Internet security

cisco-wirelss-dsl-router

1. Configuration Manager Admin password

Change router Configuration Manager’s password form its (default of admin):

Consult your routers manual which will illustrate how you can login to your router and update your administrator password.

2. Use sensible network security

Set network passwords and change them regularly. See your computer’s instructions.

Use good quality antivirus software to protect your computers. Update it regularly with latest virus upgrades

If you enable file sharing on your computer, you should not share your system files and should protect shared folders with a password. See help for your operating system.

If carrying sensitive information (e.g. corporate environment), you should use VPN type (Virtual Private Network) technology to protect your data. Follow guidelines from your company’s network administrator.

3. NAT Firewall
Most routers use NAT (Network Address Translation) to assign an address to your ADSL Modem. Only the NAT address is visible from the outside world and your computers are therefore protected against direct intrusion.

Make sure NAT is enabled consult your router documentation.

ADSL Frequently Asked Questions

What are microfilters?
Microfilters are small devices you install on your phone line between the phone and the wall connection to block electrical noises. Without microfilters, you may hear noise from the ADSL connection when talking on your phone. Ensure that you have plugged your modem in the correct socket on the micro filter otherwise it will not work and may be damaged.

How do I install the ADSL Router?
The best way to install the router is to follow the process on the paper quick start guide included with your product or on the CD.

Do I need a special Internet browser?
No. You can use most Internet browsers, such as Netscape Navigator* or Microsoft Internet Explorer*. Internet Explorer is provided on the installation CD.

Can I access my e-mail account over the Internet?
Web-based e-mail accounts,(e.g. Hotmail, Yahoo mail, and Talk21) are unaffected by the use of Broadband. Pop3 e-mail provided by an ISP may encounter problems if your ISP has chosen not to implement the necessary authentication protocols. Your ISP mail may be suspended if you cancel your contract with your ISP.

What services do I need?
To connect to the Internet, your ADSL Broadband service must be activated on your telephone line.

When can I install my ADSL Router?
You can install your modem at any time, however you will only be able to use your Broadband connection from the activation date you were given by your Service Provider.

What might affect the performance of my ADSL or telephony?
There are a few things that may affect the performance:

The ADSL Microfilters. Make sure you use good quality microfilters.
Old or incorrect extension wiring.
Old or some low quality telephones.
Can I use my activated ADSL line without Microfilters
Your ADSL Microfilters guarantee that your phone line and Broadband service do not interfere and should therefore be used all the time.

Can I access ADSL Broadband services using any modem/router?
ADSL Broadband services requires the use of an ADSL modem/router. This is different to other types of modem analogue modems and ISDN Terminal Adapter/PC cards, they will not work.

How many telephony devices can I have on my line?
Each telephony device has a REN (Ringing Equivalent Number) value, which should be shown on the underside of the device. The line will support a total REN of 4.

Is the bandwidth capacity of ADSL Broadband guaranteed?
No, ADSL provides variable bandwidth the capacity you receive is dependent upon the capacity available and will be shared by other users..

Wireless Frequently Asked Questions
How do I secure my wireless network?
See here for instructions

How many computers can I connect to the Base Unit?
In theory up to 250 computers can be connected to the Base Unit (wired or wireless). However, all these computers would have to share the broadband line and would experience poor download speeds. Depending upon actual traffic generated by each computer, up to 10 should give you an acceptable Internet experience.

Can I connect computers to the wired network sockets and the wireless network at the same time?
Yes.

If my neighbour has a similar product, will there be any interference?
Not unless both heavily surfing at the same time. You can change the operating channel if you are experiencing serious interference.

Can anyone “listen in” to my data or connect to my base station?
Not if you take precautions and secure your wireless network: see Wireless Security

Can I share files and printers between computers connected to the base station?
Yes. All computer should be visible in Network Neighbourhood / My Network Places.

Glossary of Wireless terms, Ad Hoc, MAC, Channel, Ethernet

Access Point
An internetworking device that seamlessly connects wired and wireless networks. Access Points combined with a distributed system support the creation of multiple radio cells that enable roaming throughout a facility.

Ad Hoc
A network composed solely of stations within mutual communication range of each other (no Access Point connected).

