Motorola SBG-940 User Guide - Page 22

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License Configuration: Basic Gateway TCP/IP Wireless USB DMZ A de-militarized zone (DMZ) is one or more computers logically located outside the firewall between an SBG940 LAN and the Internet. A DMZ prevents direct access by outside users to private data. For example, you can set up a web server on a DMZ computer to enable outside users to access your website without exposing confidential data on your network. A DMZ can also be useful to play interactive games that may have a problem running through a firewall. You can leave a computer used for gaming only exposed to the Internet while protecting the rest of your network. For more information, see "Gaming Configuration Guidelines". Port Triggering When you run an application that accesses the Internet, it typically initiates communications with a computer on the Internet. For some applications, especially gaming, the computer on the Internet also initiates communications with your computer. Because NAT does not normally allow these incoming connections: • The SBG940 has preconfigured port triggers for common applications. • If needed, you can configure additional port triggers on the Gateway > PORT TRIGGERS - custom Page. Wireless Security Because WLAN data is transmitted using radio signals, it may be possible for an unauthorized person to access your WLAN unless you prevent them from doing so. To prevent unauthorized eavesdropping of data transmitted over your LAN, you must enable wireless security. The default SBG940 settings neither provide security for transmitted data nor protect network data from unauthorized intrusions. The SBG940 provides the following wireless security measures, which are described in "Setting Up Your Wireless LAN": • To prevent unauthorized eavesdropping, you must encrypt data transmitted over the wireless interface using one of: - If all of your wireless clients support Wi-Fi® Protected Access (WPA) encryption, we recommend using WPA (see "Configuring WPA on the SBG940" and "Configuring a Wireless Client for WPA"). - Otherwise, configure a Wired Equivalency Privacy (WEP) key on the SBG940 and each WLAN client (see "Configuring WEP on the SBG940" and "Configuring a Wireless Client for WEP"). • To protect LAN data from unauthorized intrusions, you can restrict WLAN access to computers having one or both of: - Known MAC addresses (see "Configuring a MAC Access Control List on the SBG940") - The same unique network name (ESSID) as the SBG940 (see "Configuring the Wireless Network Name on the SBG940" and "Configuring a Wireless Client with the Network Name (ESSID)") Restricting access to computers having the same network name is also called "disabling ESSID broadcasting" or "enabling closed network operation." SBG940 User Guide 14