2-1

v1.0, June 2008

Chapter 2

Safeguarding Your Network

The Wireless-N Router Model WNR2000 provides highly effective security features, which are

covered in detail in this chapter.

This chapter includes the following sections:

•

“Choosing Appropriate Wireless Security

”

•

“Recording Basic Wireless Settings Setup Information” on page 2-5

•

“Changing Wireless Security Settings” on page 2-6

•

“Viewing Advanced Wireless Settings” on page 2-12

•

“Using Push 'N' Connect (Wi-Fi Protected Setup)” on page 2-13

•

“Restricting Wireless Access by MAC Address” on page 2-19

•

“Changing the Administrator Password” on page 2-21

•

“Backing Up Your Configuration” on page 2-22

•

“Understanding Your Firewall” on page 2-23

Choosing Appropriate Wireless Security

Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive your

wireless data transmissions well beyond your walls. Operating an unsecured wireless network

creates an opportunity for outsiders to eavesdrop on your network traffic or to enter your network

to access your computers and files. Indoors, computers can connect over 802.11g/n wireless

networks at ranges of up to 300 feet. Such distances can allow for others outside your immediate

area to access your network. Use the security features of your wireless equipment that are

appropriate to your needs.

The time it takes to establish a wireless connection can vary depending on both your security

settings and router placement.

Stronger security methods can entail a cost in terms of throughput, latency, battery consumption,

and equipment compatibility. In choosing an appropriate security level, you can also consider the

effort compared to the reward for a hacker to break into your network. As a minimum, however,

NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured

wireless network unless it is your intention to provide free Internet access for the public.

NETGEAR Wireless-N Router WNR2000 User Manual

2-2

Safeguarding Your Network

v1.0, June 2008

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK

encryption can consume more battery power on a notebook computer, and can cause significant

performance degradation with a slow computer.

To configure the wireless network, you can:

•

Manually specify your SSID and your wireless security settings

. The WNR2000 router

provides two screens for configuring the wireless settings:

–

Wireless Settings

. You access these under Setup in the main menu (see

“Viewing Basic

Wireless Settings” on page 2-6

).

–

Advanced Wireless Settings

. You access these under Advanced in the main menu (see

“Viewing Advanced Wireless Settings” on page 2-12

).

Note:

NETGEAR recommends that you change the administration password of your

router. Default passwords are well known, and an intruder can use your

administrator access to read or disable your security settings. For information

about how to change the administrator password, see

“Changing the Administrator

Password” on page 2-21

.

Figure 2-1

WNR2000

1) Open system: easy but no security

2) MAC access list: no data security

3) WEP: security but some performance

impact

4) WPA-PSK: strong security

5) WPA2-PSK: very strong security

Wireless data

security options

Range: up to 300 foot radius

Note:

Use these with other features that enhance security (

Table 2-2 on page 2-4

).

NETGEAR Wireless-N Router WNR2000 User Manual

Safeguarding Your Network

2-3

v1.0, June 2008

•

Use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement WPA/

WPA2 security on both the router and the client device

. If the clients in your network are

WPS capable, you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and

implement WPA/WPA2 security on both the router and the client device (see

“Using Push 'N'

Connect (Wi-Fi Protected Setup)” on page 2-13

).

Basic security options are listed in order of increasing effectiveness in

Table 2-1

. Other features

that affect security are listed in

Table 2-2 on page 2-4

. For more details on wireless security

methods, click the link to the online document

“Wireless Networking Basics” in Appendix B

.

Table 2-1.

Wireless Security Options

Security Type

Description

None

.

No wireless security. Recommended only for

troubleshooting wireless connectivity. Do not run an

unsecured wireless network unless it is your

intention to provide free Internet access for the

public.

WEP

. Wired Equivalent Privacy.

Wired Equivalent Privacy (WEP) data encryption

provides moderate data security. WEP Shared Key

authentication and WEP data encryption can be

defeated by a determined eavesdropper using

publicly available tools.

For more information, see

“Configuring WEP

Wireless Security” on page 2-9

.

WPA-PSK (TKIP)

. WPA-PSK standard encryption

with TKIP encryption type.

WPA2-PSK (AES)

. Wi-Fi Protected Access version 2

with Pre-Shared Key; WPA2-PSK standard

encryption with the AES encryption type.

