problems and Solutions 1 I need to set a static IP address on a PC You can assign a static IP address to a PC by performing the followi...

Page 37: ...he OK button in the Local Area Connection Properties window 9 Restart the computer if asked For Windows XP The following instructions assume you are running Windows XP with the default interface If yo...

Page 38: ...g followed by your Internet or WAN IP address and press the Enter key The Internet or WAN IP Address can be found on the Status screen of the Router s web based utility For example if your Internet or...

Page 39: ...I need to remove the proxy settings or the dial up pop up window for PPPoE users 5 I can t get my Virtual Private Network VPN working through the Router Access the Router s web interface by going to...

Page 40: ...go to For example if the web server s Ethernet adapter IP address is 192 168 1 100 you would enter 100 in the field provided Check Appendix D Finding the MAC Address and IP Address for Your Ethernet A...

Page 41: ...o successfully use DMZ hosting since forwarding has priority over DMZ hosting In other words data that enters the Router will be checked first by the forwarding settings If the port number that the da...

Page 42: ...configuration 12 I need to upgrade the firmware In order to upgrade the firmware with the latest features you need to go to the Neo Meridian website and download the latest firmware at www Neo Meridia...

Page 43: ...in 3 Look for the MTU option and select Manual In the Size field enter 1492 4 Click the Save Settings button to continue If your difficulties continue change the Size to different values Try this list...

Page 44: ...o a LAN Does the Internet connection of the Router support 100Mbps Ethernet The Router s current hardware design supports up to 100Mbps Ethernet on its Internet port however the Internet connection sp...

Page 45: ...osting games the HL server does not need to be in the DMZ Just forward port 27015 to the local IP address of the server computer How can I block corrupted FTP downloads If you are experiencing corrupt...

Page 46: ...ome applications require multiple TCP IP ports to be open It is recommended that you set your computer with a static IP if you want to use DMZ Hosting To get the LAN IP address see Appendix D Finding...

Page 47: ...ith a wired network through a wireless access point What is roaming Roaming is the ability of a portable computer user to communicate continuously while moving freely throughout an area greater than t...

Page 48: ...SS and Frequency Hopping Spread Spectrum FHSS What is DSSS What is FHSS And what are their differences Frequency Hopping Spread Spectrum FHSS uses a narrowband carrier that changes frequency in a patt...

Page 49: ...nd levels 64 or 128 are being used on all nodes of your wireless network How many channels frequencies are available with the Router There are eleven available channels ranging from 1 to 11 in North A...

Page 50: ...is why most experts in wireless networking strongly recommend the use of WEP Wireless Equivalent Privacy WEP encryption scrambles your wireless signals so they can only be recognized within your wire...

Page 51: ...the hacker will also have access to data in the wired network Further spammers can use your Internet connection and your ISP s mail server to send tens of thousands of e mails from your network witho...

Page 52: ...net 2 Network Layout When you first lay out your network keep in mind where your wireless PCs are going to be located and try to position your router towards the center of that network radius Remember...

Page 53: ...m MAC address or spoofing faking a MAC address 7 Firewalls You can use the same firewall technology to protect your wired network from hackers coming in through your wireless network as you did for th...

Page 54: ...rk resources In this way multiple keys reduce your liability Finally be sure to change your WEP key regularly once a week or once a day Using a dynamic WEP key rather than one that is static makes it...

Page 55: ...configuring the Windows 2000 server at the Microsoft website Microsoft KB Q252735 How to Configure IPSec Tunneling in Windows 2000 http support microsoft com support kb articles Q252 7 35 asp Microsof...

Page 56: ...this section to win are references to Windows 2000 and XP Substitute the references to Router with Gateway Also the text on your screen may differ from the text in your instructions for OK or Close c...

Page 57: ...e security option is enabled and deselect the Accept unsecured communication but always respond using IPSec check box Select Session key Perfect Forward Secrecy and click the OK button Figure C 12 Sec...

Page 58: ...rwise proceed to the next step 15 Click the Tunnel Setting tab shown in Figure B 24 click the radio button for The tunnel endpoint is specified by this IP Address and enter the Windows 2000 XP compute...

Page 59: ...key exchange and IKE proposals are secure You may use any combination of up to 24 numbers or letters in this field No special characters or spaces are allowed In the Key Lifetime field you may option...

Page 60: ...something different Figure D 3 MAC Address Physical Address Note The MAC address is also called the Physical Address Appendix E SNMP Functions SNMP Simple Network Management Protocol is a widely used...

Page 61: ...g PCs to your network Appendix H Glossary 802 11a An IEEE wireless networking standard that specifies a maximum data transfer rate of 54Mbps and an operating frequency of 5GHz 802 11b An IEEE wireless...

Page 62: ...ion Protocol A networking protocol that allows administrators to assign temporary IP addresses to network computers by leasing an IP address to a user for a limited amount of time instead of assigning...

Page 63: ...velops networking standards Infrastructure A wireless network that is bridged to a wired network via an access point IP Internet Protocol A protocol used to send data over a network IP Address The add...

Page 64: ...Preamble Part of the wireless signal that synchronizes network traffic RADIUS Remote Authentication Dial In User Service A protocol that uses an authentication server to control network access RJ 45...

Page 65: ...network TX Rate Transmission Rate UDP User Datagram Protocol A network protocol for transmitting data that does not require acknowledgement from the recipient of the data that is sent Upgrade To repl...

Page 66: ...RE TO HAVE YOUR PROOF OF PURCHASE ON HAND WHEN CALLING When returning a product mark the Return Authorization Number clearly on the outside of the package and include a copy of your original proof of...

Page 67: ...MERIDIAN LIABILITY EXCEED THE AMOUNT PAID BY YOU FOR THE PRODUCT The foregoing limitations will apply even if any warranty or remedy provided under this Section fails of its essential purpose Some jur...

Page 68: ...n between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician f...

Page 69: ...tion Rec 70 03 For more details on legal combinations of power levels and antennas contact Neo Meridian Corporate Compliance Neo Meridian Group vakuuttaa t ten ett Instant Wireless IEEE 802 11 PC Card...

Page 70: ...r gebruik met buitenantennes Neem contact op met verkoper voor juiste procedure Appendix L Contact Information Need to contact Neo Meridian Visit us online for information on the latest products and u...

Reviews: