Network security - protecting PC

Tapping by hacker is an annoying problem when we are on surfing internet.

We have to learn how to hack but shall be used for protection from attack.

Following is tips and some software assisting to protect PC from online tapping.

Often we forget to protect our PC “attacking” from online tapping when we surf the internet.

Many civil people feel enough in protecting its PC with a program a kind of firewall desktop and anti spy firewall.

In fact, still many gap at firewall which you used, can be exploited by online watcher hacking on your PC

Below is a tips to protect PC from internet tapping in a LAN party, W-LAN or home connection as my experience.

Activated your Firewall:

In course of online tapping or infection, usually the first step do by hacker is collect information and data concerning victim to be tapped. Usually hacker use information compiler tools like “ Nmap” ( http://www.insecure.org/nmap), hereinafter hacker will check open port at victim PC and also TCP/IP package sent from PC into Network. This matter to get specific information is called print finger from victim PC.

The others way, hacker usually try to get deeper information by delivering an E-mail bait to victim (victim will open the e-mail through Microsoft Outlook program which integrated in its Windows). From bait E-mail answered, hence hacker directly can check what kind of E-mail software and server client install in victim PC.

A lot of “software bug” site, discuss about weak of E-mail software and server client according to each version, but I’m not talking about that weak at this post.

So how to avoid that attack ?

The way of which you can use as protection early is firewall desktop. If you do not wish to use special firewall or commercial, hence you enough activate personal firewall that found on Windows XP service pack 2. Comprehend firewall application path and activity which you use in order not to harm you.

Ascertaining your pc clear of Virus and Trojan, before install the firewall.
Configure your firewall with carefully in each application requiring to access online and also access sharing file in existing network.

Encrypt the Important Folder and WebMail connection.

After getting information about victim PC, usually hacker can start tapping, it is of course with two important tools that is " Ethereal" and "ARP-Spoofer". With ARP-Spoofer, hacker can take information which pass by victim PC with Gateway Internet access and that information package can be opened with “Ethereal (http://www.ethereal.com)”.

To overcome matter above, we have to encrypt our Webmail connection through https band. Do not use http band, better avoid to use ftp band and telnet, because can be sabotaged by hacker. You can use SSH connection to replace ftp band or the telnet. The existing constraint is there is very rare web server providing https service and the SSH.

One of the common Mail which use HTTPS is GMail. Whereas for the important and confidential folder in the PC better do Encrypt. Its data content with right click on folder that you want to Encrypt, its way open part: Properties – Advanced – Encrypt content to protect data. But this matter can be done if your XP windows system file is use NTFS type. By use NTFS system file, we also can block out to access rights access certain consumer.

Use Good Firewall.

With DNS spoofing, hacker can do deflection instructing PC victim to spurious website. This deflection is easy to do because DNS protocol is not have any security mechanism. This matter can be prevented by using good firewall application.

At firewall nowadays, usually DNS cache keep with elegantly, so when we ever visit to previous website, hence DNS spoofing we can prevent.

Recognize to access autoexec at registry

If hacker have succeeded tap your pc, usually they always prepare backdoor to facilitate hacking access in other opportunity. One of the effort draw up backdoor is by altering victim pc system file. But this matter can be easy to detect to through antivirus program.

The way of more realistic to all hacker by placing Trojan in our PC, then run through one of the "Autoexec" what running with autoexec in other Windows system. In anticipating this matter, which we do with install additional tools “Autorun” from Sysinternalsi (http://www.systernals.com).

With this tool can display lot of autoexec exist in our system. Autoruns also can show signature from autoexec exist in our pc system. If found autoexec entry which unknown and identify as trigger Trojan, hence Autoruns can turn off it. With this tool, we assisted in eliminating against backdoor which is possible left by hacker in our pc.

Besides trick above, to avoid tapping, suggested do not use User Administrator when surf in internet, then arrange your explorer internet security setting to High Level Security setting.

And don't forget to always Update your Windows, especially when newest update improve many Security system on your PC.

Network security - Firewall setting

You probably know that you need firewall security; in fact, you may even already have a firewall management program in place. But what exactly is firewall security, and what does firewall management entail?

The word firewall originally referred literally to a wall, which was constructed to halt the spread of a fire. In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks.

How Does Firewall Management Work?

A firewall management program can be configured one of two basic ways:

* A default-deny policy. The firewall administrator lists the allowed network services, and everything else is denied.
* A default-allow policy. The firewall administrator lists network services which are not allowed, and everything else is accepted.