WPA-PSK (TKIP) + WPA2-PSK (AES)

. Mixed mode.

Wi-Fi Protected Access with Pre-Shared Key (WPA-

PSK and WPA2-PSK) data encryption provides

extremely strong data security, very effectively

blocking eavesdropping. Because WPA and WPA2

are relatively new standards, older wireless adapters

and devices might not support them.

For more information, see

“Configuring WPA-PSK

and WPA2-PSK Wireless Security” on page 2-10

.

NETGEAR Wireless-N Router WNR2000 User Manual

2-4

Safeguarding Your Network

v1.0, June 2008

Table 2-2.

Other Features That Enhance Security

Security Type

Description

Disable the wireless router radio.

If you disable the wireless router radio, wireless

devices cannot communicate with the router at all.

You might disable this when you are away or when

other users of your network all use wired

connections.

For more information, see

“Viewing Advanced

Wireless Settings” on page 2-12

.

Turn off the broadcast of the wireless network

name SSID.

If you disable the broadcast of the SSID, only

devices that know the correct SSID can connect.

This nullifies the wireless network discovery feature

of some products such as Windows XP, but your data

is still fully exposed to an intruder using available

wireless eavesdropping tools.

For more information, see

“Viewing Advanced

Wireless Settings” on page 2-12

.

Restrict access based on MAC address.

You can restrict access to only trusted computers so

that unknown computers cannot wirelessly connect

to the WNR2000 router. MAC address filtering adds

an obstacle against unwanted access to your

network by the general public, but the data broadcast

over the wireless link is fully exposed. This data

includes your trusted MAC addresses, which can be

read and impersonated by a hacker.

For more information, see

“Restricting Wireless

Access by MAC Address” on page 2-19

.

Modify your firewall’s rules.

By default, the firewall allows any outbound traffic

and prohibits any inbound traffic except for

responses to your outbound traffic. However, you

can modify the firewall’s rules.

For more information, see

“Understanding Your

Firewall” on page 2-23

.

Use the Push 'N' Connect feature (Wi-Fi

Protected Setup).

Wi-Fi Protected Setup provides easy setup by

means of a push button. Older wireless adapters and

devices might not support this. Check whether

devices are WPS enabled.

For more information, see

“Using Push 'N' Connect

(Wi-Fi Protected Setup)” on page 2-13

.

NETGEAR Wireless-N Router WNR2000 User Manual

Safeguarding Your Network

2-5

v1.0, June 2008

Recording Basic Wireless Settings Setup Information

Before and after customizing your wireless settings, print this section, and record the following

information. If you are working with an existing wireless network, the person who set up or is

responsible for the network can provide this information. Otherwise, you must choose the settings

for your wireless network. Either way, record the settings for your wireless network in the spaces

provided.

•

Wireless Network Name (SSID)

.

______________________________

The SSID identifies

the wireless network. You can use up to 32 alphanumeric characters. The SSID

is

case-

sensitive. The SSID in the wireless adapter card must match the SSID of the wireless router. In

some configuration utilities (such as in Windows XP), the term “wireless network name” is

used instead of SSID.

•

If

WEP Authentication

is used, circle one:

Open System

,

Shared Key

,

or

Auto

.

–

WEP Encryption Key Size

. Choose one:

64-bit

or

128-bit

. Again, the encryption key

size must be the same for the wireless adapters and the wireless router.

–

Data Encryption (WEP) Keys

. There are two methods for creating WEP data encryption

keys. Whichever method you use, record the key values in the spaces provided.

•

Passphrase Method

. ______________________________ These characters

are

case-sensitive. Enter a word or group of printable characters and click Generate. Not

all wireless devices support the passphrase method.

•

Manual Method

. These values

are not

case-sensitive. For 64-bit WEP, enter 10

hexadecimal digits (any combination of 0–9, a–f, or A–F). For 128-bit WEP, enter

26 hexadecimal digits.

Key 1: ___________________________________

Key 2: ___________________________________

Key 3: ___________________________________

Key 4: ___________________________________

•

If WPA-PSK or WPA2-PSK authentication is used:

Note:

If you select Shared Key, the other devices in the network will not connect

unless they are also set to Shared Key and are configured with the correct key.