NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

2-2

Safeguarding Your Network

v1.0, February 2008

NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured

wireless network unless it is your intention to provide free Internet access for the public.

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK

encryption can consume more battery power on a notebook computer, and can cause significant

performance degradation with a slow computer.

The WNDR3300 router provides two screens for configuring the wireless settings, the basic

Wireless Settings screen, which you access under Setup in the main menu (

“Changing Basic

Wireless Settings” on page 2-5

), and the advanced Wireless Settings screen, which you access

under Advanced (

“Changing Basic Wireless Settings” on page 2-5

).

Basic security options are listed in order of increasing effectiveness in

Table 2-1

. Other features

that affect security are listed in

Table 2-2

. For more details on wireless security methods, click the

link to the online document

“Wireless Networking Basics” in Appendix B

.

Note:

NETGEAR recommends that you change the administration password of your

router. Default passwords are well known, and an intruder can use your

administrator access to read or disable your security settings. For information

about how to change the administrator password, see

“Changing the Administrator

Password” on page 2-19

.

Figure 2-1

WNDR3300

1) Open system: easy but no security

2) MAC access list: no data security

3) WEP: security but some performance

impact

4) WPA-PSK: strong security

5) WPA2-PSK: very strong security

Wireless data

security options

Range: up to 300 foot radius

Note:

Use these with other features that enhance security (

Table 2-2 on page 2-3

).

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

Safeguarding Your Network

2-3

v1.0, February 2008

Table 2-1.

Wireless Security Options

Security Type

Description

None

.

No wireless security. Recommended only for

troubleshooting wireless connectivity. Do not run an

unsecured wireless network unless it is your

intention to provide free Internet access for the

public.

WEP

. Wired Equivalent Privacy.

Wired Equivalent Privacy (WEP) data encryption

provides moderate data security. WEP Shared Key

authentication and WEP data encryption can be

defeated by a determined eavesdropper using

publicly available tools.

For more information, see

“Configuring WEP

Wireless Security” on page 2-8

.

WPA-PSK (TKIP)

. WPA-PSK standard encryption

with TKIP encryption type.

WPA2-PSK (AES)

. Wi-Fi Protected Access version 2

with Pre-Shared Key; WPA2-PSK standard

encryption with the AES encryption type.

WPA-PSK (TKIP) + WPA2-PSK (AES)

. Mixed mode.

Wi-Fi Protected Access with Pre-Shared Key (WPA-

PSK and WPA2-PSK) data encryption provides

extremely strong data security, very effectively

blocking eavesdropping. Because WPA and WPA2

are relatively new standards, older wireless adapters

and devices might not support them.

For more information, see

“Configuring WPA-PSK,

WPA2-PSK, or WPA-PSK+WPA2-PSK Wireless

Security” on page 2-10

.

Table 2-2.

Other Features That Enhance Security

Security Type

Description

Disable the wireless router radio.

If you disable the wireless router radio, wireless

devices cannot communicate with the router at all.

You might disable this when you are away or when

other users of your network all use wired

connections.

For more information, see

“Viewing Advanced

Wireless Settings” on page 2-11

.

Turn off the broadcast of the wireless network

name SSID.

If you disable the broadcast of the SSID, only

devices that know the correct SSID can connect.

This nullifies the wireless network discovery feature

of some products such as Windows XP, but your data

is still fully exposed to an intruder using available

wireless eavesdropping tools.

For more information, see

“Viewing Advanced

Wireless Settings” on page 2-11

.

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

2-4

Safeguarding Your Network

v1.0, February 2008

Recording Basic Wireless Settings Setup Information

Before customizing your wireless settings, print this section, and record the following information.

If you are working with an existing wireless network, the person who set up or is responsible for

the network can provide this information. Otherwise, you must choose the settings for your

wireless network. Either way, record the settings for your wireless network in the spaces provided.

•

11N Wireless Network Name (SSID)

.

______________________________ The SSID

identifies the wireless network. You can use up to 32 alphanumeric characters. The SSID

is

case-sensitive. The SSID in the wireless adapter card must match the SSID of the wireless

router. In some configuration utilities (such as in Windows XP), the term “wireless network

name” is used instead of SSID.