BSSID
Basic Service Set ID. Wireless MAC address of the device that controls the wireless network. In infrastructure mode, this is the base station, in Ad-hoc mode, it is the wireless adpater itself.

Channel
A medium used to pass protocol data units that can be used simultaneously in the same volume of space by other channels of the same physical layer, with an acceptably low frame error ratio due to mutual interference.

ESS
Extended Service Set. A set of one or more interconnected Basic Service Sets (BSSs) and integrated Local Area Networks (LANs) can be configured as an Extended Service Set.

Ethernet
The most widely used medium access method, which is defined by the IEEE 802.3 standard. Ethernet is normally a shared media LAN; i.e., all the devices on the network segment share total bandwidth. Ethernet networks operate at 10Mbps using CSMA/CD to run over 10BaseT cables.

Gateway
A network component that acts as an entrance to another network.

IEEE 802.11
The IEEE 802.xx is a set of specifications for LANs from the Institute of Electrical and Electronic Engineers (IEEE). Most wired networks conform to 802.3, the specification for CSMA/CD-based Ethernet networks or 802.5, the specification for token ring networks. 802.11 defines the standard for wireless LANs encompassing three incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Infrared. IEEE standards ensure interoperability between systems of the same type.

Infrastructure
A wireless network centered about an Access Point. In this environment, the Access Point not only provides communication with the wired network but also mediates wireless network traffic in the immediate neighborhood.

IP
Internet Protocol. The standard protocol within TCP/IP that defines the basic unit of information passed across an Internet connection by breaking down data messages into packets, routing and transporting the packets over network connections, then reassembling the packets at their destination. IP corresponds to the network layer in the ISO/OSI model.

IP Address
An IP address is a 32-bit number that identifies each sender or receiver of information sent across the Internet. An IP address has two parts: the identifier of a particular network on the Internet and an identifier of the particular device (which can be a server or a workstation) within that network.

MAC Address
A unique number that identifies a network adapter (wireless or not).

Radio Frequency
RR, Terms: GHz, MHz, Hz The international unit for measuring frequency is Hertz (Hz), equivalent to the older unit of cycles per second. One megahertz (MHz) is one Million-Hertz. One giga hertz (GHz) is one Billion-Hertz. The standard U.S. electrical power frequency is 60 Hz, the AM broadcast radio frequency band is 0.551.6 MHz, the FM broadcast radio frequency band is 88108 MHz, and wireless 802.11 LANs operate at 2.4GHz.

SSID
Service Set ID. A group name shared by every member of a wireless network. Only client PCs with the same SSID are allowed to establish a connection.

WEP
Wired Equivalent Privacy. The optional cryptographic confidentiality algorithm specified by 802.11. The algorithm is being used to provide data confidentiality that is subjectively equivalent to the confidentiality of a wired network medium that does not employ cryptographic techniques to enhance privacy.

WPA
Wi-Fi Protected Access. The next step in wireless security after WEP. WPA uses a different algorithm that automatically and regularly generate new network keys so it is virtually impossible for a hacker to crack the key.

Gossary of DSL terms, Dynamic IP Address, Mbps

The terms below may or may not be used in these documents, but are commonly used in the delivery of DSL.

Activation Date
This is the date when the telephone Company/ISP turn on ADSL on your line. This is assuming that you are within the distance constraints of ADSL.

ADSL
Asymmetric Digital Subscriber Line. A high-speed transmission technology using existing telephone lines that allow simultaneous phone conversations and Internet access. The downstream rates are greater than the upstream rate.

ARP (Address Resolution Protocol )
ARP is a TCP/IP protocol for mapping an IP address to a physical machine address that is recognized in the local network, such as an Ethernet address.

A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.

Inverse ARP (In-ARP), on the other hand, is used by a host to discover its IP address. In this case, the host broadcasts its physical address and a RARP server replies with the host’s IP address.

ATM
Asynchronous Transfer Mode. A connection-oriented switching technology that uses fixed-length cells. It is common for phone companies to use ATM to transfer data around the Internet.

Bps
Bits per second. Indicates the speed at which data bits are transferred.

