Page 31 / 134 Scroll up to view Page 26 - 30
2-1
v1.0, June 2008
Chapter 2
Safeguarding Your Network
The Wireless-N Router Model WNR2000 provides highly effective security features, which are
covered in detail in this chapter.
This chapter includes the following sections:
“Choosing Appropriate Wireless Security
“Recording Basic Wireless Settings Setup Information” on page 2-5
“Changing Wireless Security Settings” on page 2-6
“Viewing Advanced Wireless Settings” on page 2-12
“Using Push 'N' Connect (Wi-Fi Protected Setup)” on page 2-13
“Restricting Wireless Access by MAC Address” on page 2-19
“Changing the Administrator Password” on page 2-21
“Backing Up Your Configuration” on page 2-22
“Understanding Your Firewall” on page 2-23
Choosing Appropriate Wireless Security
Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive your
wireless data transmissions well beyond your walls. Operating an unsecured wireless network
creates an opportunity for outsiders to eavesdrop on your network traffic or to enter your network
to access your computers and files. Indoors, computers can connect over 802.11g/n wireless
networks at ranges of up to 300 feet. Such distances can allow for others outside your immediate
area to access your network. Use the security features of your wireless equipment that are
appropriate to your needs.
The time it takes to establish a wireless connection can vary depending on both your security
settings and router placement.
Stronger security methods can entail a cost in terms of throughput, latency, battery consumption,
and equipment compatibility. In choosing an appropriate security level, you can also consider the
effort compared to the reward for a hacker to break into your network. As a minimum, however,
NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured
wireless network unless it is your intention to provide free Internet access for the public.
Page 32 / 134
NETGEAR Wireless-N Router WNR2000 User Manual
2-2
Safeguarding Your Network
v1.0, June 2008
WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK
encryption can consume more battery power on a notebook computer, and can cause significant
performance degradation with a slow computer.
To configure the wireless network, you can:
Manually specify your SSID and your wireless security settings
. The WNR2000 router
provides two screens for configuring the wireless settings:
Wireless Settings
. You access these under Setup in the main menu (see
“Viewing Basic
Wireless Settings” on page 2-6
).
Advanced Wireless Settings
. You access these under Advanced in the main menu (see
“Viewing Advanced Wireless Settings” on page 2-12
).
Note:
NETGEAR recommends that you change the administration password of your
router. Default passwords are well known, and an intruder can use your
administrator access to read or disable your security settings. For information
about how to change the administrator password, see
“Changing the Administrator
Password” on page 2-21
.
Figure 2-1
WNR2000
1) Open system: easy but no security
2) MAC access list: no data security
3) WEP: security but some performance
impact
4) WPA-PSK: strong security
5) WPA2-PSK: very strong security
Wireless data
security options
Range: up to 300 foot radius
Note:
Use these with other features that enhance security (
Table 2-2 on page 2-4
).
Page 33 / 134
NETGEAR Wireless-N Router WNR2000 User Manual
Safeguarding Your Network
2-3
v1.0, June 2008
Use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement WPA/
WPA2 security on both the router and the client device
. If the clients in your network are
WPS capable, you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and
implement WPA/WPA2 security on both the router and the client device (see
“Using Push 'N'
Connect (Wi-Fi Protected Setup)” on page 2-13
).
Basic security options are listed in order of increasing effectiveness in
Table 2-1
. Other features
that affect security are listed in
Table 2-2 on page 2-4
. For more details on wireless security
methods, click the link to the online document
“Wireless Networking Basics” in Appendix B
.
Table 2-1.
Wireless Security Options
Security Type
Description
None
.
No wireless security. Recommended only for
troubleshooting wireless connectivity. Do not run an
unsecured wireless network unless it is your
intention to provide free Internet access for the
public.
WEP
. Wired Equivalent Privacy.
Wired Equivalent Privacy (WEP) data encryption
provides moderate data security. WEP Shared Key
authentication and WEP data encryption can be
defeated by a determined eavesdropper using
publicly available tools.
For more information, see
“Configuring WEP
Wireless Security” on page 2-9
.
WPA-PSK (TKIP)
. WPA-PSK standard encryption
with TKIP encryption type.
WPA2-PSK (AES)
. Wi-Fi Protected Access version 2
with Pre-Shared Key; WPA2-PSK standard
encryption with the AES encryption type.
