2-1

v2.1, July 2007

Chapter 2

Safeguarding Your Network

The RangeMax NEXT Wireless Router WNR834B provides highly effective security features

which are covered in detail in this chapter.

This chapter includes:

•

Choosing Appropriate Wireless Security

•

Configuring WEP Wireless Security

•

Configuring WPA-PSK, WPA2-PSK or WPA-PSK+WPA2-PSK Wireless Security

•

Turning Off the Broadcast of Your Wireless Network Name

•

Restricting Wireless Access by MAC Address

•

Changing the Administrator Password

•

Backing Up Your Configuration

•

Understanding Your Firewall

Choosing Appropriate Wireless Security

Unlike wired network data, anyone with a compatible adapter can receive your wireless data

transmissions well beyond your walls. Operating an unsecured wireless network creates an

opportunity for outsiders to eavesdrop on your network traffic or to enter your network to access

your computers and files. For this reason, use the security features of your wireless equipment.

Deploy the security features appropriate to your needs.

Note:

Indoors, computers can connect over 802.11b/g wireless networks at ranges of up

to 300 feet. Such distances can allow for others outside of your immediate area to

access your network.

NETGEAR RangeMax™ NEXT Wireless Router WNR834B User Manual

2-2

Safeguarding Your Network

v2.1, July 2007

There are several ways you can enhance the security of your wireless network. In order of

increasing effectiveness:

•

Turn Off the Broadcast of the Wireless Network Name SSID.

If you disable the broadcast

of the SSID, only devices that know the correct SSID can connect. This nullifies the wireless

network ‘discovery’ feature of some products such as Windows XP, but your data is still fully

exposed to an intruder using available wireless eavesdropping tools.

•

Restrict Access Based on MAC Address.

You can restrict access to only trusted computers

so that unknown computers cannot wirelessly connect to the WNR834B. MAC address

filtering adds an obstacle against unwanted access to your network by the general public, but

the data broadcast over the wireless link is fully exposed. This data includes your trusted MAC

addresses, which can be read and impersonated by a hacker.

•

WEP.

Wired Equivalent Privacy (WEP) data encryption provides moderate data security.

WEP Shared Key authentication and WEP data encryption can be defeated by a determined

eavesdropper using publicly available tools.

•

WPA-PSK

and

WPA2-PSK.

Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and

WPA2-PSK) data encryption provides extremely strong data security, very effectively

blocking eavesdropping. Because WPA and WPA2 are relatively new standards, older wireless

adapters and devices may not support them. Check whether newer drivers are available from

the manufacturer.

•

Turn Off the Wireless LAN.

If you disable the wireless LAN, wireless devices cannot

communicate with the router at all. You might choose to turn off the wireless LAN when you

are away or when other users of your network all use wired connections.

Figure 2-1

NETGEAR RangeMax™ NEXT Wireless Router WNR834B User Manual

Safeguarding Your Network

2-3

v2.1, July 2007

The time it takes to establish a wireless connection can vary depending on both your security

settings and router placement. WEP connections can take slightly longer to establish. Also, WEP,

WPA-PSK and WPA2-PSK encryption can consume more battery power on a notebook computer,

and can cause significant performance degradation with a slow computer. For more details on

wireless security methods, please see

“Wireless Communications” in Appendix B

.

Recommended Security Settings

Stronger security methods can entail a cost in terms of throughput, latency, battery consumption,

and equipment compatibility. In choosing an appropriate security level, you can also consider the

effort versus the reward for a hacker to break into your network. As a minimum, however,

NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured

wireless network unless it is your intention to provide free Internet access for the public.

In addition, be sure to change the administration password of your router. Default passwords are

well-known, and an intruder can use your administrator access to read or disable your security

settings. To change the administrator password, see

“Changing the Administrator Password” on

page 2-14

.

Changing Wireless Security Settings

This section describes the security-related wireless settings. For details on the configuration of the

general wireless settings, see

“Configuring Wireless Settings” on page 1-10

.

To configure the wireless security settings of your router:

1.

Log in to the WNR834B router at its default LAN address of

routerlogin.net

(or

192.168.1.1

) with its default user name of

admin

and default password of

password

, or

using whatever LAN IP address and password you have set up.

2.

From the main menu of the browser interface, under Setup, click Wireless Settings. The

Wireless Settings menu appears.

NETGEAR RangeMax™ NEXT Wireless Router WNR834B User Manual

2-4

Safeguarding Your Network

v2.1, July 2007

The available settings in this menu are:

•

Name (SSID

). The SSID, also known as the wireless network name, is broadcast by the

wireless router so that nearby wireless devices can discover your network. You can disable this

broadcast as described in

“Turning Off the Broadcast of Your Wireless Network Name” on

page 2-10

.

•

Region

. This field identifies the region where the WNR834B can be used.

•

Channel

. This field determines which operating frequency is used.

•

Mode

. This field determines which 802.11 data communications protocol is used.

•

Security Options

. These options are the wireless security features you can enable.

Table 2-1

identifies the basic wireless security options. For a detailed explanation of these standards, see

“Wireless Communications” in Appendix B

.

3.

Click Apply to save your settings.

Figure 2-2

NETGEAR RangeMax™ NEXT Wireless Router WNR834B User Manual

Safeguarding Your Network

2-5

v2.1, July 2007

Balancing performance factors (throughput, latency, battery consumption, and equipment

compatibility) against the value of information on your network, select an appropriate security

level. As a minimum, NETGEAR recommends using WEP with Shared Key authentication.

Note:

The Security Options displayed in this menu may change depending on the

current selection of Wireless Mode.

Table 2-1.

Basic Wireless Security Options

Field

Description

None

No wireless security. Only recommended for troubleshooting wireless connectivity.

WEP

WEP offers the following options:

•

Open System

With Open Network authentication and 64- or 128-bit WEP Data Encryption, the WNR834B

does

perform data encryption but

does not

perform any authentication. Anyone can join the

network. This setting provides very little practical wireless security.

•

Shared Key

With Shared Key authentication, a wireless device must know the WEP key in order to join

the network. Choose the Encryption Strength (64- or 128-bit data encryption). Manually

enter the key values or enter a word or group of printable characters in the Passphrase box.

Manually entered keys

are not

case sensitive but passphrase characters

are

case sensitive.

Note

: Not all wireless adapter configuration utilities support passphrase key generation.

• Auto

The wireless router automatically detects whether Open System or Shared Key is used.

WPA-PSK

WPA2-PSK

WPA-Pre-shared Key

does

perform authentication. WPA-PSK uses TKIP (Temporal Key

Integrity Protocol) data encryption and WPA2-PSK uses AES (Advanced Encryption Standard)

data encryption. Both methods dynamically change the encryption keys making them nearly

impossible to circumvent.

Enter a word or group of printable characters in the Password Phrase box. These characters

are

case sensitive.

Note

: Not all wireless adapter configuration utilities support WPA-PSK and WPA2-PSK.

Furthermore, client software is required on the client. Windows XP Service Pack 2 and

Windows XP Service Pack 1 with WPA patch do include the client software that supports WPA.

However, the wireless adapter hardware and driver must also support WPA.