Home network

networking
ing basics:
Connecting Home Devices
Not long ago, home networks consisted of a desktop PC, a modem for Internet, and perhaps a
printer. In today’s homes there are dozens of devices that rely on network connectivity. We can
watch our security cameras from apps on our smart phones, make a telephone call from our
PCs, and stream live video content from anywhere in the world.

A home network is a small LAN with devices that usually connect to an integrated router and to
each other in order to excha
exchange
nge information. The router is connected to the Internet. Most likely,
the home router is equipped with both wired and wireless capabilities. Wireless technology
offers many advantages compared to traditional wired networks, as shown in the figure.

One of the main advantages of wireless is the ability to provide anytime, anywhere connectivity.
Within a home LAN, items such as smart phones and tablets are mobile. Televisions and other
audio/video devices may be mounted in more permanent locations and may ben
benefit
efit from wired
connectivity.

Wireless technology is fairly easy and inexpensive to install. The cost of home and business
wireless devices continues to decrease. Yet, despite the decrease in cost, the data rate and
capabilities of these devices have incre
increased,
ased, allowing faster, more reliable wireless
connections.

Wireless technology enables networks to be easily expanded, without the limitations of cabled
connections. New and visiting users can join the network quickly and easily.

Components of a Home Ne
Network
In addition to an integrated router, there are many different types of devices that might be
connecting to a home network, as shown in the figure. A few examples:

• Desktop Computers

• Gaming Systems

• Smart TV systems

• Printers

• Scanners

• Security Cameras

• Telephones

• Climate Control Devices

As the new technologies come on the market, more and more household functions will rely on
the network to provide connectivity and control.

Typical Home Network Routers

Small business and home routers typically have two primary types of ports:
• Ethernet Ports - These ports connect to the internal switch portion of the router. These ports
are usually labeled “Ethernet” or “LAN”, as shown in the figure. All devices connected to the
switch ports are on the same local network.

• Internet Port - This port is used to connect the device to another network. The Internet port
connects the router to a different network than the Ethernet ports. This port is often used to
connect to the Cable or DSL modem in order to access the Internet.

In addition to the wired ports, many home routers include wireless antenna and a built in
wireless access point. By default, the wireless devices are on the same local network as the
devices that are physically plugged into the LAN switch ports. The Internet port is the only port
that is on a different network in the default configuration.

Network Technologies in the home

The Electromagnetic Spectrum
What would we do without wireless? Because of the ever-increasing number of things that have
the capability of connecting to the Internet using wireless technologies, most home networks
include some type of wireless network functionality.
Wireless technologies use electromagnetic waves to carry information between devices. The
electromagnetic spectrum includes such things as radio and television broadcast bands, visible
light, x-rays and gamma-rays. Each of these has a specific range of wavelengths and
associated energies, as shown in the figure.

Some types of electromagnetic waves are not suitable for carrying data. Other parts of the
spectrum are regulated by governments and licensed to various organizations for specific
applications. Certain areas of the spectrum have been set aside to allow public use without the
restriction of having to apply for special permits. These unlicensed sections of the spectrum are
incorporated into consumer products, including the Wi-Fi routers found in most homes.

The electromagnetic spectrum is a map of all the types of light that we can
identify
LAN Wireless Frequencies
The wireless technologies most frequently used in home networks are in the unlicensed 2.4 GHz and 5 GHz
frequency ranges.

Bluetooth is a technology that makes use of the 2.4 GHz band. It is limited to low-speed, short-range
communications, but has the advantage of communicating with many devices at the same time. This one-to-
many communication has made Bluetooth technology the preferred method for connecting computer
peripherals such as wireless mice, keyboards and printers. Bluetooth is useful as a method to transmit audio to
speakers or headphones.

Other technologies that use the 2.4 GHz and 5 GHz bands are the modern wireless LAN technologies that
conform to the various IEEE 802.11 standards. They are unlike Bluetooth technology in that they transmit at a
much higher power level, which gives them a greater range and improved throughput.
The figure shows where wireless technologies exist on the electromagnetic spectrum.
 Wired Network Technologies
Although many home network devices support wireless communications, there are still a few
applications where devices benefit from a wired switch connection that is not shared with other users
on the network.

The most commonly implemented wired protocol is the Ethernet protocol. Ethernet uses a suite of
protocols that allow network devices to communicate over a wired LAN connection. An Ethernet LAN
can connect devices using many different types of wiring media.

Directly connected devices use an Ethernet patch cable, usually unshielded twisted-pair. These
cables can be purchased with the RJ-45 connectors already installed, and they come in various
lengths. Recently constructed homes may have Ethernet jacks already wired in the walls of the
home. For those homes that do not have UTP wiring, there are other technologies, such as
powerline, that can distribute wired connectivity throughout the premises.

Review the information below the figure for more information on each cable type.

Category 5 Cable (Twisted-Pair)

Category 5 is the most common wiring used in a LAN. The cable is made up of 4 pairs of wires that
are twisted to reduce electrical interference.
Coaxial (coax) Cable
Coaxial cable has an inner wire surrounded by a tubular insulating layer, that is then surrounded by
a tubular conducting shield. Most coax cables also have an external insulating sheath or jacket

Ethernet Over Powerline

Existing power lines in a house can be used to connect devices to an Ethernet LAN.
Wireless Settings
Wireless routers using the 802.11 standards have multiple settings that have to be configured.
These settings include:

• Network mode

• Network Name (SSID)

• Standard Channel

• SSID Broadcast

Note: SSID stands for Service Set Identifier.

Network Mode

The 802.11 protocol can provide increased throughput based on the wireless network
environment. If all wireless devices connect with the same 802.11 standard, maximum speeds
can be obtained for that standard. If the access point is configured to accept only one 802.11
standard, devices that do not use that standard cannot connect to the access point.

A mixed mode wireless network environment can include devices that use any of the existing
Wi-Fi standards. This environment provides easy access for older devices that need a wireless
connection but do not support the latest standards.

When building a wireless network, it is important that the wireless components connect to the
appropriate WLAN. This is done using the SSID.

The SSID is a case-sensitive, alpha-numeric string that is up to 32-characters. It is sent in the

header of all frames transmitted over the WLAN. The SSID is used to tell wireless devices,
called wireless stations (STA), which WLAN they belong to and with which other devices they
can communicate.

We use the SSID to identify a specific wireless network, it is essentially the name of the
network. Routers usually broadcast their configured SSIDs by default. The SSID broadcast
allows other devices and wireless clients to automatically discover the name of the wireless
network. When the SSID broadcast is disabled, you must manually enter the SSID on wireless
devices.

Disabling SSID broadcasting can make it more difficult for legitimate clients to find the wireless
network. However, simply turning off the SSID broadcast is not sufficient to prevent
unauthorized clients from connecting to the wireless network. All wireless networks should use
the strongest available encryption to restrict unauthorized access.

View the descriptions below the figure for more information about the wireless router interface.
Network Mode
Determines the type of technology that must be supported. For example, 802.11b, 802.11g,
802.11n or Mixed Mode.

SSID
Used to identify the WLAN. All devices that wish to participate in the WLA
WLAN
N must have the same
SSID.

Standard Channel
Specifies the channel over which communication will occur. By default, this is set to Auto to
allow the AP to determine the optimum channel to use.

SSID Broadcast
Determines if the SSID will be broadcast to all d
devices
evices within range. By default set to Enabled.

Wireless Channels
Wireless devices that transmit over the same frequency range create interference in a Wi-Fi
network. Home electronic devices, such as cordless phones, other wireless networks, and baby
monitors, may use this same frequency range. These devices can slow down the Wi-Fi
performance and potentially break network connections.

Channels

Channels are created by dividing up the available RF spectrum. Each channel is capable of
carrying a different conversation, as shown in the figure. This is similar to the way that multiple
television channels are transmitted across a single medium. Multiple APs can function in close
proximity to one another as long as they use different channels for communication. Normally
each wireless conversation makes use of a separate channel. Some of the 5 GHz wireless
technologies combine multiple channels to create a single wide channel, which provides more
bandwidth and increases the data rate.

Managing Multiple Conversations

In a shared media Ethernet wired network, collisions occur when two or more devices attempt to
send messages on the network at the same time. Ethernet protocols detect the collisions and all
devices stop transmitting for a period of time in order to ensure that there is no additional
contention for the media.

Within a wireless LAN, the lack of well-defined boundaries makes it impossible to detect if
collisions occur during transmission. Therefore, it is necessary to use an access method on a
wireless network that ensures collisions do not occur.

Wireless technology uses an access method called Carrier Sense Multiple Access with Collision
Avoidance (CSMA/CA). CSMA/CA creates a reservation on the channel for a specific
conversation between devices. While a reservation is in place, no other device may transmit on
the channel thus possible collisions are avoided.

How does this reservation process work? If a device requires use of a specific communication
channel in the wireless network, it must ask permission from the AP. This is known as a
Request to Send (RTS). If the channel is available, the wireless access point (AP) will respond
to the device with a Clear to Send (CTS) message indicating that the device may transmit on
the channel. A CTS is broadcast to all devices within the network. Therefore, all devices in the
network know that the requested channel is now in use.

When the conversation is complete, the device that requested the channel sends another
message to the AP known as an Acknowledgment (ACK). The ACK indicates to the AP or the
router that the channel can be released. This message is also broadcast to all devices on the
WLAN. All devices within the network receive the ACK and know that the channel is now
available.

Watch the animation below to see the reservation process.

First Time Setup
Many wireless routers designed for home use have an automatic setup utility that can be used to
configure the basic settings on the router. These utilities usually require a PC or laptop to be
connected to a wired port on the router. If no device is available that has a wired connection, it may
be necessary to configure the wireless client software on the laptop or tablet first.

To connect to the router using a wired connection, plug an Ethernet patch cable into the network port
on the computer, as shown in the figure. Plug the other end into a LAN port on the router. Do not
plug the cable into the port or interface that is labeled “Internet”. The Internet port will connect to the
DSL or Cable modem. Some home routers may have a built-in modem for Internet connections. If
this is the case, verify that the type of connection is correct for your Internet service. A cable modem
connection will have a coaxial terminal to accept a BNC-type connector, a DSL connection will have
a port for a telephone-type cable, usually an RJ-11 connector.

After confirming that the computer is connected to the network router and the link lights on the NIC
indicate a working connection, the computer needs an IP address. Most network routers are set up
so that the computer receives an IP address automatically from a local DHCP server. If the computer
does not have an IP address, check the router documentation and configure the PC or tablet with
the unique IP address that is required in the TCP/IP properties of the NIC.
Asking the Right Questions
Before entering the configuration utility, or manually configuring the router through a web browser,
you should consider how your network will be used. You do not want to configure the router and
have that configuration limit what you are able to do on the network, nor do you want to leave your
network unprotected.

What should my network be called?

If SSID broadcasting is on, the SSID name will be seen by all wireless clients within your signal
range. Many times the SSID gives away too much information about the network to unknown client
devices. It is not a good practice to include the device model or brand name as part of the SSID.
Wireless devices have default settings that are easy to find on the Internet, as well as known
security weaknesses. Ensure that the SSID is changed from the default settings.

What types of devices will attach to my network?

Wireless devices contain radio transmitter/receivers that function within a specific frequency range. If
a device only has the necessary radio for 802.11 b/g, it will not connect if the wireless router or
access point is configured to only accept 802.11n or 802.11ac standards. If all devices support the
same standard, the network will work at its optimum speed. If you have devices that do not support
the n or ac standards, then you will have to enable mixed mode. A mixed mode wireless network
environment varies between router models but can include a combination of 802.11a, 802.11b,
802.11g, 802.11n, and 802.11ac. This environment provides easy access for legacy devices that
need a wireless connection.

The figure shows an example of a wireless setup screen.

 Who Can Use My Network?
The decision regarding who ca
can
n access your home network should be determined by how you plan
to use the network. Many routers support MAC address filtering. As shown in the figure, this enables
you to specifically identify who is allowed on the wireless network. For example, the two ttop
op devices
are allowed to connect, but the device at the lower right of the figure is not. You would have to add
the MAC address of the lower right device so it could connect to the network.

This makes the wireless network more secure, but it also reduces the flexibility when connecting
new devices. As an example, if you want to allow anyone of your friends and family to access the
network from any device, it would be difficult and time consuming to configure MAC address filtering
on the router.

On some wireless
eless routers, it is possible to set up guest access. This is a special SSID coverage area
that allows open access, but restricts that access to using the Internet only. Devices on the protected
LAN are not accessible to guest users. Not all wireless route
routers
rs support this function. Research the
router vendor’s website to determine if you can create a guest SSID on your model router.

If there is no guest mode on the router, then you must restrict who can authenticate into the router to
use the services. Authe
Authentication
ntication methods on wireless routers require a password or passphrase to
connect to the SSID. The combination of non
non-broadcast
broadcast SSID and a passphrase ensures that your
guests will need information from you in order to access your network.
What is an ISP?
An Internet Service Provider (ISP) provides the link between the home network and the global
Internet. An ISP can be the local cable provider, a landline telephone service provider, the cellular
network that provides your smart phone service, or an independent provider who leases bandwidth
on another company’s physical network infrastructure.

Many ISPs also offer additional services to their contract subscribers, as shown in the figure. These
services can include email accounts, network storage, and website hosting and automated backup
or security services.

ISPs are critical to communications across the global Internet. Each ISP connects to other ISPs to
form a network of links that interconnect users all over the world. ISPs are connected in a
hierarchical manner that ensures that Internet traffic should not traverse networks that are not in the
shortest path from the source to the destination.

The Internet backbone is like an information super highway that provides high-speed data links to
connect the various service provider networks in major metropolitan areas around the world. The
primary medium that connects the Internet backbone is fiber-optic cable. This cable is typically
installed underground to connect cities within continents. Fiber-optic cables also run under the sea to
connect continents, countries, and cities.
 How Do I Connect to the Internet?
The interconnection of ISPs that forms the backbone of the Internet is a complex web of fiber-optic
cables with expensive networking switches and routers directing the flow of information between
source and destination hosts. The average home user is not aware of the infrastructure outside of
their network. For a home user, connecting to the ISP is a fairly uncomplicated process.

The top portion of the figure displays the simplest ISP connection option. It consists of a modem that
provides a direct connection between a computer and the ISP. This option should not be used
though, because your computer is not protected on the Internet.

As shown in the bottom portion of the figure, a router is required to securely connect a computer to
an ISP. This is the most common connection option. It consists of using a wireless integrated router
to connect to the ISP on your behalf. The router includes a switch to connect wired hosts and a
wireless AP to connect wireless hosts. The router also provides client addresses and security for
inside hosts.

Cable and DSL Connections

Most home network users do not connect to their service providers with fiber-optic cables. The figure
illustrates common connection options for small office and home users. However, the two most
common methods are:

 Cable - Typically offered by cable television service providers, the Internet data signal is carried on
the same coaxial cable that delivers cable television. It provides a high bandwidth, always on,
connection to the Internet. A special cable modem separates the Internet data signal from the other
signals carried on the cable and provides an Ethernet connection to a host computer or LAN.
 DSL – Digital Subscriber Lines provide a high bandwidth, always on, connection to the Internet. It
requires a special high-speed modem that separates the DSL signal from the telephone signal and
provides an Ethernet connection to a host computer or LAN. DSL runs over a telephone line, with
the line split into three channels. One channel is used for voice telephone calls. This channel
allows an individual to receive phone calls without disconnecting from the Internet. A second
channel is a faster download channel, used to receive information from the Internet. The third
channel is used for sending or uploading information. This channel is usually slightly slower than
 the download channel. The quality and speed of the DSL connection depends mainly on the quality
of the phone line and the distance from your phone company's central office. The farther you are
from the central office, the slower the connection.

Additional Connectivity Options

Other ISP connection options for home users include:

• Cellular - Cellular Internet access uses a cell phone network to connect. Wherever you can get a
cellular signal, you can get cellular Internet access. Performance will be limited by the capabilities of
the phone and the cell tower to which it is connected. The availability of cellular Internet access is a
real benefit for people in areas that would otherwise have no Internet connectivity at all, or for people
who are constantly on the move. The downside of cellular connectivity is that the carrier usually
meters the bandwidth usage of the connection and may charge extra for bandwidth that exceeds the
contract data plan.

• Satellite - Satellite service is a good option for homes or offices that do not have access to DSL or
cable. Satellite dishes (see figure) require a clear line of sight to the satellite and so might be difficult
in heavily wooded areas or places with other overhead obstructions. Speeds will vary depending on
the contract, though they are generally good. Equipment and installation costs can be high (although
check the provider for special deals), with a moderate monthly fee thereafter. Like cellular access,
the availability of satellite Internet access is a real benefit in areas that would otherwise have no
Internet connectivity at all.

• Dial-up Telephone - An inexpensive option that uses any phone line and a modem. To connect to
the ISP, a user calls the ISP access phone number. The low bandwidth provided by a dial-up
modem connection is usually not sufficient for large data transfer, although it is useful for mobile
access while traveling. A modem dial-up connection should only be considered when higher speed
connection options are not available.

In metropolitan areas, many apartments and small offices are being connected directly with fiber-
optic cables. This enables an Internet service provider to provide higher bandwidth speeds and
support more services such as Internet, phone, and TV.

The choice of connection varies depending on geographical location and service provider
availability.
Mobile Devices and Wi-Fi
Mobile devices give us the freedom to work, learn, play, and communicate wherever we want.
People using mobile devices do not need to be tied to a physical location to send and receive voice,
video, and data communications. In addition, wireless facilities, such as Internet cafes, are available
in many countries. College campuses use wireless networks to allow students to sign up for classes,
watch lectures, and submit assignments in areas where physical connections to the network are
unavailable. With mobile devices becoming more powerful, many tasks that needed to be performed
on large computers connected to physical networks can now be completed using mobile devices on
wireless networks.

Almost all mobile devices are capable of connecting to Wi-Fi networks. It is advisable to connect to
Wi-Fi networks when possible because data used over Wi-Fi does not count against the cellular data
plan. Also, because Wi-Fi radios use less power than cellular radios, connecting to Wi-Fi networks
conserves battery power. Like other Wi-Fi-enabled devices, it is important to use security when
 connecting to Wi-Fi networks. These precautions should be taken to protect Wi-Fi communications
on mobile devices:

 Never send login or password information using unencrypted text (plaintext).

 Use a VPN connection when possible if you are sending sensitive data.
 Enable security on home networks.
 Use WPA2 encryption for security.

Wi-Fi Settings
Two of the most popular operating systems for mobile devices are Android and Apple iOS. Each
operating system has settings that enable you to configure it to connect to wireless networks.

Operating systems for mobile devices are updated frequently and may be customized by the device
manufacturer. The images below may not be exactly the same on your device. There are online
manuals for every type of device, usually accessible from the manufacturer’s web site.

To turn Wi-Fi on or off, use the following path for Android, shown in Figure 1. The Apple iOS settings
screen is shown in Figure 2.

To connect an Android device when it is within the coverage range of a Wi-Fi network, turn on Wi-Fi
and the device then searches for all available Wi-Fi networks and displays them in a list. Touch a
Wi-Fi network in the list to connect. Enter a password if needed.

When a mobile device is out of the range of the Wi-Fi network, it attempts to connect to another Wi-
Fi network in range. If no Wi-Fi networks are in range, the mobile device connects to the cellular
data network. When Wi-Fi is on, it will automatically connect to any Wi-Fi network that it has
connected to previously. If the network is new, the mobile device either displays a list of available
networks that can be used or asks if it should connect to it.

Figure 1. Android Wi-Fi

Fi Settings

Figure 2. iOS Wi-Fi

Fi Settings

Manually Configuring Wi
Wi--Fi Settings
If your mobile device does not prompt to connect to a Wi
Wi-Fi
Fi network, the network SSID broadcast
may be turned off, or the device may not be set to connect automatically. Manually configure the Wi-
Wi-
Fi settings on the mobile device. Remember that SSIDs and passphrases must be typed exactly as
entered on the wireless router setup or the device will not connect properly, as shown in the figure.

To connect to a Wi-Fi
Fi network manually on an Android device, follow these steps:

Step 1. Select Settings > Add network.

Step 2. Enter the network SSID.

Step 3. Touch Security and select a security type.

Step 4. Touch Password and enter the password.

Step 5. Touch Save.