WPA-PSK (TKIP) + WPA2-PSK (AES)
. Mixed mode.
Wi-Fi Protected Access with Pre-Shared Key (WPA-
PSK and WPA2-PSK) data encryption provides
extremely strong data security, very effectively
blocking eavesdropping. Because WPA and WPA2
are relatively new standards, older wireless adapters
and devices might not support them.
For more information, see
“Configuring WPA-PSK
and WPA2-PSK Wireless Security” on page 2-10
.
Page 34 / 134
NETGEAR Wireless-N Router WNR2000 User Manual
2-4
Safeguarding Your Network
v1.0, June 2008
Table 2-2.
Other Features That Enhance Security
Security Type
Description
Disable the wireless router radio.
If you disable the wireless router radio, wireless
devices cannot communicate with the router at all.
You might disable this when you are away or when
other users of your network all use wired
connections.
For more information, see
“Viewing Advanced
Wireless Settings” on page 2-12
.
Turn off the broadcast of the wireless network
name SSID.
If you disable the broadcast of the SSID, only
devices that know the correct SSID can connect.
This nullifies the wireless network discovery feature
of some products such as Windows XP, but your data
is still fully exposed to an intruder using available
wireless eavesdropping tools.
For more information, see
“Viewing Advanced
Wireless Settings” on page 2-12
.
Restrict access based on MAC address.
You can restrict access to only trusted computers so
that unknown computers cannot wirelessly connect
to the WNR2000 router. MAC address filtering adds
an obstacle against unwanted access to your
network by the general public, but the data broadcast
over the wireless link is fully exposed. This data
includes your trusted MAC addresses, which can be
read and impersonated by a hacker.
For more information, see
“Restricting Wireless
Access by MAC Address” on page 2-19
.
Modify your firewall’s rules.
By default, the firewall allows any outbound traffic
and prohibits any inbound traffic except for
responses to your outbound traffic. However, you
can modify the firewall’s rules.
For more information, see
“Understanding Your
Firewall” on page 2-23
.
Use the Push 'N' Connect feature (Wi-Fi
Protected Setup).
Wi-Fi Protected Setup provides easy setup by
means of a push button. Older wireless adapters and
devices might not support this. Check whether
devices are WPS enabled.
For more information, see
“Using Push 'N' Connect
(Wi-Fi Protected Setup)” on page 2-13
.
Page 35 / 134
NETGEAR Wireless-N Router WNR2000 User Manual
Safeguarding Your Network
2-5
v1.0, June 2008
Recording Basic Wireless Settings Setup Information
Before and after customizing your wireless settings, print this section, and record the following
information. If you are working with an existing wireless network, the person who set up or is
responsible for the network can provide this information. Otherwise, you must choose the settings
for your wireless network. Either way, record the settings for your wireless network in the spaces
provided.
Wireless Network Name (SSID)
.
______________________________
The SSID identifies
the wireless network. You can use up to 32 alphanumeric characters. The SSID
is
case-
sensitive. The SSID in the wireless adapter card must match the SSID of the wireless router. In
some configuration utilities (such as in Windows XP), the term “wireless network name” is
used instead of SSID.
If
WEP Authentication
is used, circle one:
Open System
,
Shared Key
,
or
Auto
.
WEP Encryption Key Size
. Choose one:
64-bit
or
128-bit
. Again, the encryption key
size must be the same for the wireless adapters and the wireless router.
Data Encryption (WEP) Keys
. There are two methods for creating WEP data encryption
keys. Whichever method you use, record the key values in the spaces provided.
Passphrase Method
. ______________________________ These characters
are
case-sensitive. Enter a word or group of printable characters and click Generate. Not
all wireless devices support the passphrase method.
Manual Method
. These values
are not
case-sensitive. For 64-bit WEP, enter 10
hexadecimal digits (any combination of 0–9, a–f, or A–F). For 128-bit WEP, enter
26 hexadecimal digits.
Key 1: ___________________________________
Key 2: ___________________________________
Key 3: ___________________________________
Key 4: ___________________________________
If WPA-PSK or WPA2-PSK authentication is used:
Note:
If you select Shared Key, the other devices in the network will not connect
unless they are also set to Shared Key and are configured with the correct key.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top