A default-deny approach to firewall security is by far the more secure, but due to the difficulty in configuring and managing a network in that fashion, many networks instead use the default-allow approach. Let's assume for the moment that your firewall management program utilizes a default-deny policy, and you only have certain services enabled that you want people to be able to use from the Internet. For example, you have a web server which you want the general public to be able to access. What happens next depends on what kind of firewall security you have.

Below is a firewall security script, has been tested with Kerio Personal Firewall, may this rule can accepted to others firewall:

LSA Shell (lsass.exe) -> Ask - Permit - Ask - Ask
Windows NT Logon Application (winlogon.exe) -> Ask - Permit - Ask - Ask (log)
Userinit Logon Application (userinit.exe) -> Ask - Permit - Ask - Ask
Generic Host Process (svchost.exe) -> Ask - Permit - Ask - Ask (log)
Microsoft File & Printer Sharing -> Deny All (For LAN can be: Ask - Permit - Ask - Ask)
Any Other Application -> Deny - Ask - Deny - Ask (log & alert). invisible mode
Internet Browser Application -> ask - deny - deny - permit (log)
Kaspersky AntiVirus/ Kaspersky Internet Security -> ask - deny - deny - permit (log)
FTP Manager Application -> permit - permit - permit - permit (log & alert)
Yahoo Messenger -> deny - ask - deny - permit (log & alert)


Below is the rule script for Filter packet in Ferio Firewall or Tiny firewall and may can accepted to others firewall:

RULE 1
Description: ISP Domain Name Server Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: IP number (Your ISP DNS server)
Port type: Single
Port number: 53
Action PERMIT

RULE 2
Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY

RULE 3
Description: Back Orifice Block (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 54320,54321,31337
Remote Address Type: Any
Port type: Any
Action DENY

RULE 4
Description: Netbus Block (Logged)
Protocol: TCP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 12456,12345,12346,20034
Remote Address Type: Any
Port type: Any
Action DENY

RULE 5
Description: RPCSS (Logged)
Protocol: UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 135
Remote Address Type: Any
Port type: Any
Action DENY

RULE 6
Description: Block Low Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 1
Last port number: 79
Remote Address Type: Any
Port type: Any
Action DENY

RULE 7
Description: Block High Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 5000
Last port number: 65535
Remote Address Type: Any
Port type: Any
Action DENY

RULE 8
Description: Block Outbound Unauthorized Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
Nb: Kaspersky Antivirus 6 & Kaspersky Internet Security 6 usage, the remote port address choose Any)

RULE 9
Description: Block Inbound Unknown Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

RULE 10
Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY

RULE 11
Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY

RULE 12
Description: Out Block Ping and Trace Route ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY

RULE 13
Description: Block Common Ports (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports:
113,79,21,80,443,8080,143,110,25,23,22,42,53,98
Remote Address Type: Any
Port type: Any
Action DENY

RULE 14
Description: Loopback
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: 127.0.0.1
Port type: Any
Action PERMIT

RULE 15
Description: Block Inbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

RULE 16
Description: Block Outbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Port/Range
First Port: 137
Last Port: 139
Action DENY

RULE 17
Description: Bootpc (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 68
Remote Address Type: Any
Port type: Any
Action DENY

RULE 18
Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT

RULE 19
Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT

RULE 20
Description: Internet Explorer-Web browsing (logged)
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => iexplore.exe
Remote Address Type: Any
Port type: Any
List of ports: Any
Action PERMIT

RULE 21
Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT

RULE 22
Description: Yahoo Messenger
Protocol: TCP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => yahoomessenger.exe
Remote Address Type: Any
Port Type: List of ports
List of ports: 443,80,5050
Action PERMIT

RULE 23
Description: Yahoo Messenger
Protocol: UDP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => yahoomessenger.exe
Remote Address Type: Any
Port Type: single
List of ports: 3478
Action PERMIT

RULE 24
Description: Download Manager (logged)
Protocol: TCP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => (your download manager file)
Remote Address Type: Any
Port Type: List of ports
List of ports: 80,21
Action PERMIT


For filter packet setting on Local Area Network (LAN) can added with below rule script to allow NetBIOS access at specific port:

RULE 15a
Description: Trusted Inbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Any
Action PERMIT

RULE 16b
Description: Trusted Outbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT

ROUTER Configuration (part: I)

The first question is, what’s Router ?

Router is A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect.

Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts.

So how to connect between above network?
This posting will explain the mechanism, router basic command and Interior Routing Protocol that we called IRP.

