61

The

Network Time Protocol

(

NTP

) is an Internet standard protocol that synchronizes

computer clock times on your network. NTP servers transmit

Coordinated Universal

Time

(UTC, also known as

Greenwich Mean Time

) to their client systems. NTP sends

periodic time requests to servers, using the returned time stamp to adjust its clock.

The timestamp will be used to indicate the date and time of each event in log

messages

.

See

http://www.ntp.org

for more general information on NTP.

The following sections describe how to configure the D-Link DWL-2210AP to use a

specified NTP server:

• Navigating to Time Protocol Settings

• Enabling or Disabling a Network Time Protocol (NTP) Server

• Updating Settings

Enabling the Network Time Protocol Server

62

Enabling the Network Time Protocol Server

Navigating to Time Protocol Settings

To enable an

NTP

server, navigate to the

Advanced > Time Protocol

tab, and update the

fields as described below.

63

To configure your access point to use a network time protocol (

NTP

) server, first

enable

the use of NTP, and then select the NTP server you want to use. (To shut down NTP

service on the network, disable NTP on the access point.)

Field Description

Updating Settings

To apply your changes, click

Update

.

Network Time Protocol

NTP provides a way for the access point to obtain and maintain its

time from a server on the network. Using an NTP server gives your

AP the ability to provide the correct time of day in log messages

and session information.

(See

for more general information on NTP.)

Choose to either enable or disable use of a network time protocol

(NTP) server:

• Enabled

• Disabled

NTP Server

If NTP is enabled, select the NTP server you want to use.

You can specify the NTP server by host name or IP address,

although using the IP address is not recommended as these can

change more readily.

Field

Description

Enabling or Disabling a Network Time Protocol (NTP) Server

Enabling the Network Time Protocol Server

64

Configuring Security

The following sections describe how to configure Security settings on the D-Link

DWL-2210AP:

• Understanding Security Issues on Wireless Networks

• How Do I Know Which Security Mode to Use?

• Comparison of Security Modes for Key Management, Authentication and

Encryption Algorithms

• Does Prohibiting the Broadcast SSID Enhance Security?

• Navigating to Security Settings

• Configuring Security Settings

• Broadcast SSID and Security Mode

• Plaintext

• Static WEP

• IEEE 802.1x

• WPA with RADIUS

• WPA-PSK

• Updating Settings

Understanding Security Issues on Wireless Networks

Wireless mediums are inherently less secure than wired mediums. For example, an

Ethernet NIC transmits its packets over a physical medium such as coaxial cable or

twisted pair. A wireless NIC broadcasts radio signals over the air allowing a wireless

LAN to be easily tapped without physical access or sophisticated equipment. A hacker

equipped with a laptop, a wireless NIC, and a bit of knowledge can easily attempt to

compromise your wireless network. One does not even need to be within normal range

of the access point. By using a sophisticated antenna on the client, a hacker may be

able to connect to the network from many miles away.

The D-Link DWL-2210AP provides a number of authentication and encryption schemes

to ensure that your wireless infrastructure is accessed only by the intended users. The

details of each security mode are described in the sections below.

See also the related topic, “Appendix A: Configuring Security Settings on Wireless

Clients” in this manual.

65

How Do I Know Which Security Mode to Use?

In general, we recommend that on your Internal network you use the most robust

security mode that is feasible in your environment. When configuring security on

the access point, you first must choose the security mode, then in some modes an

authentication algorithm, and whether to allow clients not using the specified security

mode to associate.

Wi-Fi Protected Access

(

WPA

) with

Remote Authentication Dial-In User Service

(

RADIUS

) using the CCMP (AES) encryption algorithm provides the best data protection

available and is clearly the best choice if all client stations are equipped with WPA

supplicants. However, backward compatibility or interoperability issues with clients or

even with other access points may require that you configure WPA with RADIUS with a

different encryption algorithm or choose one of the other security modes.

That said, however, security may not be as much of a priority on some types of networks.

If you are simply providing internet and printer access, as on a guest network, plain text

mode (no security) may be the appropriate choice. To prevent clients from accidentally

discovering and connecting to your network, you can disable the broadcast SSID so

that your network name is not advertised. If the network is sufficiently isolated from

access to sensitive information, this may offer enough protection in some situations.

This level of protection is the only one offered for guest networks, and also may be the

right convenience trade-off for other scenarios where the priority is making it as easy

as possible for clients to connect. (See “Does Prohibiting the Broadcast SSID Enhance

Security?” in this manual.)

Following is a brief discussion of what factors make one mode more secure than another,

a description of each mode offered, and when to use each mode.

Comparison of Security Modes for Key Management, Authentication

and Encryption Algorithms

Three major factors that determine the effectiveness of a security protocol are:

• How the protocol manages keys

• Presence or absence of integrated user authentication in the protocol

• Encryption algorithm or formula the protocol uses to encode/decode the data

Configuring Security