Operating systems for mobile devices are updated frequently and may be customized by the device
manufacturer. The commands listed above may not be exactly the same on your device. There are
online manuals for every type of device, usually accessible from the manufacturer’s web site.

To connect to a Wi-Fi network manually on an iOS device, follow these steps:

Step 1. Select Settings > Wi-Fi > Other.

Step 2. Enter the network SSID.

Step 3. Touch Security and select a security type.

Step 4. Touch Other Network.

Step 5. Touch Password and enter the password.

Step 6. Touch Join.

Configuring Data Settings

Cellular data plans are offered by most cell phone carriers, but the bandwidth limitations and
charges for usage vary widely by carrier and by plan within carrier. As a result, many mobile device
users only use their cellular data plans when Wi-Fi service is not available.

To turn on or off cellular data on an Android device, as shown in Figure 1, use the following path:

Settings > Touch More under Wireless and Networks > Touch Mobile Networks > Touch Data
enabled

To turn on or off cellular data on an iOS device, as shown in Figure 2, use the following path:

Settings > Cellular Data > turn cellular data on or off

Mobile devices are preprogrammed to use a Wi-Fi network for Internet if one is available and the
device can connect to the access point and receive an IP address. If no Wi-Fi network is available,
the device uses the cellular data capability if it is configured. Most of the time, transitions from one
network to another are not obvious to the user. For example, as a mobile device moves from an area
of 4G coverage to 3G coverage, the 4G radio shuts off and turns on the 3G radio. Connections are
not lost during this transition.

Figure 1.

Figure 2.

Simple Connectivity with Bluetooth

Mobile devices connect using many different methods. Cellular and Wi-Fi can be difficult to
configure, and require extra equipment such as towers and access points. Cable connections are
not always practical when connecting headsets or speakers. Bluetooth technology provides a simple
way for mobile devices to connect to each other and to wireless accessories. Bluetooth is wireless,
automatic, and uses very little power, which helps conserve battery life. Up to eight Bluetooth
devices can be connected together at any one time.
 These are some examples of how devices use Bluetooth:

 Hands-free headset - A small earpiece with a microphone used for making and receiving calls, as
shown in Figure 1.
 Keyboard or mouse - A keyboard or mouse can be connected to a mobile device to make input
easier.
 Stereo control - A mobile device can connect to a home or car stereo to play music.
 Car speakerphone - A device that contains a speaker and a microphone used for making and
receiving calls.
 Tethering - A mobile device can connect to another mobile device or computer to share a network
connection, as shown in Figure 2. Tethering can also be performed with a Wi-Fi connection or a
cable connection such as USB.
 Mobile speaker - Portable speakers can connect to mobile devices to provide high-quality audio
without a stereo system.

Figure 1. Bluetooth Headset

Figure 2. Galaxy Nexus Bluetooth Tethering

 Bluetooth Pairing
Bluetooth pairing is when two Bluetooth devices establish a connection to share resources. In order
for the devices to pair, the Bluetooth radios are turned on, and one device begins searching for other
devices. Other devices must be set to discoverable mode, also called visible, so that they can be
detected. When a Bluetooth device is in discoverable mode, it transmits the following information
when another Bluetooth device requests it:

 Name
 Bluetooth class
 Services that the device can use
 Technical information, such as the features or the Bluetooth specification that it supports

During the pairing process, a personal identification number (PIN) may be requested to authenticate
the pairing process, as shown in the figure. The PIN is often a number, but can also be a numeric
code or passkey. The PIN is stored using pairing services, so it does not have to be entered the next
time the device tries to connect. This is convenient when using a headset with a smart phone,
because they are paired automatically when the headset is turned on and within range.

To pair a Bluetooth device with an Android device, follow these steps:

Step 1. Follow the instructions for your device to place it in discoverable mode.

Step 2. Check the instructions for your device to find the connection PIN.

Step 3. Select Settings > Wireless and networks.

Step 4. Touch Bluetooth to turn it on.

Step 5. Touch the Bluetooth tab.

Step 6. Touch Scan for devices.

Step 7. Touch the discovered device to select it.

Step 8. Type the PIN.

Step 9. Touch the device name again to connect to it.

To pair a Bluetooth device with an iOS device, follow these steps:

Step 1. Follow the instructions for your device to place it in discoverable mode.

Step 2. Check the instructions for your device to find the connection PIN.

Step 3. Select Settings > Bluetooth.

Step 4. Touch Bluetooth to turn it on.

Step 5. Touch the discovered device to select it.

Step 6. Type the PIN.

Remember that mobile device operating systems are updated frequently. Always refer to the
manufacturer’s documentation for your specific model device for the latest command reference.

Why Do Hackers Target Wireless LANs?

One of the primary benefits of wireless networking is ease and convenience of connecting devices.
Unfortunately that ease of connectivity and the fact that the information is transmitted through the air
also makes your network vulnerable to interception and attacks, as shown in the figure. Before your
wireless network is installed, it is important to consider how you plan to secure access to it.

With wireless connectivity, the attacker does not need a physical connection to your computer or any
of your devices to access your network. It is possible for an attacker to tune into signals from your
wireless network, much like tuning into a radio station.

The attacker can access your network from any location your wireless signal reaches. After they
have access to your network, they can use your Internet services for free, as well as access
computers on the network to damage files, or steal personal and private information.

These vulnerabilities in wireless networking require special security features and implementation
methods to help protect your WLAN from attacks. These include simple steps performed during
initial setup of the wireless device, as well as more advanced security configurations.
Broadcasting the SSID
One easy way to gain entry to a wireless network is through the network name, or SSID.

All computers connecting to the wireless network must know the SSID. By default, wireless routers
and access points broadcast SSIDs to all computers within the wireless range. With SSID broadcast
activated, as shown in the figure, any wireless client can detect the network and connect to it, if no
other security features are in place.

The SSID broadcast feature can be turned off. When it is turned off, the fact that the network is there
is no longer made public. Any computer trying to connect to the network must already know the
SSID. Turning off SSID broadcast alone does not protect the wireless network from experienced
hackers. The SSID can be determined by capturing and analyzing the wireless packets that are
exchanged between the clients and the access point. Even with SSID broadcasting disabled, it is
possible for someone to get into your network using the well-known default SSID. Additionally, if
other default settings, such as passwords and IP addresses are not changed, attackers can access
an AP and make changes themselves. Default information should be changed to something more
secure and unique.
Changing Default Settings
What are default settings and why are they there? Most wireless access points and routers are
preconfigured with settings such as SSIDs, administrator passwords, and IP addresses in place.
These settings make it easier for the novice user to set up and configure the device in the home LAN
environment. Unfortunately, these defaults can also make it easy for an attacker to identify and
infiltrate a network.

Changing the default settings on a wireless router will not protect your network by itself. For
example, SSIDs are transmitted in plaintext. There are devices that will intercept wireless signals
and read plaintext messages. Even with SSID broadcast turned off and default values changed,
attackers can learn the name of a wireless network through the use of these devices that intercept
wireless signals. This information will be used to connect to the network. It takes a combination of
several methods to protect your WLAN.

