11.3.3. Wireless Router
A wireless router is used to create and maintain a separate network segment that consists of mobile hardware devices with built-in wireless network adapters. It has a built-in network switch (switch). It provides Ethernet client connectivity or is used to connect and create a network of multiple wireless routers. Wireless routers have a built-in firewall (network firewall) that protects the wireless network from unwanted intrusions.
Required for routers are 256-bit AES encryption, support for WEP, WPA and WPA2 or NAT and SPI protocols. Wireless routers support 802.11a, b, g, n, or a combination of these. In the rest, they implement functions similar to the functions of wireless access points. Such devices help to securely protect the email address, usernames and passwords, e-mail messages, web-based passwords, visited web pages, instant messaging IM (Internet Message), VOIP, FTP.
To simplify the wireless security configuration process, the routers use WPS (Wi-Fi Protected Setup) technology. It allows you to quickly configure a secure connection on each of the wireless mobile clients without special knowledge. WPS automatically identifies the network name and sets the encryption to protect against unauthorized access to the local wireless network.
All parameters are transferred from the router to the controller on a special request, which can be performed in two ways. Firstly, by pressing the WPS button, also called QSS (Quick Secure Setup), which is located on the case of the router. This includes a feature that allows you to quickly and easily provide the required level of security connected to the router mobile devices that have wireless communication modules. By the way, in some controllers there is the same button. If it does not exist, it is most likely available in the wireless control panel.
Secondly, a request for security parameters can be sent using the eight-digit PIN code generated by the controller in the control panel.
For example, a WNDR3700 router with simultaneous support of two bands on eight antennas, with a 32-bit processor with a frequency of 680 MHz, capable of processing several simultaneous sessions, can create up to four networks with different SSIDs, perform remote management over the Internet, broadcasting to ReadyDLNA devices, and monitoring WAN traffic. It also implements the QoS function.
Many routers implement the function of a firewall, or a firewall. For example, the TP-Link TL-WR841ND has a built-in SPI (Stateful Packet Inspection) firewall that can be supplemented and modified by the user himself.
A firewall is also called a firewall and a firewall (it's brandmauer). It filters data packets by their IP addresses. Incoming and outgoing traffic is filtered through the enterprise information network. In this case, sets of rules are used to test network packets when they enter or leave a network connection. The screen on the basis of these rules allows or blocks the passage of traffic.
Firewall rules can verify one or more of the characteristics of packets, which include the type of protocol, the IP address of the source or destination network terminal, the source or destination port address. Most modern firewalls already contain presets by default, and also have a learning function. When a package with unknown characteristics appears, the device asks what to do with it. In automatic configuration mode, it itself determines the type of network connection and encapsulation of packets, and also eliminates possible IP address conflicts.
Firewalls are used to provide:
- protection and isolation of applications, services and computers in the internal network of the enterprise from unwanted traffic coming from the Internet;
- restrictions or prohibitions of access from the internal network of the enterprise to services of external networks, including the Internet;
- supports the network address translation (NAT) used in TCP/IP networks. The most popular SNAT mechanism converts the source address when passing a packet to one side and replaces the destination address with the reverse one in the response packet. The source and destination port numbers can also be changed. The address translation mechanism allows you to use internal IP addresses on the internal network and share one Internet connection} '. Usually, a dedicated IP address is used for this.
Both hardware devices and programs can serve as firewalls, and they do not compete, but complement each other. So, the hardware firewall is oriented to IP-addresses and ports of incoming packets. It successfully repels a DDOS and DoS attack or an attempt to connect a forbidden port to the enterprise network. The e-mail filtering task is successfully solved by the software screen. Many firewalls that contain a router and ADSL modem can function in the bridge mode.
The popular Internet screen is Cisco's Cisco (cisco.dcmos.su), which is characterized by high security and ease of use. PIX can completely hide the company's internal network from external threats, providing complete security, and also prevents unauthorized users from accessing internal network resources.
The Cisco PIX firewall supports more than 64,000 simultaneous connections and provides support for up to several thousand users without sacrificing performance. A fully loaded PIX network screen has a bandwidth of up to 170 Mbps, which is significantly larger than any network screen based on UNIX or Microsoft Windows NT.