WNHDE111 5GHz Wireless-N HD Access Point/Bridge User Manual

3-8

Making Changes

v1.1, May 2008

4-1

v1.1, May 2008

Chapter 4

Securing My Wireless

The 5 GHz Wireless-N HD Access Point/Bridge WNHDE111 provides highly effective security

features, which are covered in detail in this chapter.

This chapter includes the following sections:

•

“Choosing Appropriate Wireless Security” on page 4-1

•

“Changing Wireless Security Settings” on page 4-4

•

“Viewing Advanced Wireless Settings” on page 4-6

•

“Using Push 'N' Connect (Wi-Fi Protected Setup)” on page 4-7

•

“Enabling Wireless Isolation” on page 4-10

•

“Restricting Wireless Access by MAC Address” on page 4-11

•

“Changing the Administrator Password” on page 4-12

Choosing Appropriate Wireless Security

Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive your

wireless data transmissions well beyond your walls. Operating an unsecured wireless network

creates an opportunity for outsiders to eavesdrop on your network traffic or to enter your network

to access your computers and files. Indoors, computers can connect over 802.11n/a wireless

networks at ranges of up to 500 feet. Such distances can allow for others outside your immediate

area to access your network. Use the security features of your wireless equipment that are

appropriate to your needs.

The time it takes to establish a wireless connection can vary depending on both your security

settings and router placement.

Stronger security methods can entail a cost in terms of throughput, latency, battery consumption,

and equipment compatibility. In choosing an appropriate security level, you can also consider the

effort compared to the reward for a hacker to break into your network. As a minimum, however,

NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured

wireless network unless it is your intention to provide free Internet access for the public.

WNHDE111 5GHz Wireless-N HD Access Point/Bridge User Manual

4-2

Securing My Wireless

v1.1, May 2008

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK

encryption can consume more battery power on a notebook computer, and can cause significant

performance degradation with a slow computer.

To configure the wireless network, you can:

•

Manually specify your SSID and your wireless security settings

. The Wireless-N

AccessPoint/Bridge provides two screens for configuring the wireless settings: the basic

Wireless Settings screen, which you access under Setup in the main menu, and the Advanced

Wireless Settings screen.

•

Use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement

WPA/WPA2 security on both the router and the client device

. If the clients in your network

are WPS capable, you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and

implement WPA/WPA2 security on both the bridge and the client device.

Figure 4-1

WNHDE111

1) Open system: easy but no security

2) MAC access list: no data security

3) WEP: security but some performance

impact

4) WPA-PSK: strong security

5) WPA2-PSK: very strong security

Wireless data

security options

Range: up to 500 foot radius

Note:

Use these with other features that enhance security (

Table 4-2 on page 4-3

).

WNHDE111 5GHz Wireless-N HD Access Point/Bridge User Manual

Securing My Wireless

4-3

v1.1, May 2008

Basic security options are listed in order of increasing effectiveness below. For more details on

wireless security methods,

“Wireless Networking Basics” in Appendix B

.

Table 4-1.

Wireless Security Options

Security Type

Description

None

.

No wireless security. Recommended only for troubleshooting wireless

connectivity. Do not run an unsecured wireless network unless it is your

intention to provide free Internet access for the public.

WEP

. Wired Equivalent Privacy.

For more information, see

“Con-

figuring WEP Wireless Security”

on page 4-5

.

Wired Equivalent Privacy (WEP) data encryption provides moderate

data security. WEP Shared Key authentication and WEP data encryption

can be defeated by a determined eavesdropper using publicly available

tools.

WPA-PSK (TKIP)

.

WPA2-PSK (AES)

.

WPA-PSK (TKIP) + WPA2-PSK

(AES)

. Mixed mode.

For more information, see

“Con-

figuring WPA Wireless Security”

on page 4-6

.

Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and WPA2-

PSK) data encryption provides extremely strong data security, very

effectively blocking eavesdropping. Because WPA and WPA2 are

relatively new standards, older wireless adapters and devices might not

support them.

Table 4-2.

Other Features That Enhance Security

Security Type

Description

Turn off the broadcast of the

wireless network name SSID.

For more information, see

“View-

ing Advanced Wireless Settings”

on page 4-6

.

If you disable the broadcast of the SSID, only devices that know the

correct SSID can connect. This nullifies the wireless network discovery

feature of some products such as Windows XP, but your data is still fully

exposed to an intruder using available wireless eavesdropping tools.

Restrict access based on MAC

address.

For more information,

see

“Restricting Wireless Access

by MAC Address” on page 4-11

.

You can restrict access to only trusted computers so that unknown

computers cannot wirelessly connect to the Wireless-N AccessPoint/

Bridge. MAC address filtering adds an obstacle against unwanted access

to your network by the general public, but the data broadcast over the

wireless link is fully exposed. This data includes your trusted MAC

addresses, which can be read and impersonated by a hacker.

Use the Push 'N' Connect

feature (Wi-Fi Protected

Setup).

For more information,

see

“Using Push 'N' Connect

(Wi-Fi Protected Setup)” on

page 4-7

.

Wi-Fi Protected Setup provides easy setup by means of a push button.

Older wireless adapters and devices might not support this. Check

whether devices are WPS enabled.

WNHDE111 5GHz Wireless-N HD Access Point/Bridge User Manual

4-4

Securing My Wireless

v1.1, May 2008

Changing Wireless Security Settings

This section describes the wireless settings that you can view and configure in the Wireless

Settings screen, which you access under Setup in the main menu.

Viewing Basic Wireless Settings

To specify the wireless security settings of your router:

1.

Log in to the router as described in

“Viewing or Changing Settings” on page 3-1.

2.

Select

Wireless Settings

under Setup in the main menu.

The available settings in this screen are:

•

Wireless Network Name (SSID)

. Enter a value of up to 32 alphanumeric characters. When

more than one wireless network is active, different wireless network names provide a way to

separate the traffic. For a wireless device to participate in a particular wireless network, it must

be configured with the SSID for that network. The default SSID is

NETGEAR-HD

.

•

802.11 Mode

. You can choose from: Mixed 802.11n and 802.11a; 802.11n only; or 802.11a

only.

Figure 4-2