Watch the animation to view how a hacker uses a wireless device in an attempt to access a wireless
router.
 Implementing MAC Filtering
One way to limit access to your wireless network is to control exactly which devices can gain access
to your network. As discussed earlier in this chapter, this can be accomplished through filtering of
the MAC address.

MAC Address Filtering

MAC address filtering uses the MAC address to identify which devices are allowed to connect to the
wireless network. When a wireless client attempts to connect, or associate, with an AP it will send
MAC address information. If MAC address filtering is enabled, the wireless router or AP will look up
the connecting client’s MAC address in a preconfigured database. Only devices whose MAC
addresses have been recorded in the router's database will be allowed to connect.

If the MAC address is not located in the database, the device will not be allowed to connect to or
communicate across the wireless network.

There are some issues with this type of security. For example, it requires the MAC addresses of all
devices that should have access to the network be included in the database before connection
attempts occur. A device that is not identified in the database will not be able to connect.
Additionally, it is possible for an attacker's device to clone the MAC address of another device that
has access.

Securing User Authentication

In addition to MAC address filtering, another way to control who can connect to your network is to
implement authentication. Authentication is the process of permitting entry to a network based on a
set of credentials. It is used to verify that the device attempting to connect to the network is trusted.

The use of a username and password is a most common form of authentication. In a wireless
environment, authentication still ensures that the connected host is verified, but handles the
verification process in a slightly different manner. Authentication, if enabled, must occur before the
client is allowed to connect to the WLAN. There are three types of wireless authentication methods:
open authentication, PSK and EAP.

Open Authentication

By default, wireless devices do not require authentication. Any and all clients are able to associate
regardless of what they are, as shown in the figure. This is referred to as open authentication. Open
authentication should only be used on public wireless networks such as those found in many schools
and restaurants. It can also be used on networks where authentication will be done by other means
after a device is connected to the network. The setup utility on many routers disables open
authentication and automatically sets up more secure user authentication on the wireless LAN.

Can I Get In?

After authentication is enabled, regardless of the method used, the client must successfully pass
authentication before it can associate with the AP and join your network. If both authentication and
MAC address filtering are enabled, authentication occurs first.
When authentication is successful, the AP will then check the MAC address against the MAC
address table. When ver
verified,
ified, the AP adds the host MAC address into its host table. The client is
then said to be associated with the AP and can connect to the network.

Watch the animation to view the authentication and association process.

Encryption Techniques for Wireless

Early wireless routers used a form of encryption known as Wired Equivalency Protocol (WEP) to
secure wireless transmissions between clients and access points. The Wired Equivalency Protocol
(WEP) is a security feature that encrypts network traffic as it travels through the air. WEP uses pre-
pre-
configured keys to encrypt and decrypt data. A WEP key is entered as a string of numbers and
letters and is generally 64 bits or 128 bits long. In some cases, WEP supports 256 bit encryption
keys.
However, there are weaknesses within WEP, including the use of a static key on all WEP
WEP-enabled
enabled
devices on the wireless LAN. There are applications available to attackers that can be used to
discover the WEP key. These applications are readily available on the Internet. After the attacker
has extracted the key, they have complete access to all transmitted information.

Watch the animation to see a wireless sniffer obtaining and using the WEP key.

One way to overcome this vulnerability is to change the key frequently. Another way is to use a more
advanced and secure form of encryption known as Wi
Wi-Fi
Fi Protected Access (WPA).

WPA2 also uses encryption keys from 64 bits up to 256 bits. However, WPA2, unlike WEP,
generates new, dynamic keys each time a client establishes a cconnection
onnection with the AP. For this
reason, WPA2 is considered more secure than WEP because it is significantly more difficult to crack.
The version of WPA2 designed for home networks is designated as WPA2
WPA2-PSK.
PSK. The PSK indicates
that this encryption method is based on a pre-shared
shared key, in this case, your configured passphrase.
A Comprehensive Security Plan
It is important to remember that security measures should be planned and configured before
connecting the AP to the network or ISP.

The figure shows some of the more basic security measures including:

• Change default values for the SSID, usernames and passwords

• Disable broadcast SSID

• Configure MAC Address Filtering

More advanced security measures include:

• Configuring encryption using WPA2

• Configuring authentication

• Configuring traffic filtering

Keep in mind that no single security measure will keep your wireless network completely secure.
Combining multiple techniques will strengthen the integrity of your security plan.

When configuring the clients, it is essential that the SSID matches the SSID configured on the AP.
SSIDs are case sensitive, so the character string must match exactly. Additionally, encryption keys
and authentication keys must also match.
What Do They Want?
Whether wired or wireless, computer networks are essential to everyday activities. Individuals and
organizations alike depend on their computers and networks for functions such as email, accounting,
organization and file management. Intrusion by an unauthorized person can result in costly network
outages and loss of work. Attacks to a network can be devastating and can result in a loss of time
and money due to damage or theft of important information or assets.

Intruders can gain access to a network through software vulnerabilities, hardware attacks or even
through less high-tech methods, such as guessing someone's username and password. Intruders
who gain access by modifying software or exploiting software vulnerabilities are often called
hackers.

When the hacker gains access to the network, four types of threat may arise:

• Information theft

• Identity theft

• Data loss / manipulation

• Disruption of service

View the descriptions below the figure for more information.

Information Theft
Breaking into a computer to obtain confidential information. Information can be used or sold for
various purposes. Example: Stealing a organization's proprietary information, such as research and
development information.
Data Loss and Manipulation
Breaking into a computer to destroy or alter data records. Examples of data loss: sending a virus
that reformats a computer's hard drive. Examples of data manipulation: breaking into a records
system to change information, such as the price of an item.

Identity Theft
A form of information theft where personal information is stolen for the purpose of taking over
someone's identity. Using this information, an individual can obtain legal documents, apply for credit,
and make unauthorized online purchases. Identity theft is a growing problem costing billions of
dollars per year.
Disruption of Service
Preventing legitimate users from accessing services to which they should be entitled.

Examples: Denial of Service (DoS) attacks to servers, network devices or network communications
links
Where Do They Come From?
Security threats from network intruders can come from both internal and external sources.

External Threats

External threats arise from individuals working outside of an organization. They do not have
authorized access to the computer systems or network. External attackers work their way into a
network mainly from the Internet, wireless links or dialup access servers.

Internal Threats

An internal threat occurs when someone has authorized access to the network through a user
account or has physical access to the network equipment. The internal attacker knows the internal
politics and people. They often know what information is both valuable and vulnerable and how to
get to it.

However, not all internal attacks are intentional. In some cases, an internal threat can come from a
trustworthy employee who picks up a virus or security threat, while outside the company and
unknowingly brings it into the internal network.