Bridged Ethernet
Also referred to as RFC1483, not currently activated in the UK

CPE
Customer Premises Equipment. Your DSL modem is considered CPE equipment. It resides at your premises and connects you to the Telephone company network and then your ADSL Service Provider.

DHCP
Dynamic Host Configuration Protocol. A TCP/IP protocol that provides for automatic/dynamic IP addresses. If your computer is set for DHCP, your ISP will automatically assign you an IP address each time you log on to the network.

DMT
Discrete Multi-Tone. DSL technology that uses DSPs to code information for use in a DSL network. Currently in use in the UK.

DNS
Domain Name Server. Servers on the Internet or at the ISP that maintain associations between IP addresses and Domain Names. DNS allows the user to type in a name (www.robabdul.com) instead of the numeric IP address.

Downstream
Refers to the transmission direction from the Exchange to the Modem. Usually measured in Kbps.

DSL
Digital Subscriber Line. The high speed local-loop connection between the Exchange and your Modem. It provides concurrent telephony and Internet browsing over the same pair of wires. You will only need one phone number.

DSLAM
Digital Subscriber Line Access Multiplexer. This is the equipment installed at the phone companys Exchange that allows for ADSL. It splits your regular voice traffic from data traffic. Your Exchange must have the proper DSLAM for you to get DSL.

DSP
Digital Signal Processor. A chip on the modem that handles line signalling.

DUN
Dial-up Networking. This is a Microsoft application that is used to connect to the Internet when using a PPPoA connection type. It was first used to connect analogue modems.

Dynamic IP Address
This is a service provided by your ISP that automatically assigns you a random IP address from one of their pool of addresses. Your address may change each time you log on to the network. If you are hosting a Web server, you do not want to have a dynamic IP address. You should use a static address.

FAQ
Frequently Asked Questions.

G.Lite
G.Lite is the informal name of a way to deploy DSL services to home and small-business users. Also known as Universal ADSL, G.Lite makes it possible to have Internet connections to home and business computers at up to 4.0 Mbps (millions of bits per second) over regular phone lines. A technology that is not used extensively and not in the UK.

IP
Internet Protocol. The networking protocol used as the primary method for transferring data over the Internet. It is also used in many LANs.

ISP
Internet Service Provider – A company that provides you with access to the Internet. In these guides they are referred to generically as Service Providers. This can be either a Telephone company or one of many separate companies. To get Internet access you must have a Service Provider account that supports DSL and an activated ADSL line. Your ISP will provide you with the necessary account information.

Kbps
Kilobits per second. One K is 1,024 bits.

Last Mile
This is also referred to as the Local Loop. It is the distance between the CPE equipment and the Exchange.

LAN
Local area network. Used to link a number of computers together in a home or business. The Ethernet side of the ADSL Router is called the LAN port. It is a twisted-pair Ethernet 10Base-T interface. A hub can be connected to the LAN port. More than one computers, such as server or printer, can be connected through this hub to the ADSL Router and composes a LAN.

Local Loop
The distance between the Exchange equipment and the customers premises. Also known as the Last Mile.

Mail Server
Mail servers are located at the ISP and hold and route your e-mail until you access it. There are incoming and outgoing mail servers. Find out from your ISP what the name of your mail servers are.

Mbps
Megabits per second. One megabit is 1,048,576 bits.

Microfilter
Microfilters are devices that connect between your telephone and the phone socket. Because DSL allows voice and data to share the same pair of wires, Microfilters (like POTS splitters) keep the signals from interfering with each other. If you hear excess noise on your telephones after DSL service has been activated, make sure that your Microfilters are installed or that you have good quality filters.

Name Server
Name servers translate names from one form into another. For example, the Internet relies on Domain Name Servers (DNSs) that translate domain names (for example, www.robabdul.com) into IP addresses (for example, 225.225.225.0).

NAT (Network Address Translation)
NAT is an Internet standard that translates a private IP within one network to a public IP address, either a static or dynamic one. NAT provides a type of firewall by hiding internal IP addresses. It also enables a company to use more internal IP addresses.

