Wireless-G Router WGR614v9 Reference Manual

2-2

Safeguarding Your Network

v1.1, May 2008

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK

encryption can consume more battery power on a notebook computer, and can cause significant

performance degradation with a slow computer.

The Wireless-G Router provides two screens for configuring the wireless settings: the basic

Wireless Settings screen, which you access under Setup in the main menu (see

“Changing Wireless

Security Settings” on page 2-5

), and the Advanced Wireless Settings screen, which you access

under Advanced (see

“Changing Wireless Security Settings” on page 2-5

).

Basic security options are listed in order of increasing effectiveness in

Table 2-1

below. Other

features that affect security are listed in

Table 2-2 on page 2-3

. For more details on wireless

security methods, see the online document

“Wireless Networking Basics” in Appendix B

.

Note:

NETGEAR recommends that you change the administration password of your

router. Default passwords are well known, and an intruder can use your

administrator access to read or disable your security settings. For information

about how to change the administrator password, see

“Changing the Administrator

Password” on page 2-14

.

Figure 2-1

WGR614v9

1) Open system: easy but no security

2) MAC access list: no data security

3) WEP: security but some performance

impact

4) WPA-PSK: strong security

5) WPA2-PSK: very strong security

Wireless data

security options

Range: up to 300 foot radius

Note:

Use these with other features that enhance security (

Table 2-2 on page 2-3

).

Wireless-G Router WGR614v9 Reference Manual

Safeguarding Your Network

2-3

v1.1, May 2008

Table 2-1.

Wireless Security Options

Security Type

Description

None

.

No wireless security. Recommended only for

troubleshooting wireless connectivity. Do not run an

unsecured wireless network unless it is your

intention to provide free Internet access for the

public.

WEP

. Wired Equivalent Privacy.

Wired Equivalent Privacy (WEP) data encryption

provides moderate data security. WEP Shared Key

authentication and WEP data encryption can be

defeated by a determined eavesdropper using

publicly available tools.

For more information, see

“Configuring WEP

Wireless Security” on page 2-7

.

WPA-PSK (TKIP)

. WPA-PSK standard encryption

with TKIP encryption type.

WPA2-PSK (AES)

. Wi-Fi Protected Access version 2

with Pre-Shared Key; WPA2-PSK standard

encryption with the AES encryption type.

WPA-PSK (TKIP) + WPA2-PSK (AES)

. Mixed mode.

Wi-Fi Protected Access with Pre-Shared Key (WPA-

PSK and WPA2-PSK) data encryption provides

extremely strong data security, very effectively

blocking eavesdropping. Because WPA and WPA2

are relatively new standards, older wireless adapters

and devices might not support them.

For more information, see

“Configuring WPA-PSK

and WPA2-PSK Wireless Security” on page 2-9

.

Table 2-2.

Other Features That Enhance Security

Security Type

Description

Disable the wireless router radio.

If you disable the wireless router radio, wireless

devices cannot communicate with the router at all.

You might disable this when you are away or when

other users of your network all use wired

connections.

For more information, see

“Viewing Advanced

Wireless Settings” on page 2-10

.

Turn off the broadcast of the wireless network

name SSID.

If you disable the broadcast of the SSID, only

devices that know the correct SSID can connect.

This nullifies the wireless network discovery feature

of some products such as Windows XP, but your data

is still fully exposed to an intruder using available

wireless eavesdropping tools.

For more information, see

“Viewing Advanced

Wireless Settings” on page 2-10

.

Wireless-G Router WGR614v9 Reference Manual

2-4

Safeguarding Your Network

v1.1, May 2008

Recording Basic Wireless Settings Setup Information

Before customizing your wireless settings, print this section, and record the following information.

If you are working with an existing wireless network, the person who set up or is responsible for

the network can provide this information. Otherwise, you must choose the settings for your

wireless network. Either way, record the settings for your wireless network in the spaces provided.

•

Wireless Network Name (SSID)

.