Most companies spend considerable resources defending against external attacks, however, some
of the most damaging incidents are the result of actions by trusted internal users. Lost smart phones
and removable storage devices, misplaced or stolen laptops, and the failure to properly remove data
from devices before disposal are common ways that user data ends up in the hands of the wrong
people.
You Want My Password?
One of the easiest ways for an intruder to gain access, whether internal or external is by exploiting
human behavior. One of the more common methods of exploiting hum
human
an weaknesses is called
social engineering.

Social Engineering

Social engineering is a term that refers to the ability of something or someone to influence the
behavior of a person or group of people. In the context of computer and network security, social
engineering refers to a collection of techniques used to deceive internal users into performing
specific actions or revealing confidential information.

With these techniques, the attacker takes advantage of unsuspecting legitimate users to gain access
to internal resources and private information, such as bank account numbers or passwords.

Social engineering attacks exploit the fact that users are generally considered one of the weakest
links in security. Social engineers can be internal or external to the organization, but most often do
not come face-to-face
face with their victims.
Exploiting User’s Trust
Three of the most common methods hackers use to obtain information directly from authorized users
go by unusual names: Pretexting, phishing, and vishing.

Pretexting

Pretexting is a form of social engineering where an invented scenario (the pretext) is used on a
victim in order to get the victim to release information or perform an action. The target is typically
contacted over the telephone. For Pretexting to be effective, the attacker must be able to establish
legitimacy with the intended target, or victim. This often requires some prior knowledge or research
on the part of the attacker. For example, if an attacker knows the target's social security number,
they may use that information to gain the trust of their target. The target is then more likely to release
further information.

Phishing

Phishing is a form of social engineering where the phisher pretends to represent a legitimate outside
organization. They typically contact the target individual via email or text messaging. The phisher
might ask for verification of information, such as passwords or usernames in order to prevent some
terrible consequence from occurring.

Vishing / Phone Phishing

A new form of social engineering that uses Voice over IP (VoIP) is known as vishing. With vishing,
an unsuspecting user is sent a voice mail instructing them to call a number which appears to be a
legitimate telephone-banking service. The call is then intercepted by a thief. Bank account numbers
or passwords entered over the phone for verification are then stolen.
When Software is the Problem
Social engineering is a common security threat which preys upon human weakness to obtain desired
results.

In addition to social engineering, there are other types of attacks which exploit the vulnerabilities in
computer software. Examples of these attack techniques include: viruses, worms and Trojan horses.
All of these are types of malicious software introduced onto a host. They can damage a system,
destroy data, as well as deny access to networks, systems, or services. They can also forward data
and personal details from unsuspecting PC users to criminals. In many cases, they can replicate
themselves and spread to other hosts connected to the network. Imagine how difficult it would be to
recreate saved files, such as game files, license key files, photographs and videos.

Sometimes these techniques are used in combination with social engineering to trick an
unsuspecting user into executing the attack.

Malicious Programs

Viruses

A virus is a program that spreads by modifying other programs or files. A virus cannot start by itself;
it needs to be activated. When activated, a virus may do nothing more than replicate itself and
spread. Though simple, even this type of virus is dangerous as it can quickly use all available
memory and bring a system to a halt. A more serious virus may be programmed to delete or corrupt
specific files before spreading. Viruses can be transmitted via email, downloaded files, and instant
messages or via CD or USB devices.

Worms

A worm is similar to a virus, but unlike a virus does not need to attach itself to an existing program. A
worm uses the network to send copies of itself to any connected hosts. Worms can run
independently and spread quickly. They do not necessarily require activation or human intervention.
Self-spreading network worms can have a much greater impact than a single virus and can infect
large parts of the Internet quickly.

Trojan Horses

A Trojan horse is a program that is written to appear like a legitimate program, when in fact it is an
attack tool. It cannot replicate itself. A Trojan horse relies upon its legitimate appearance to deceive
the victim into initiating the program. It may be relatively harmless or can contain code that can
damage the contents of the computer's hard drive. Trojans can also create a back door into a
system allowing hackers to gain access.

Click the link below the graphic to complete the activity. Determine which type of attack occurred in
each scenario.
 Disrupting Network Services
Sometimes the goal of an attacker is to shut down the normal operations of a network. This type of
attack is usually carried out with the intent to disrupt the functions of an organization.

Denial of Service (DoS)

DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent
to deny services to intended users. DoS attacks can target end user systems, servers, routers, and
network links.

An attacker uses a DoS attack to perform these functions:

 Flood a system or network with traffic to prevent legitimate network traffic from flowing
 Disrupt connections between a client and server to prevent access to a service

There are several types of DoS attacks. Security administrators need to be aware of the types of
DoS attacks that can occur and ensure that their networks are protected. These are two common
DoS attacks:

 SYN (synchronous) Flooding - a flood of packets are sent to a server requesting a client
connection. The packets contain invalid source IP addresses. The server becomes occupied trying
to respond to these fake requests and therefore cannot respond to legitimate ones.
 Ping of death - a packet that is greater in size than the maximum allowed by IP (65,535 bytes) is
sent to a device. This can cause the receiving system to crash.

Watch the animation of a DoS attack.

Being Overwhelmed by Packets
DoS attacks that are coming from a single IP address can disrupt a web site for a period of time until
the attack can be isolated and defended against. More sophisticated types of attacks can bring web
services offline for much longer lengths of time.

Distributed Denial of Service (DDoS)

DDoS is a more sophisticated and poten

potentially
tially damaging form of the DoS attack. It is designed to
saturate and overwhelm network links with useless data. DDoS operates on a much larger scale
than DoS attacks. Typically hundreds or thousands of attack points attempt to overwhelm a target
simultaneously.
eously. The attack points may be unsuspecting computers that have been previously
infected by the DDoS code. The systems that are infected with the DDoS code attack the target site
when invoked.

Watch the animation below about how a DDoS attack occurs.

Brute Force

Not all attacks that cause network outages are specifically DoS attacks. A Brute force attack is
another type of attack that may result in denial of services.

With brute force attacks, a fast computer is used to try to guess passwords or to dec
decipher
ipher an
encryption code. The attacker tries a large number of possibilities in rapid succession to gain access
or crack the code. Brute force attacks can cause a denial of service due to excessive traffic to a
specific resource or by locking out user acco
accounts.
Spyware is Watching You
Not all attacks do damage or prevent legitimate users from having access to resources. Many
threats are designed to collect information about users which can be used for advertising, marketing
and research purposes. These include spyware, tracking cookies, adware and popups. While these
may not damage a computer, they invade privacy and can be annoying.

Spyware

Spyware is any program that gathers personal information from your computer without your
permission or knowledge. This information is sent to advertisers or others on the Internet and can
include passwords and account numbers.

Spyware is usually installed unknowingly when downloading a file, installing another program or
clicking a popup. It can slow down a computer and make changes to internal settings creating more
vulnerabilities for other threats. In addition, spyware can be very difficult to remove.