If the IP addresses given by your ISP are not enough for each PC on the LAN and the ADSL Router, you need to use NAT. With NAT, you make up a private IP network for the LAN and assign an IP address from that network to each PC. One of some public addresses is configured and mapped to a private workstation address when accesses are made through the gateway to a public network.

For example, the ADSL Router is assigned with the public IP address of 168.111.2.1. With NAT enabled, it creates a Virtual LAN. Each PC on the Virtual LAN is assigned with a private IP address with default value of 192.168.1.2 to 192.168.2.254. These PCs are not accessible by the outside word but they can communicate with the outside world through the public IP 168.111.2.1.

News Server
News servers are located at the ISP. They hold and route messages from Internet news-groups. You can subscribe to newsgroups for reading and replying to messages. Contact your ISP for more information about using their news server.

NIC
Network Interface Card. A board that often resides in the computer that connects a computer to a network (LAN).

NTE
Network Terminating Equipment. This is the box that attaches to the customers house at the where your telephone line enters the house.

PVC
Permanent Virtual Circuit. A PVC is the combination of the VPI/VCI pair. This pair of numbers is used to identify a route through an ATM/ADSL network. The current default setting is 0,38.

POTS
Plain Old Telephone Service. Refers to the standard telephone service used in most homes.

POTS Splitter
A device that separates the POTS information from the DSL information. Because DSL and POTS share the same line, it is necessary to keep the two signals from interfering with each other. A POTS splitter will be situated at Network Terminating Equipment (where the line enters the premises), other times, a Microfilter will be used.

PPPoA
Point-to-Point over ATM Protocol (also sometimes seen as simply PPP). A protocol that some ISPs use to give users access to the ISPs computers and the Internet. You will currently need PPPoA, but the BT Voyager USB can support many protocols (Bridged Ethernet, Routed Ethernet, or Point-to-Point Protocol over Ethernet (PPPoE).

PPPoE
Point-to-Point over Ethernet (also sometimes seen as simply PPP). A protocol that some ISPs use to give users access to the ISPs computers and the Internet. You will currently need PPPoA, but the BT Voyager USB can support many protocols (Bridged Ethernet, Routed Ethernet, or Point-to-Point Protocol over ATM (PPPoA).

Private IP Address
Private IP addresses are also LAN IP addresses, but are considered “illegal” IP addresses to the Internet. They are private to an enterprise while still permitting full network layer connectivity between all hosts inside an enterprise as well as all public hosts of different enterprises.
The ADSL Router uses private IP addresses by assigning them to the LAN that cannot be directly accessed by the Internet or remote server. To access the Internet, private network should have an agent to translate the private IP address to public IP address.

Public IP Address
Public IP addresses are LAN IP addresses that can be considered “legal” for the Internet, because they can be recognized and accessed by any device on the other side of the DSL connection. In most cases they are allocated by your ISP.
If you are given a range of fixed IP addresses, then one can be assigned to the router and the others to network devices on the LAN, such as computer workstations, ftp servers, and web servers.

RFC1483
A standard that provides guidelines for Bridged Ethernet and Routed Ethernet connection protocols. (PPPoA, PPPoE etc). Current protocol used in the UK is PPPoA.

Routed Ethernet
Also referred to as RFC1483, this is a protocol that some ISPs use to give access to their computers and then to the Internet. Current setting in the UK is PPPoA.

Router
A device that directs LAN traffic through a network.

Static IP Address
This is an IP address that has been permanently assigned to you by your ISP.

TCP/IP
Transmission Control Protocol/Internet Protocol. The most widely used protocol suite of the World Wide Web.

Training up
With DSL, a negotiation needs to be made between the Modem equipment and the Exchange equipment (DSLAM). This process is called Training. When they have successfully talk to each other, they are considered Trained. Your modem must be Trained before you can pass any traffic or browse the Internet. Training will establish your speed and line quality. When this has been successfully completed both your lights will solid green.

Upstream
Refers to the transmission speed from your modem to the Exchange equipment. (Downstream is from the Exchange to your Modem).

VCI
Virtual Circuit Identifier. This number is part of the PVC. It establishes your channel through the telephone company equipment. Default setting is 0.

Virtual Server
You can designate virtual servers, e.g., a FTP, web, telnet or mail server, on your local network and make them accessible to the outside world. A virtual server means that it is not a dedicated server — that is, the entire computer is not dedicated to running on the public network but in the private network.

