Home » ZyXEL Manuals » Networking » ZyXEL LTE5121 » Manual Viewer

ZyXEL LTE5121 User Guide - Page 60

User Authentication, 8.2.3, Encryption

Get ZyXEL LTE5121 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

Chapter 5 Wireless A good way to come up with effective security keys, passwords and so on is to use obscure information that you personally will easily remember, and to enter it in a way that appears random and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use "70dodchal71vanpoi" as your security key. The following sections introduce different types of wireless security you can set up in the wireless network. 5.8.2.1 SSID Normally, the LTE Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the LTE Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized wireless devices to get the SSID. In addition, unauthorized wireless devices can still see the information that is sent in the wireless network. 5.8.2.2 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. 5.8.2.3 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication. (See Section 5.8.2.2 on page 60 for information about this.) Table 19 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WPA Static WEP WPA-PSK Strongest WPA2-PSK WPA2 60 LTE-5121 User's Guide

Section	Page
LTE5121	1
Contents Overview	3
Table of Contents	5
User’s Guide	13
Introduction	15
1.1 Overview	15
1.2 Applications for the LTE Device	15
1.2.1 Internet Access	15
1.2.2 VoIP Features	16
1.3 The WLAN Button	16
1.4 The WPS Button	16
1.5 Ways to Manage the LTE Device	17
1.6 Good Habits for Managing the LTE Device	17
1.7 LEDs (Lights)	17
1.8 The RESET Button	19
1.9 Wall-mounting Instructions	19
Introducing the Web Configurator	23
2.1 Overview	23
2.1.1 Accessing the Web Configurator	23
2.2 The Web Configurator Layout	25
2.2.1 Title Bar	25
2.2.2 Main Window	25
Technical Reference	27
Connection Status and System Info	29
3.1 Overview	29
3.2 The Connection Status Screen	29
3.3 The System Info Screen	30
Broadband	35
4.1 Overview	35
4.1.1 What You Can Do in this Chapter	35
4.1.2 What You Need to Know	35
4.1.3 Before You Begin	36
4.2 The Broadband Screen	36
4.2.1 Edit Internet Connection	38
4.3 The SIM Screen	39
4.3.1 PUK Code Screen	40
4.4 Technical Reference	41
Wireless	43
5.1 Overview	43
5.1.1 What You Can Do in this Chapter	43
5.1.2 Wireless Network Overview	43
5.1.3 Before You Begin	45
5.2 The Wireless General Screen	45
5.2.1 No Security	47
5.2.2 Basic (Static WEP/Shared WEP Encryption)	47
5.2.3 More Secure (WPA(2)-PSK)	49
5.2.4 WPA(2) Authentication	50
5.3 The More AP Screen	51
5.3.1 Edit More AP	52
5.4 The WPS Screen	53
5.5 The WMM Screen	55
5.6 Scheduling Screen	57
5.7 Channel Status Screen	57
5.8 Technical Reference	58
5.8.1 Additional Wireless Terms	59
5.8.2 Wireless Security Overview	59
5.8.3 Signal Problems	61
5.8.4 BSS	61
5.8.5 MBSSID	62
5.8.6 WiFi Protected Setup (WPS)	62
Home Networking	71
6.1 Overview	71
6.1.1 What You Can Do in this Chapter	71
6.1.2 What You Need To Know	71
6.2 The LAN Setup Screen	74
6.3 The Static DHCP Screen	75
6.3.1 Before You Begin	75
6.4 The UPnP Screen	77
6.5 The File Sharing Screen	77
6.5.1 Before You Begin	78
6.5.2 Add/Edit File Sharing	79
6.6 The Media Server Screen	80
6.7 The Printer Server Screen	81
6.7.1 Before You Begin	81
6.8 Technical Reference	82
6.9 Installing UPnP in Windows Example	86
6.10 Using UPnP in Windows XP Example	89
Static Route	95
7.1 Overview	95
7.2 Configuring Static Route	96
7.2.1 Add/Edit Static Route	97
DNS Route	99
8.1 Overview	99
8.1.1 What You Can Do in this Chapter	99
8.2 The DNS Route Screen	100
8.2.1 Add/Edit DNS Route Edit	100
Quality of Service (QoS)	103
9.1 Overview	103
9.1.1 What You Can Do in this Chapter	103
9.1.2 What You Need to Know	103
9.2 The QoS General Screen	104
9.3 The Queue Setup Screen	105
9.3.1 Add/Edit a QoS Queue	106
9.4 The Class Setup Screen	107
9.4.1 Add/Edit QoS Class	109
9.5 The QoS Monitor Screen	112
9.6 QoS Technical Reference	113
9.6.1 DiffServ	113
Network Address Translation (NAT)	115
10.1 Overview	115
10.1.1 What You Can Do in this Chapter	115
10.1.2 What You Need To Know	115
10.2 The Port Forwarding Screen	116
10.2.1 The Port Forwarding Screen	117
10.2.2 The Port Forwarding Edit Screen	118
10.3 The DMZ Screen	119
10.4 The Sessions Screen	119
10.5 The ALG Screen	120
10.6 Technical Reference	120
10.6.1 NAT Definitions	121
10.6.2 What NAT Does	121
10.6.3 How NAT Works	121
Dynamic DNS	123
11.1 Overview	123
11.1.1 What You Need To Know	123
11.2 The Dynamic DNS Screen	123
Firewall	125
12.1 Overview	125
12.1.1 What You Can Do in this Chapter	125
12.1.2 What You Need to Know	126
12.2 The General Screen	126
12.3 The Services Screen	127
12.3.1 The Add New Services Entry Screen	128
12.4 The Access Control Screen	129
12.4.1 The Add New ACL Rule/Edit Screen	130
12.5 The DoS Screen	131
12.6 Firewall Technical Reference	132
12.6.1 Guidelines For Enhancing Security With Your Firewall	132
12.6.2 Security Considerations	132
MAC Filter	133
13.1 Overview	133
13.1.1 What You Need to Know	133
13.2 The MAC Filter Screen	133
Parental Control	135
14.1 Overview	135
14.2 The Parental Control Screen	135
14.2.1 Add/Edit a Parental Control Rule	136
Certificates	139
15.1 Overview	139
15.1.1 What You Can Do in this Chapter	139
15.1.2 What You Need to Know	139
15.1.3 Verifying a Certificate	140
15.2 Local Certificates	141
15.3 Trusted CA	143
15.4 Trusted CA Import	143
15.5 View Certificate	144
15.6 VPN Certificates	145
15.7 VPN Certificate Import	147
VPN	149
16.1 Overview	149
16.2 The VPN Screen	149
16.3 IPSec VPN: Add	150
16.4 VPN Monitor Screen	155
16.5 Technical Reference	155
16.5.1 IPSec Architecture	156
16.5.2 Encapsulation	156
16.5.3 IKE Phases	157
16.5.4 Negotiation Mode	158
16.5.5 IPSec and NAT	159
16.5.6 VPN, NAT, and NAT Traversal	159
16.5.7 ID Type and Content	160
16.5.8 Pre-Shared Key	161
16.5.9 Diffie-Hellman (DH) Key Groups	161
VoIP	163
17.1 Overview	163
17.1.1 What You Can Do in this Chapter	163
17.1.2 What You Need to Know	163
17.1.3 Before You Begin	164
17.2 The SIP Service Provider Screen	165
17.3 The SIP Account Screen	171
17.3.1 Add/Edit SIP Account	172
17.4 Multiple SIP Accounts	175
17.5 Phone Screen	175
17.5.1 Edit Phone Device	175
17.6 The Phone Region Screen	177
17.7 The Call Rule Screen	177
17.8 Technical Reference	179
17.8.1 VoIP	179
17.8.2 SIP	179
17.8.3 Quality of Service (QoS)	183
17.8.4 Phone Services Overview	184
System Monitor	187
18.1 Overview	187
18.1.1 What You Can Do in this Chapter	187
18.1.2 What You Need To Know	187
18.2 The LTE Status Screen	188
18.3 The System Log Screen	190
18.4 The Phone Log Screen	191
18.5 The VoIP Call History Screen	192
18.6 The WAN Status Screen	192
18.7 The LAN Status Screen	193
18.8 The NAT Status Screen	194
18.9 The VoIP Status Screen	195
User Account	197
19.1 Overview	197
19.2 The User Account Screen	197
Remote MGMT	199
20.1 Overview	199
20.1.1 What You Need to Know	199
20.2 The Remote MGMT Screen	200
SNMP	201
21.1 Overview	201
21.2 The SNMP Screen	201
System	203
22.1 Overview	203
22.1.1 What You Need to Know	203
22.2 The System Screen	203
Time Setting	205
23.1 Overview	205
23.2 The Time Setting Screen	205
Log Setting	207
24.1 Overview	207
24.2 The Log Setting Screen	207
Firmware Upgrade	209
25.1 Overview	209
25.2 The Firmware Upgrade Screen	209
Backup/Restore	211
26.1 Overview	211
26.2 The Backup/Restore Screen	211
26.3 The Reboot Screen	213
Diagnostic	215
27.1 Overview	215
27.2 The Ping/TraceRoute Screen	215
27.3 LTE Diagnostic Screen	216
Troubleshooting	217
28.1 Overview	217
28.2 Power, Hardware Connections, and LEDs	217
28.3 LTE Device Access and Login	218
28.4 Internet Access	220
28.5 Wireless Internet Access	221
28.6 Phone Calls and VoIP	222
28.7 USB Device Connection	222
28.8 UPnP	223
Legal Information	225