•

11G Wireless Network Name (SSID)

. ______________________________

Restrict access based on MAC address.

You can restrict access to only trusted computers so

that unknown computers cannot wirelessly connect

to the WNDR3300 router. MAC address filtering

adds an obstacle against unwanted access to your

network by the general public, but the data broadcast

over the wireless link is fully exposed. This data

includes your trusted MAC addresses, which can be

read and impersonated by a hacker.

For more information, see

“Restricting Wireless

Access by MAC Address” on page 2-17

.

Modify your firewall’s rules.

By default, the firewall allows any outbound traffic

and prohibits any inbound traffic except for

responses to your outbound traffic. However, you

can modify the firewall’s rules.

For more information, see

“Understanding Your

Firewall” on page 2-21

.

Use WPS (Wi-Fi Protected Setup).

Wi-Fi Protected Setup provides easy setup by

means of a push button. Older wireless adapters and

devices might not support this. Check whether

devices are WPS enabled.

For more information, see

“Using WPS Security (Wi-

Fi Protected Setup)” on page 2-12

.

Table 2-2.

Other Features That Enhance Security (continued)

Security Type

Description

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

Safeguarding Your Network

2-5

v1.0, February 2008

•

If

WEP Authentication

is used, circle one:

Open System

,

Shared Key

, or

Auto

.

–

WEP Encryption Key Size

. Choose one:

64-bit

or

128-bit

. Again, the encryption key

size must be the same for the wireless adapters and the wireless router.

–

Data Encryption (WEP) Keys

. There are two methods for creating WEP data encryption

keys. Whichever method you use, record the key values in the spaces provided.

•

Passphrase Method

. ______________________________ These characters

are

case-sensitive. Enter a word or group of printable characters and click Generate Keys.

Not all wireless devices support the passphrase method.

•

Manual Method

. These values

are not

case-sensitive. For 64-bit WEP, enter 10

hexadecimal digits (any combination of 0–9, A–F, or a–f). For 128-bit WEP, enter 26

hexadecimal digits.

Key 1. ___________________________________

Key 2. ___________________________________

Key 3. ___________________________________

Key 4. ___________________________________

•

If WPA-PSK or WPA2-PSK authentication is used:

–

Passphrase

. ______________________________ These characters

are

case-sensitive.

Enter a word or group of printable characters. When you use WPA-PSK, the other devices

in the network will not connect unless they are also set to WPA-PSK and are configured

with the correct passphrase. Similarly, when you use WPA2-PSK, the other devices in the

network will not connect unless they are also set to WPA2-PSK and are configured with

the correct passphrase.

Use the procedures described in the following sections to configure the WNDR3300 router. Store

this information in a safe place.

Changing Basic Wireless Settings

This section describes the wireless settings that you can view and configure in the Wireless

Settings screen, which you access under Setup in the main menu.

Note:

If you select Shared Key, the other devices in the network will not connect

unless they are also set to Shared Key and are configured with the correct key.

NETGEAR RangeMax™ Dual Band Wireless-N Router WNDR3300 Reference Manual

2-6

Safeguarding Your Network

v1.0, February 2008

Viewing Basic Wireless Settings

To configure the wireless security settings of your router:

1.

Log in to the router as described in

“Logging In to Your Wireless Router” on page 1-2.

2.

Select

Wireless Settings

under Setup in the main menu.

The available settings in this screen are:

•

Name (

11N SSID

)

or

Name (

11G SSID

)

. These are the names of the 11N and 11G

wireless networks.

The SSID is also known as the wireless network name. Enter a value of

up to 32 alphanumeric characters. When more than one wireless network is active,

different wireless network names provide a way to separate the traffic. For a wireless

device to participate in a particular wireless network, it must be configured with the SSID

for that network. The WNDR3300 router default SSID names are:

–

11N SSID.

NETGEAR-DualBand-N

–

11G SSID.

NETGEAR-2.4-G

These SSIDs are broadcast by the router so that nearby wireless devices can discover your

network. You can disable this broadcast as described in

“Viewing Advanced Wireless

Settings” on page 2-11

.

Figure 2-2