I wrote this based on my tested and implemented at my office using Cisco Router 805 Series since 2002 until now and so far is working well.
TCP/IP Concept: what is tcp/ip ?

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It canbe used as a communications protocol also in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination.
Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.

TCP/IP uses the client/server model of communication in which a computer user requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.)

Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite."

Personal computer users with an analog phone modem connection to the Internet usually get to the Internet through the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP packets so that they can be sent over the dial-up phone connection to an access provider's modem.

Protocols related to TCP/IP include the User Datagram Protocol (UDP), which is used instead of TCP for special purposes. Other protocols are used by network host computers for exchanging router information. These include the Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP), the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).

Routing: what Is Routing?

Routing is a process of moving a packet of data from source to destination. Routing is usually performed by a dedicated device called a router. Routing is a key feature of the Internet because it enables messages to pass from one computer to another and eventually reach the target machine. Each intermediary computer performs routing by passing along the message to the next computer. Part of this process involves analyzing a routing table to determine the best path.

Routing is often confused with bridging, which performs a similar function. The principal difference between the two is that bridging occurs at a lower level and is therefore more of a hardware function whereas routing occurs at a higher level where the software component is more important. And because routing occurs at a higher level, it can perform more complex analysis to determine the optimal path for the packet. Want to know more about routing.

to be continued.....

Cisco router 805 specification

We used this router since 2002 until now.

Cisco 805 Series Serial Router

The Cisco 805 Serial Router offers enhanced network security and reliability through the power of Cisco IOS^® Software technology tailored for small offices.

Figure 1

The Cisco 805 Serial Router gives small offices enhanced security, superior reliability, and safe investment with low cost of ownership.

The Cisco 805 Serial Router extends the power of Cisco IOS Software technology to small offices. Cisco IOS Software offers enhanced security, reliability, and safe investment, combined with low cost of ownership, to enable customers to benefit from increased productivity, simplified communication, and reduced costs (Figure 1). The Cisco 805 Serial Router enables customers to benefit from value-added services such as managed network services, virtual private networks (VPNs), point-of-sale (POS) applications, and secure Internet access.

Benefits of Using Cisco 805 Serial Router

Taking advantage of its expertise and leadership in Internet solutions, Cisco Systems offers solutions for small-office routing solutions that provide secure and reliable access to the Internet or corporate networks.

Enhanced Security

The Cisco 805 Serial Router has enhanced security features such as an integrated stateful firewall and IP Security (IPSec) encryption to enable VPNs. These features allow small offices and telecommuters to conduct business over the Internet while protecting valuable resources.

Superior Reliability

Because the Cisco 805 Serial Router is based on the same proven Cisco IOS Software technology used throughout the Internet, small offices can depend on it just as enterprise customers take advantage of Cisco reliability. In addition, a Cisco 805 Serial Router provides Internet access to multiple users without being tied to a server or dedicated PC. This means if a server on the LAN crashes, other users remain connected to the Internet.

Safe Investment and Low Cost of Ownership

The Cisco 805 Serial Router offers memory options that can be upgraded in the field so the latest networking features can be added when necessary. With an advanced processor and memory architecture, they can support future applications as customer networking needs expand. Table 1 provides a summary of Cisco 805 Serial Router hardware features.

With Cisco IOS Software, customers using the Cisco 805 Serial Router can reduce operational costs for training, management, installation, and deployment.

Table 1 : Summary of Cisco 805 Serial Router Hardware features.

Feature	Details
LAN	One 10BASE-T (RJ-45)
WAN	Serial port compatible with EIA/TIA-232, EIA/TIA-449, EIA/TIA-530, EIA/TIA-530A, X.21, and V.35 standards (Both data terminal equipment [DTE] and data communications equipment [DCE])
Console port	RJ-45
LAN port	One Ethernet

Product Features

Security

To take advantage of the unprecedented opportunities offered by communications and commerce over the Internet, companies need to secure private information. Cisco Secure Integrated Software provides many technologies to build a custom security solution. The elements of security services include perimeter security, identity, monitoring, privacy, firewalls, IPSec encryption, and VPNs.

