Page 66 / 95 Scroll up to view Page 61 - 65
59
Appendix B:
Important Information for Wireless Products
Wireless-G ADSL Gateway
Appendix B: Wireless Security
Important Information for Wireless Products
Linksys wants to make wireless networking as safe and easy for you as possible. So, please keep the following
points in mind whenever setting up or using your wireless network.
1. Performance.
The actual performance of your wireless network depends on a number of factors, including:
In an Infrastructure environment, your distance from the access point. As you get farther away, the transmission
speed will decrease.
Structural interference. The shape of your building or structure, the type of construction, and the building
materials used may have an adverse impact on signal quality and speed.
The placement and orientation of the wireless devices.
2. Interference.
Any device operating in the 2.4 GHz spectrum may cause network interference with a 802.11b wireless device.
Some devices that may prove troublesome include 2.4 GHz cordless phones, microwave ovens, adjacent public
hotspots, and neighboring 802.11b wireless LANs.
3. Security.
The current generation of Linksys products provide several network security features, but they require specific
action on your part for implementation.
While the following is a complete list, steps A through E should, at least, be followed:
A.
Change the default SSID.
B.
Disable SSID Broadcasts.
C.
Change the default password for the Administrator account.
D.
Enable MAC Address Filtering.
Page 67 / 95
60
Appendix B:
Important Information for Wireless Products
Wireless-G ADSL Gateway
E.
Change the SSID periodically.
F.
Enable WEP 128-bit Encryption. Please note that this will reduce your network performance.
G.
Change the WEP encryption keys periodically.
For information on implementing these security features, please refer to the User Guide.
4. Security Threats Facing Wireless Networks
Wireless networks are easy to find. Hackers know that in order to join a wireless network, wireless networking
products first listen for "beacon messages". These messages are unencrypted and contain much of the
network’s information, such as the network’s SSID (Service Set Identifier) and the IP Address of the network PC
or access point. Here are the steps you can take:
Change the administrator’s password regularly.
With every wireless networking device you use, keep in
mind that network settings (SSID, WEP keys, etc.) are stored in its firmware. Your network administrator is the
only person who can change network settings. If a hacker gets a hold of the administrator’s password, he, too,
can change those settings. So, make it harder for a hacker to get that information. Change the administrator’s
password regularly.
SSID.
There are several things to keep in mind about the SSID:
A.
Disable Broadcast
B.
Make it unique
C.
Change it often
Most wireless networking devices will give you the option of broadcasting the SSID. While this option may be
more convenient, it allows anyone to log into your wireless network. This includes hackers. So, don’t broadcast
the SSID.
Wireless networking products come with a default SSID set by the factory. (The Linksys default SSID is “linksys”.)
Hackers know these defaults and can check these against your network. Change your SSID to something unique
and not something related to your company or the networking products you use.
Change your SSID regularly so that any hackers who have gained access to your wireless network will have start
from the beginning in trying to break in.
Page 68 / 95
61
Appendix B:
Important Information for Wireless Products
Wireless-G ADSL Gateway
MAC Addresses.
Enable MAC Address filtering. MAC Address filtering will allow you to provide access to only
those wireless nodes with certain MAC Addresses. This makes it harder for a hacker to access your network with
a random MAC Address.
WEP Encryption.
Wired Equivalent Privacy (WEP) is often looked upon as a panacea for wireless security
concerns. This is overstating WEP’s ability. Again, this can only provide enough security to make a hacker’s job
more difficult.
There are several ways that WEP can be maximized:
A.
Use the highest level of encryption possible
B.
Use a “Shared” Key
C.
Use multiple WEP keys
D.
Change your WEP key regularly
Implementing encryption will have a negative impact on your network’s performance. If you are transmitting
sensitive data over your network, encryption should be used.
These security recommendations should help keep your mind at ease while you are enjoying the most flexible
and convenient technology Linksys has to offer.
Page 69 / 95
62
Appendix C: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
Introduction
Wireless-G ADSL Gateway
Appendix C: Configuring IPSec between a Windows 2000 or
XP Computer and the Gateway
Introduction
This document demonstrates how to establish a secure IPSec tunnel using preshared keys to join a private
network inside the Gateway and a Windows 2000 or XP computer. You can find detailed information on
configuring the Windows 2000 server at the Microsoft website:
Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000
Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000
Environment
The IP addresses and other specifics mentioned in this appendix are for illustration purposes only.
Windows 2000 or Windows XP
IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example.
Subnet Mask: 255.255.255.0
WAG54G
WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.
Subnet Mask: 255.255.255.0
LAN IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
NOTE:
Keep a record of any changes you make.
Those changes will be identical in the Windows
“secpol” application and the Gateway’s Web-
Based Utility.
Page 70 / 95
63
Appendix C: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
Wireless-G ADSL Gateway
How to Establish a Secure IPSec Tunnel
Step 1: Create an IPSec Policy
1.
Click the
Start
button, select
Run
, and type
secpol.msc
in the
Open
field.
The Local Security Setting screen
will appear as shown in Figure C-1.
2.
Right-click
IP Security Policies on Local Computer
, and click
Create IP Security Policy
.
3.
Click the
Next
button, and then enter a name for your policy (for example, to_Gateway). Then, click
Next
.
4.
Deselect the Activate the default response rule check box, and then click the
Next
button.
5.
Click the
Finish
button, making sure the Edit check box is checked.
Step 2: Build Filter Lists
Filter List 1: win->Gateway
1.
In the new policy’s properties screen, verify that the Rules tab is selected, as shown in Figure C-2. Deselect
the
Use Add Wizard
check box, and click the
Add
button to create a new rule.
2.
Make sure the IP Filter List tab is selected, and click the
Add
button. (See Figure C-3.)
NOTE:
The references in this section to “win” are
references to Windows 2000 and XP.
Figure C-1: Password Screen
Figure C-2: Setup Tab
Figure C-3: IP Filter List Tab

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top