VPI
Virtual Path Identifier. This is part of the PVC. This, combined with the VCI, establishes your channel through the phone company equipment. Default setting is 38.

WAN (Wide Area Network)
The DSL port of the ADSL Router composes the WAN interface, which supports PPP or RFC 1483 connecting to another remote DSL device.

Introduction to ADSL

Your Service Providers ADSL service operates over a normal telephone line. This means that your telephone line can be used to send and receive high-speed digital data and make phone calls at the same time.

ADSL transforms the twisted copper pairs of wires between the local telephone exchange and your telephone socket into a high-speed digital line. It is called “asymmetric” because it moves data more quickly from the exchange to you than vice versa. This makes it ideal for applications where you would typically receive more data than you transmit, such as use of the World Wide Web and reception of digital audio/visual material. ADSL is the first generation of Digital Subscriber Line (DSL) technology.

Think of ADSL in this way when you download a web site page onto your browser. The request you send the system to download the page is much smaller than the page itself, so the system is designed to make the most of available bandwidth to fit in with the way you typically use the Internet.

Introduction to Wireless Networking
This section contains some Wireless Networking basics to help you better understand how a wireless network works.

Networking
A network is two or more computers connected together sharing Internet connection, files and peripheral devices such as printers. A wireless router allows your computers to connect to the Internet without wires. This lets you move a laptop computer around while staying connected to the Internet or lets you locate a desktop computer in a room that cannot easily be reached with cables.
Your wireless router Base Unit forms an Infrastructure wireless network.
Infrastructure Network
In the infrastructure network a Base Unit is used as the central point of all communications and acts as a gateway to the Internet. The Internet connection is automatically shared between all computers associated with the Base Unit. As a result, laptop or desktop computers on your wireless network can connect to the Internet as if they were directly plugged into the ADSL socket.

Ad-Hoc Network
An Infrastructure Network which is the most efficient way to share an Internet connection. For information, this section describes the other type of wireless network, the ad-hoc network, also known as peer-to-peer network.

In the ad-hoc network, computers communicate between one another without the need for a Base Unit. Windows Internet Connection Sharing can be used to share an Internet connection available on one computer between all computers on the network. At least one computer must already be connected to the Internet and be switched-on for other computers to access the Internet.
Wireless Network Settings

A Wireless Network is defined by the following settings:
Wireless Network Name (SSID): Identifies your wireless network.
Channel: Wireless Networks operate in the 2.4GHz frequency band where 14 channels are available. Devices must operate on the same channel to be able to communicate. In an infrastructure network, the Base Unit controls the channel allocation.

Security: You can use Hidden Name (Hidden SSID), WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) mechanisms to ensure the integrity of the network. More about Wireless Security…

Wireless Security WEP WPA WPA-PSK

Wireless routers are designed to be easy to protect against unwanted connection. It is recommended that you set-up security as soon as you have successfully installed the product and checked that default settings work to connect to the Internet.

WEP and WPA wireless security mechanism to protect data transmitted over the wireless network and to prevent unauthorised connection. Access list based are based on MAC Addresses so you can specify which wireless adapters are authorised to use your network.
First you need to decide the type of wireless security you want to use. Please Consult your Router Manual.

WEP
WEP (Wired Equivalent Privacy) is the security used as standard in older 802.11b wireless networks. Select 64-bit WEP or 128-bit WEP if: You wish to connect older wireless adapters that do not support WPA (see opposite) such as the BT Voyager 1010/1020 to your wireless network now or in the future WPA or WPA-PSK

WPA WPA-PSK
WPA (Wi-Fi Protected Access) is the next generation of security for wireless networks. WPA-PSK is the version of WPA specific for the home or small office users because it does not require an authentication server. With WPA-PSK, your network key is regularly and automatically changed so hackers cannot decode the key by listening to your connection.

Select WPA-PSK if: All your wireless adapters support WPA. Check your wireless adapter’s specification.
You wish to benefit from the additional security offered by WPA over standard WEP

For help on Enterprises security with WPA or 802.1x,  please refer Router Manual