Planning Your Wireless Network
Security Threats Facing Wireless Networks
Cisco PVC2300 and WVC2300 Internet Video Cameras with Audio Administration Guide 7
2
Most wireless networking devices will give you the option of broadcasting the
SSID. While this option may be more convenient, it allows anyone to log into your
wireless network. This includes hackers. So, don’t broadcast the SSID.
Wireless networking products come with a default SSID set from the factory. (The
Cisco default SSID is “ciscosb”.) Hackers know these defaults and can check
these against your network. Change your SSID to something unique and not
something related to your company or the networking products you use.
Change your SSID regularly so that any hackers who have gained access to your
wireless network will have to start from the beginning in trying to break in.
MAC Addresses. Enable MAC Address filtering. MAC Address filtering allows you
to provide access to only those wireless nodes with certain MAC Addresses. This
makes it harder for a hacker to access your network with a random MAC Address.
WEP Encryption. Wired Equivalent Privacy (WEP) is often looked upon as a cure-all
for wireless security concerns. This is overstating WEP’s ability. Again, this can
only provide enough security to make a hacker’s job more difficult. There are
several ways that WEP can be maximized:
• Use the highest level of encryption possible
• Use “Shared Key” authentication
• Change your WEP key regularly
WPA/WPA2 Personal. WPA stands for Wi-Fi Protected Access, which is a security
standard stronger than WEP encryption. A network encrypted with WPA/WPA2 is
more secure than a network encrypted with WEP, because WPA/WPA2 uses
dynamic key encryption. To protect the information as it passes over the airwaves,
you should enable the highest level.
WPA/WPA Enterprise. Enterprise refers to using RADIUS server for authentication,
while RADIUS stands for Remote Authentication Dial-In User Service. This type of
authentication requires some advanced expertise because it involves setting up a
RADIUS server for authentication and, in some cases, creation of certificates for
both the RADIUS server and the camera.
If you are using WPA/WPA2 Enterprise security, you will need to upload security
certificates to the camera. Certificates must be in the following format:
• Root certificate: DER encoded binary x.509 (CER/PEM)
• User certificate: Personal Information Exchange (PKCS#12(.PFX))