Standard Security

Perimeter security refers to the control of traffic entry and exit between network boundaries, such as between private networks, intranets, extranets, or the Internet. Cisco IOS Software perimeter security technologies provide a highly flexible, superior solution with features such as:

•Standard and extended access control lists (ACLs)

•Lock and key (dynamic ACLs)

•Router and route authentication, authorization, and accounting (AAA) protocols such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP), and MS-CHAP

•Network Address Translation (NAT) (including multi-NAT)

•Token card authentication with Cisco Secure authentication

NAT eliminates the need to re-address all hosts with existing private network addresses and hides internal addresses from public view. For businesses that want to allow selected access to the network, NAT can be configured to allow only certain types of data requests such as Web browsing, e-mail, or file transfers.

Enhanced Security

•Dynamic firewall—Companies increasingly rely on internal networks and servers to access company data. To use the Internet as a key business tool, companies must connect their internal networks to the Internet, while keeping sensitive internal data secure. Company data can be protected against unauthorized access with stateful firewalls. The integrated Cisco IOS Firewall Feature Set is a stateful firewall that provides:

–Stateful (dynamic) ACLs (application or context based)

–Java blocking

–Denial-of-service attack detection and prevention

–Real-time alerts and audit trails

Dynamic firewalls provide these vital enhanced security features. The term firewall is used by many vendors, but not uniformly referred to as stateful firewalls. Firewalls that are not dynamic do not provide these enhanced security features.

Encryption and Tunneling

The Cisco 805 Serial Router provides IPSec encryption technology to enable small offices and telecommuters to deploy VPNs. IPSec encryption provides privacy, integrity, and authenticity for transmission of sensitive information over the Internet. The unique end-to-end Cisco offering allows customers to implement IPSec encryption transparently into the network without affecting individual PCs. The Cisco 805 Serial Router with IPSec encryption allows significant cost savings by using the Internet to create secure connections between small offices and teleworkers. As a component of the Cisco VPN solution, the Cisco 805 Serial Router supports:

•IPSec tunneling with 128- or 56-bit Data Encryption Standard (DES or Triple DES [3DES])

•Layer 2 Tunneling Protocol (L2TP)

•Generic routing encapsulation (GRE)

Manageability

The Cisco 805 Serial Router supports management by a wide range of platforms and applications. Cisco ConfigMaker (Microsoft) and CiscoView (UNIX) applications provide superior capabilities for configuration and security management, as well as performance and fault monitoring. The Cisco 805 Serial Router supports centralized administration and management using Simple Network Management Protocol (SNMP), Telnet, or local management through the router console port.

Safe Investment

Small offices with limited time, money, and staff need to know their technology investments are safe. Field-expandable DRAM and Flash memory allow small offices to take advantage of new Cisco IOS Software feature enhancements. And because the Cisco 805 Serial Router incorporates an advanced processor and memory architecture, it can support future applications as customer networking needs expand.

Companies using the Cisco 805 Serial Router can take advantage of Cisco industry-leading support options that help to ensure the router stays up and running. These support services include:

•Cisco IOS Software updates in features such as protocol, security, and bandwidth

•Full access to Cisco.com for technical assistance and product information

•Twenty-four-hour access to the industry's largest dedicated technical support staff, with the first 90 days included at no charge

Installation and Configuration Tools

The Cisco 805 Serial Router also supports configuration with the Cisco ConfigMaker application. Cisco ConfigMaker is a software tool designed to configure a small network of Cisco routers, switches, hubs, and other network devices from a single PC using Windows 95, 98, 2000, or NT 4.0. It is designed for resellers and network administrators of small and medium-sized businesses that are proficient in LAN and WAN fundamentals and basic network design.

For additional setup ease, the Cisco 805 Serial Router has color-coded ports and cables to help users make proper connections. Quick Reference Guide documentation provides easy-to-follow installation instructions. Key features and benefits of the Cisco 805 Serial Router are defined in Table 2, and Table 3 lists Cisco 805 Serial Router hardware specifications.