Tracking Cookies

Cookies are a form of spyware but are not always bad. They are used to record information about an
Internet user when they visit websites. Cookies may be useful or desirable by allowing
personalization and other time saving techniques. Many web sites require that cookies be enabled in
order to allow the user to connect.

Adware and Popups

Adware

Adware is a form of spyware used to collect information about a user based on websites the user
visits. That information is then used for targeted advertising. Adware is commonly installed by a user
in exchange for a "free" product. When a user opens a browser window, adware can start new
browser instances which attempt to advertise products or services based on a user's surfing
 practices. The unwanted browser windows can open repeatedly, and can make surfing the Internet
very difficult, especially with slow Internet connections. Adware can be very difficult to uninstall.

Popups and pop-unders

Popups and pop-unders are additional advertising windows that display when visiting a web site.
Unlike adware, Popups and pop-unders are not intended to collect information about the user and
are typically associated only with the web-site being visited.

 Popups: open in front of the current browser window.

 Pop-unders: open behind the current browser window.

They can be annoying and usually advertise products or services that are not wanted by the user.

Botnet and Zombies

Another annoying by-product of our increasing reliance on electronic communications is unwanted
bulk email. Sometimes merchants do not want to bother with targeted marketing. They want to send
their email advertising to as many end users as possible hoping that someone is interested in their
product or service. This widely distributed approach to marketing on the Internet is called spam. One
of the major ways that spam can be sent is through the use of a botnet or bot.

"Bot" is derived from the word "robot" which describes how the devices act when they are infected.
Malicious Bot software infects a host, usually through an email or web page link, by downloading
and installing a remote control function. When infected, the “zombie” computer contacts servers
managed by the botnet creator. These servers act as a command and control (C&C) center for an
entire network of compromised devices, or "botnet." Infected machines can often pass the software
to other unprotected devices in their network, increasing the size of the botnet. Some botnet include
many thousands of infected devices.
Bot software programs can also cause security issues on the infected machines. This is because the
installed software may incl
include
ude the ability to log keystrokes, gather passwords, capture and analyze
packets, gather financial information, launch DoS attacks, and relay spam. Bots take advantage of
time zones, often waking up the zombie systems during the idle times in each time zon
zone.
e. Many
users keep their computers always connected to the Internet, even when they are away from home
or sleeping. This creates the perfect environment for botnet creators to use the bandwidth and
processing power of the idle devices.

Watch the animation below to see how spam is propagated.

Security Practices and Procedures
It is never wise to assume that your device or network will not be the next target of an attack. Taking protective
measures can protect you from loss of sensitive or confidential data and can protect your systems from being
damaged or compromised. Security procedures can range from simple, inexpensive tasks such as maintaining
up-to-date software releases, to complex implementations of firewalls and intrusion detection systems.

Some of the most effective security procedures are simple to implement and don’t require extensive technical
knowledge. A username and password are two pieces of information that a user needs to log on to a computer
or application. A BIOS password entry screen is shown in Figure 1, a Windows logon screen is shown in Figure
2, and a network resource password window is shown in Figure 3. When an attacker knows one of these
entries, the attacker needs only to crack or discover the other entry to gain access to the computer system. It is
important to change the default username for accounts such as administrator or guest, because these default
usernames are widely known. Whenever possible, change the default usernames of all users on computers
and network equipment.

Most users select passwords that can be easily guessed or derived from known information about the user –
such as birthdays, their pet’s names, or a favorite sports team. It is important to view passwords as a key to
valuable data and to make them as secure as possible. A password that is actually a passphrase is easy to
remember, but would be more difficult to crack. An example would be “My-pets_name-1s_Ginger”, rather than
just “Ginger”.

Figure 1. BIOS Password Entry Screen

Figure 2. Windows Login Screen

Figure 3. Network Resource Password Window

Security Tools and Applications

Internet security is a major concern around the world. As a result, many tools are available to network users to
protect the devices from attacks and to help remove malicious software from infected machines.

Some of the security tools and applications used in securing a network include:

• Software patches and updates

• Virus protection

• Spyware protection

• Spam blockers

• Popup blockers
• Firewalls

View the descriptions below the figure for more information.

Firewall
A security tool that controls traffic to and from a network.

Spam Filter
Software installed on an enduser workstation or server to identify and remove unwanted emails.

Patches and Updates

Software applied to an OS or application to correct a known security vulnerability or add functionality.
Antispyware
Software installed on an end-user workstation to detect and remove spyware and adware.

Popup Blocker
Software installed on an end-user workstation to prevent popup and pop-under advertisement windows from
displaying.

Antivirus
Software installed on an end-user workstation or server to detect and remove viruses, worms and Trojan
horses from files and email.

Patches and Updates

One of the most common methods that a hacker uses to gain access to hosts and/or networks is through
software vulnerabilities. It is important to keep software applications up-to-date with the latest security patches
and updates to help deter threats. A patch is a small piece of code that fixes a specific problem. An update, on
the other hand, may include additional functionality to the software package as well as patches for specific
issues.

OS (operating system, such as Linux, Windows, etc.) and application vendors continuously provide updates
and security patches that can correct known vulnerabilities in the software. In addition, vendors often release
collections of patches and updates called service packs. Fortunately, many operating systems offer an
automatic update feature that allows OS and application updates to be automatically downloaded and installed
on a host.
Detecting Infections
Even when the OS and applications have all the current patches and updates, they may still be susceptible to
attack. Any device that is connected to a network is susceptible to viruses, worms and Trojan horses. These
may be used to corrupt OS code, affect computer performance, alter applications, and destroy data. So how do
you know if your computer has been infected?

Some of the signs that a virus, worm or Trojan horse may be present include:

• Computer starts acting abnormally

• Program does not respond to mouse and keystrokes

• Programs starting or shutting down on their own

• Email program begins sending out large quantities of email

• CPU usage is very high

• There are unidentifiable, or a large number of processes running

• Computer slows down significantly or crashes

Antivirus Software
Antivirus software can be used as both a preventive tool and as a reactive tool. It prevents infection and
detects, and removes, viruses, worms and Trojan horses. Antivirus software should be installed on all
computers connected to the network.

Antivirus software relies on known “virus signatures” in order to find and prevent new viruses from infecting the
computer. Virus signatures are patterns within the programs that are common to other malicious programs that
have already been identified as harmful. When new virus programs are found on the Internet, the signature files
for the antivirus
s are updated with the new information. It is important to keep virus checker software updated
with the latest signature files in order to protect the system from infection.

Some of the features that can be included in Antivirus programs are:

• Email checking - Scans incoming and outgoing emails, and identifies spam and suspicious attachments

• Resident dynamic scanning - Checks program files and documents when they are accessed

• Scheduled scans - Virus scans can be scheduled to run at regular intervals an

and
d check specific drives or the
entire computer

• Automatic Updates - Checks for, and downloads, known virus characteristics and patterns. Can be scheduled
to check for updates on a regular basis

There are many antivirus programs available. Some are free fr

from
om the manufacturer, others may charge a fee to
download and use the program.