______________________________

The SSID identifies

the wireless network. You can use up to 32 alphanumeric characters. The SSID

is

case-

sensitive. The SSID in the wireless adapter card must match the SSID of the wireless router. In

some configuration utilities (such as in Windows XP), the term “wireless network name” is

used instead of SSID.

•

If

WEP Authentication

is used, circle one:

Open System

,

Shared Key

,

or

Auto

.

–

WEP Encryption Key Size

. Choose one:

64-bit

or

128-bit

. Again, the encryption key

size must be the same for the wireless adapters and the wireless router.

Restrict access based on MAC address.

You can restrict access to only trusted computers so

that unknown computers cannot wirelessly connect

to the Wireless-G Router. MAC address filtering

adds an obstacle against unwanted access to your

network by the general public, but the data broadcast

over the wireless link is fully exposed. This data

includes your trusted MAC addresses, which can be

read and impersonated by a hacker.

For more information, see

“Restricting Wireless

Access by MAC Address” on page 2-11

.

Modify your firewall’s rules.

By default, the firewall allows any outbound traffic

and prohibits any inbound traffic except for

responses to your outbound traffic. However, you

can modify the firewall’s rules.

For more information, see

“Understanding Your

Firewall” on page 2-15

.

Note:

If you select Shared Key, the other devices in the network will not connect

unless they are also set to Shared Key and are configured with the correct key.

Table 2-2.

Other Features That Enhance Security

Security Type

Description

Wireless-G Router WGR614v9 Reference Manual

Safeguarding Your Network

2-5

v1.1, May 2008

–

Data Encryption (WEP) Keys

. There are two methods for creating WEP data encryption

keys. Whichever method you use, record the key values in the spaces provided.

•

Passphrase Method

. ______________________________ These characters

are

case-sensitive. Enter a word or group of printable characters and click Generate. Not

all wireless devices support the passphrase method.

•

Manual Method

. These values

are not

case-sensitive. For 64-bit WEP, enter 10

hexadecimal digits (any combination of 0–9, a–f, or A–F). For 128-bit WEP, enter

26 hexadecimal digits.

Key 1: ___________________________________

Key 2: ___________________________________

Key 3: ___________________________________

Key 4: ___________________________________

•

If WPA-PSK or WPA2-PSK authentication is used:

–

Passphrase

. ______________________________ These characters

are

case-sensitive.

Enter a word or group of printable characters. When you use WPA-PSK, the other devices

in the network will not connect unless they are also set to WPA-PSK and are configured

with the correct passphrase. Similarly, when you use WPA2-PSK, the other devices in the

network will not connect unless they are also set to WPA2-PSK and are configured with

the correct passphrase.

Use the procedures described in the following sections to specify the Wireless-G Router. Store this

information in a safe place.

Changing Wireless Security Settings

This section describes the wireless settings that you can view and configure in the Wireless

Settings screen, which you access under Setup in the main menu.

Viewing Basic Wireless Settings

To specify the wireless security settings of your router:

1.

Log in to the router as described in

“Logging In to Your Wireless Router” on page 1-2.

2.

Select

Wireless Settings

under Setup in the main menu.

Wireless-G Router WGR614v9 Reference Manual

2-6

Safeguarding Your Network

v1.1, May 2008

The available settings in this screen are:

•

Name (SSID)

. The SSID is also known as the wireless network name. Enter a value of up to

32 alphanumeric characters. When more than one wireless network is active, different wireless

network names provide a way to separate the traffic. For a wireless device to participate in a

particular wireless network, it must be configured with the SSID for that network. The

WGR614v9 default SSID is

NETGEAR

. You can disable this broadcast as described in

“Viewing Advanced Wireless Settings” on page 2-10

.

•

Region

. This field identifies the region where the Wireless-G Router can be used. It might not

be legal to operate the wireless features of the wireless router in a region other than one of

those identified in this field.

Figure 2-2

Note:

The region selection feature might not be available in all countries.