Chapter 7 Wireless
VMG1312-B Series User’s Guide
128
Because of the dam age that can be done by a m alicious at t acker, it ’s not just people who have
sensit ive inform ation on their network who should use securit y. Everybody who uses any wireless
net work should ensure t hat effect ive secur ity is in place.
A good way t o com e up wit h effect ive security keys, passwords and so on is t o use obscure
inform at ion t hat you personally will easily rem em ber, and to ent er it in a way t hat appears random
and does not include real words. For exam ple, if your m other owns a 1970 Dodge Challenger and
her favorite m ovie is Vanishing Point (which you know was m ade in 1971) you could use
“ 70dodchal71vanpoi” as your securit y key.
The following sect ions int roduce different types of wireless security you can set up in t he wireless
net work.
7.10.3.1 SSID
Norm ally, t he Device act s like a beacon and regularly broadcast s t he SSI D in the area. You can hide
the SSI D instead, in which case t he Device does not broadcast t he SSI D. I n addition, you should
change t he default SSI D t o som et hing t hat is difficult to guess.
This type of securit y is fair ly weak, however, because there are ways for unaut horized wireless
devices t o get t he SSI D. I n addit ion, unauthorized wireless devices can st ill see t he inform ation that
is sent in t he wireless network.
7.10.3.2 MAC Address Filter
Every device that can use a wireless net work has a unique identificat ion num ber, called a MAC
address.
1
A MAC address is usually writ t en using tw elve hexadecim al characters
2
; for exam ple,
00A0C5000002 or 00: A0: C5: 00: 00: 02. To get the MAC address for each device in the wireless
net work, see the device’s User ’s Guide or other docum entation.
You can use t he MAC address filter to tell the Device which devices are allowed or not allowed to
use t he wireless network. I f a device is allowed t o use the wir eless net work, it st ill has t o have the
correct inform at ion ( SSI D, channel, and securit y) . I f a device is not allowed t o use t he wireless
net work, it does not m att er if it has t he cor r ect inform at ion.
This type of securit y does not prot ect t he inform ation t hat is sent in the wireless net w ork.
Further m ore, t here are ways for unaut horized wireless devices to get t he MAC address of an
aut horized device. Then, they can use t hat MAC address to use t he wireless netw ork.
7.10.3.3 User Authentication
Authent ication is t he process of verifying whether a wireless device is allowed to use t he wireless
net work. You can m ake every user log in to the wireless network before using it . However, every
device in t he wireless network has t o support I EEE 802.1x to do t his.
For wireless net works, you can store t he user nam es and passwords for each user in a RADI US
server. This is a server used in businesses m ore than in hom es. I f you do not have a RADI US server,
you cannot set up user names and passwords for your users.
Unaut horized wireless devices can still see the inform at ion t hat is sent in the wireless net work,
even if they cannot use t he wireless network. Furtherm ore, t here are ways for unauthorized
1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds
of wireless devices might not have MAC addresses.
2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.
To Next Page
Loading...