Anti-spam
spam Software
No one likes opening their email and being overwhelmed by unwanted messages. Spam is not only annoying; it
can overload email servers and potentially carry vir
viruses
uses and other security threats. Additionally, people who
send spam may use links within the emails to take control of a host by planting code on it in the form of a virus
or a Trojan horse. The host is then used to send spam mail without the user's knowle
knowledge,
dge, consuming the local
bandwidth and processor resources.

Anti-spam
spam software protects hosts by identifying spam and performing an action, such as placing it into a junk
folder or deleting it. Spam filters can be loaded on individual devices, but can also be loaded on email servers.
In addition, many ISPs offer spam filters. Anti
Anti-spam
spam software does not recognize all spam, so it is important to
open email carefully. It may also accidentally identify wanted email as spam and treat it as such.

Watch the animation

tion to view how spam blocking occurs.
Additional Safeguards
One of the most common types of spam forwarded is a virus warning. While some virus warnings sent via
email are true, a large amount of them are hoaxes and do not really exist. This type of spam can create
problems because people warn others of the impending disaster and so flood the email system. In addition,
network administrators may overreact and waste time investigating a problem that does not exist. Finally, many
of these emails can actually contribute to the spread of viruses, worms and Trojan horses. Before forwarding
virus warning emails, check to see if the virus is a hoax at a trusted source such
as http://www.virusbtn.com/resources/hoaxes/index

In addition to using spam blockers, other actions to prevent the spread of spam include:

• Apply OS and application updates when available.

• Run an antivirus program regularly and keep it up to date.

• Do not forward suspicious emails.

• Do not open email attachments, especially from people you do not know.

• Set up rules in your email to delete spam that bypass the antispam software.

• Identify sources of spam and report it to a network administrator so it can be blocked.

• Report incidents to the governmental agency that deals with abuse by spam.
Antispyware Software
Antispyware and Adware

Spyware and adware can also cause virus-like symptoms. In addition to collecting unauthorized information,
they can use important computer resources and affect performance. Antispyware software detects and deletes
spyware applications, as well as prevents future installations from occurring. Many antispyware applications
also include detection and deletion of cookies and adware. Some antivirus packages include antispyware
functionality.

Popup Blockers

Popup blocking software can be installed to prevent popups and pop-unders. Many web browsers include a
popup blocker feature by default. Note that some programs and web pages create necessary and desirable
popups. Most popup blockers offer an override feature for this purpose.
What is a Firewall?
The term firewall originally referred to a fireproof wall, usually made of stone or metal that prevented flames
from spreading to connected structures. Later the term firewall was applied to the metal sheet that separated
the engine compartment of a vehicle or aircraft from the passenger compartment. Eventually the term was
adapted for use with computer networks: a firewall preve
prevents
nts undesirable traffic from entering protected areas of
the network, as shown in the figure.

A firewall is one of the most effective security tools available for protecting internal network users from external
threats. A firewall is usually installed betw
between
een two or more networks and controls the traffic between them as
well as helps prevent unauthorized access. Firewall products use various techniques for determining what is
permitted or denied access to a network.

Permit or Deny?
Firewalls can be implemented in software which is to be loaded onto PCs, networking devices, or servers.
Firewalls may also be hardware devices that are installed for the single purpose of protecting areas within the
network. A hardware firewall is a freestanding unit that does not use the resources of the computers it is
protecting, so there is no impact on processing performance. The firewall can be configured to block multiple
individual external devices by IP address, to permit or deny packets matching the range of TCP or UDP ports
that you specify, or even traffic specific to an application such as a multiplayer video game.

Typically a hardware firewall passes two different types of traffic into your network:

• Responses to traffic that originates from inside your netwo

network

• Traffic destined for a port that you have intentionally permitted

Additionally, Firewalls often perform Network Address Translation (NAT). NAT translates an internal address or
group of addresses into registered IP addresses that can be sent across ththe
e Internet. This allows internal IP
addresses to be concealed from outside users.

Watch the animation below to view an example of firewall operation.

Allowing in Some Friends
Many home network devices, such as wireless routers, frequently include multmultifunction
ifunction firewall software. This
firewall typically provides Network Address Translation (NAT) in addition to IP, application and website filtering
capabilities. They also support DMZ capabilities, as shown in the figure.

The term demilitarized zone (DMZ) is borrowed from the military, where a DMZ is a designated area between
two powers where military activity is not permitted. In computer networking, a DMZ refers to an area of the
network that is accessible to both internal and external users. It is more secure than the external network but
not as secure as the internal network. With the wireless router, a simple DMZ can be set up that allows an
internal server to be accessible by outside hosts. To accomplish this, the server requires a static IP address
that
hat must be specified in the DMZ configuration. The wireless router isolates traffic destined to the IP address
specified. This traffic is then forwarded only to the switch port where the server is connected. All other hosts are
still protected by the firewall.
wall. Game servers and other devices that need to be accessed directly by users
located on the Internet may need to be configured in the DMZ network.
Port Forwarding
One of the ways that you can permit other users to reach devices on your network through the Internet is a
function called port forwarding. Port forwarding is a rule-based method of directing traffic between devices on
separate networks. This method of exposing your devices to the Internet is much safer than using a DMZ.

When incoming traffic from the Internet reaches your router, the firewall in the router determines if the traffic
should be forwarded to a certain device based on the port number found with the traffic. Port numbers are
associated with specific services, such as FTP, HTTP, HTTPS, and POP3. The rules that you configure in the
firewall settings determine which traffic is permitted on to the LAN. For example, a router might be configured to
forward port 80, which is associated with HTTP. When the router receives a packet with the destination port of
80, the router forwards the traffic to the device inside the network that serves web pages.

The figure shows a single port forwarding rules table.

.
Port Triggering
Playing a game over the Internet may require more than just a data connection between you and the other
players. You may want to talk with your friends, or chat, while playing. In many multiplayer games, a number of
TCP and UDP connections could exist between the players while the game is active. Leaving a large number of
ports open to the Internet can represent a security risk.

Port triggering allows the router to temporarily forward data through inbound TCP or UDP ports to a specific
device. A port triggering rule could state that when data flows out on port 56, forward port 80 traffic. You can
use port triggering to forward data to a computer only when a designated port range is used to make an
outbound request. For example, a video game might use ports 27000 to 27100 for connecting with other
players. These are the trigger ports. A chat client might use port 56 for connecting the same players so that
they can communicate with each other while playing the game. In this instance, if there is gaming traffic (ports
27000 to 27100) on an outbound port within the triggered port range, inbound chat traffic on port 56 is
forwarded to the computer that is being used to play the video game and chat with friends. When the game is
over and the triggered ports are no longer in use, port 56 is no longer allowed to send traffic of any type to this
computer.

The figure shows a port range triggering rules table.

THE END