Match case Limit results 1 per page

Chapter 5 Wireless

LTE-5121 User’s Guide

A good way to come up with effective security keys, passwords and so on is to use obscure

information that you personally will easily remember, and to enter it in a way that appears random

and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and

her favorite movie is Vanishing Point (which you know was made in 1971) you could use

“70dodchal71vanpoi” as your security key.

The following sections introduce different types of wireless security you can set up in the wireless

network.

5.8.2.1

SSID

Normally, the LTE Device acts like a beacon and regularly broadcasts the SSID in the area. You can

hide the SSID instead, in which case the LTE Device does not broadcast the SSID. In addition, you

should change the default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized wireless

devices to get the SSID. In addition, unauthorized wireless devices can still see the information that

is sent in the wireless network.

5.8.2.2

User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the wireless

network. You can make every user log in to the wireless network before using it. However, every

device in the wireless network has to support IEEE 802.1x to do this.

For wireless networks, you can store the user names and passwords for each user in a RADIUS

server. This is a server used in businesses more than in homes. If you do not have a RADIUS server,

you cannot set up user names and passwords for your users.

Unauthorized wireless devices can still see the information that is sent in the wireless network,

even if they cannot use the wireless network. Furthermore, there are ways for unauthorized

wireless users to get a valid user name and password. Then, they can use that user name and

password to use the wireless network.

5.8.2.3

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of authentication. (See

Section 5.8.2.2

on page 60

for information about this.)

Table 19

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2