Table 2 Cisco 805 Serial Router Key Features and Benefits

Feature	Benefit
Standard Security
PAP, CHAP, MS-CHAP, and ACLs	•Protects network from unauthorized access
Route and router authentication	•Accepts routing table updates from only known routers, ensuring no corrupt information from unknown sources is received
Enhanced Security
Cisco IOS Firewall feature set	•Offers internal users secure, per-application dynamic ACLs for all traffic across perimeters •Defends and protects router resources against denial-of-service attacks •Checks packet headers and drops suspicious packets •Protects against unidentified, malicious Java applets •Details transactions for reporting on a per-application, per-feature basis
IPSec encryption (DES and 3DES)	•Ensures data integrity and authenticity of origin by using standards-based encryption •Provides security for all users on the LAN without configuring individual PCs
Superior Reliability
Cisco IOS Software technology	•Proven technology that is used throughout the backbone of the Internet
Standalone router	•Provides Internet access to multiple users without being tied to a server or dedicated PC; if one user on the LAN crashes, other users can still access the Internet
Management
Cisco Configmaker, SNMP, Service Assurance (SA) Agent, TACAS+	•Graphical user interface (GUI)-based windows configuration tools for novice users •Remote management and monitoring by way of SNMP or Telnet and local management through console port
Safe Investment
Field-expandable memory	•Allows customers to add features as networking needs expand
Advanced processor and memory architecture	•Ensures the platform can support processor-intensive applications
World-class support	•Helps customers keep their Cisco 805 serial routers running all the time
Low Cost of Ownership
Lower operational costs	•Allows customers to use existing knowledge of Cisco IOS Software for installation and manageability
Bandwidth Optimization
Quality of service (QoS) and Weighted Fair Queuing	•Ensures consistent response times for multiple applications by allocating bandwidth intelligently •Gives the most important applications priority use of the WAN line
Choice of encapsulation (Point-to-Point Protocol [PPP], High-Level Data Link Control [HDLC], Frame Relay)	•Ensures compatibility with existing network
"Snapshot" routing for IP and Internetwork Packet Exchange (IPX)	•Allows efficient use of available bandwidth
X.25 packet data	•Permits data transfer over X.25 networks
Simplified Setup and Installation
NAT	•Lets businesses conserve valuable IP addresses •Reduces time and costs by reducing IP address management
Cisco IOS Software Easy IP	•Enables true mobility-client IP addresses are transparently configured via the Cisco IOS Dynamic Host Control Protocol (DHCP) server each time a client powers up
Color-coded ports and cables and Quick Start Reference Guide	•Helps users make proper connections •Provides easy-to-follow installation instructions

Table 3 Cisco 805 Serial Router Hardware Specification

Feature	Description
10BASE-T Ethernet port	Provides connection to a 10BASE-T (10 Mbps) Ethernet network, compatible with a 10/100-Mbps device
Serial port	Provides connection to EIA/TIA-232, EIA/TIA-449, EIA/TIA-530, EIA/TIA-530A, X.21, and V.35 DTE or DCE
RJ-45 console port	Provides connection to terminal or PC for software configuration and for router troubleshooting
Flash memory	Router provides 4 MB of Flash memory
DRAM	Router provides 8 MB of DRAM1
Ease of installation	Color-coded ports and cables reduce the chance of error
Cisco IOS Software	Router supports a subset of Cisco IOS Software
Cable lock	Provides a way to physically secure router
Locking power connector	Locks power connector in place
Wall-mount feature	Brackets on router bottom provide a way to mount router on wall or vertical surface

Cisco IOS Software Feature Sets

Five Cisco IOS Software feature sets are available on the Cisco 805 Serial Router:

•IP

•IP/Plus

•IP/FW

•IP/VPN

•IP/VPN/IPX/Plus

Technical Specification

Description	Design Specification
Physical Dimensions
Dimensions (H x W x D)	2.0 x 9.7 x 8.3 in. (5.1 x 24.6 x 21.1 cm)
Weight (does not include desktop power supply)	1.5 lb (0.66 kg)
Environmental Operating Ranges
Nonoperating temperature	-4 to 149°F (-20 to 65°C)
Nonoperating humidity	5 to 95%, relative humidity
Nonoperating altitude	0 to 15,000 ft (4570 m)
Operating temperature	32 to 104°F (0 to 40°C)
Operating humidity	10 to 85%, relative humidity
Operating altitude	0 to 10,000 ft (3000m)
Power
AC input voltage	100 to 240 VAC
Frequency	50 to 60 Hz
Power consumption	20W

Regulatory Approvals

Safety Standards	EMI Standards	PTT Standards
UL 1950	CFR 47, part 15, class B	CTR2
CSA 22.2 No. 950	ICES, Issue 2, class B	TC 130
TUV-GS to EN 60950:1992 with Amendments A1 through A4	VCCI class 2	(CE168_X_)
IEC 60950 with Amendments A1 through A4 and all country deviations	AZ/NRZ 3548 class B	JATE
TS-001:1997	EN 55022, IEC 1000-3-3
IEC 1000-4-2 level 4
AS/NZS 3260 with Amendments A1 through A4	IEC 1000-4-3 level 3
IEC 1000-4-4 level 3
EN 300 047	IEC 1000-4-5 level 3
EN 41003
IEEE 802.3