Home » ZyXEL Manuals » Networking » ZyXEL MAX-306 » Manual Viewer

ZyXEL MAX-306 User Guide - Page 279

WiMAX Security

Get ZyXEL MAX-306 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 279 highlights

APPENDIX A WiMAX Security Wireless security is vital to protect your wireless communications. Without it, information transmitted over the wireless network would be accessible to any networking device within range. User Authentication and Data Encryption The WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured communication at all times. User authentication is the process of confirming a user's identity and level of authorization. Data encryption is the process of encoding information so that it cannot be read by anyone who does not know the code. WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption. WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations. PKMv2 PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP methods such as Transport Layer Security (EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication. In cryptography, a 'key' is a piece of information, typically a string of random numbers and letters, that can be used to 'lock' (encrypt) or 'unlock' (decrypt) a message. Public key encryption uses key pairs, which consist of a public (freely available) key and a private (secret) key. The public key is used for encryption and the private key is used for decryption. You can decrypt a message only if you have the private key. Public key certificates (or 'digital IDs') allow users to verify each other's identity. User's Guide 279

Section	Page
MAX-306HW2 Series	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	19
List of Tables	25
Introduction and Wizards	29
Getting Started	31
1.1 Overview	31
1.1.1 Wi-Fi Access Point	32
1.1.2 WiMAX Internet Access	32
1.1.3 Make Calls via Internet Telephony Service Provider	33
1.2 WiMAX Device Hardware	34
1.2.1 LEDs	34
1.3 Good Habits for Managing the WiMAX Device	35
Introducing the Web Configurator	37
2.1 Overview	37
2.1.1 Accessing the Web Configurator	37
2.1.2 The Reset Button	40
2.2 The Main Screen	40
Internet Connection Wizard	47
3.1 Overview	47
3.1.1 Welcome to the ZyXEL Setup Wizard	47
3.1.2 System Information	48
3.1.3 Wireless LAN	49
3.1.4 Authentication Settings	54
3.1.5 IP Address	56
3.1.6 Setup Complete	58
VoIP Connection Wizard	59
4.1 Overview	59
4.2 Welcome to the ZyXEL Setup Wizard	59
4.2.1 First Voice Account Settings	60
4.2.2 Setup Complete	63
Basic Screens	65
The Setup Screens	67
5.1 Overview	67
5.1.1 What You Can Do in This Chapter	67
5.1.2 What You Need to Know	67
5.1.3 Before You Begin	68
5.2 Set IP Address	68
5.3 DHCP Client	69
5.4 Time Setting	70
5.4.1 Pre-Defined NTP Time Servers List	71
5.4.2 Resetting the Time	72
Advanced Screens	73
The LAN Configuration Screens	75
6.1 Overview	75
6.1.1 What You Can Do in This Chapter	75
6.1.2 What You Need to Know	75
6.2 DHCP Setup	76
6.3 Static DHCP	78
6.4 IP Alias	79
6.5 IP Static Route	81
6.5.1 IP Static Route Setup	82
6.6 Other Settings	83
6.7 Technical Reference	84
6.7.1 IP Address and Subnet Mask	84
6.7.2 DHCP Setup	85
6.7.3 LAN TCP/IP	85
6.7.4 DNS Server Address	86
6.7.5 RIP Setup	86
6.7.6 Multicast	87
The WAN Configuration Screens	89
7.1 Overview	89
7.1.1 What You Can Do in This Chapter	89
7.1.2 What You Need to Know	89
7.2 Internet Connection	93
7.3 WiMAX Configuration	95
7.3.1 Frequency Ranges	97
7.3.2 Configuring Frequency Settings	97
7.3.3 Using the WiMAX Frequency Screen	98
7.4 Traffic Redirect	99
7.5 Advanced	101
The Wi-Fi Configuration Screens	103
8.1 Overview	103
8.1.1 What You Can Do in This Chapter	103
8.1.2 What You Need to Know	103
8.2 General	104
8.3 MAC Filter	109
8.4 Advanced	110
The VPN Transport Screens	113
9.1 Overview	113
9.1.1 What You Can Do in This Chapter	114
9.1.2 What You Need to Know	114
9.1.3 Before You Begin	115
9.2 General	116
9.3 Customer Interface	116
9.3.1 Multi-Protocol Label Switching	117
9.3.2 Generic Routing Encapsulation	117
9.3.3 Customer Interface Options	118
9.3.4 Customer Interface Setup	120
9.4 Ethernet Pseudowire	121
9.4.1 Ethernet Pseudowire Setup	123
9.5 Statistics	124
The NAT Configuration Screens	125
10.1 Overview	125
10.1.1 What You Can Do in This Chapter	125
10.2 General	125
10.3 Port Forwarding	126
10.3.1 Port Forwarding Options	127
10.3.2 Port Forwarding Rule Setup	129
10.4 Trigger Port	130
10.4.1 Trigger Port Forwarding Example	131
10.5 ALG	132
The System Configuration Screens	135
11.1 Overview	135
11.1.1 What You Can Do in This Chapter	135
11.1.2 What You Need to Know	135
11.2 General	137
11.3 Dynamic DNS	138
11.4 Firmware	140
11.4.1 The Firmware Upload Process	141
11.5 Configuration	142
11.5.1 The Restore Configuration Process	143
11.6 Restart	143
11.6.1 The Restart Process	144
Voice Screens	145
The Service Configuration Screens	147
12.1 Overview	147
12.1.1 What You Can Do in This Chapter	147
12.1.2 What You Need to Know	147
12.1.3 Before you Begin	149
12.2 SIP Settings	149
12.2.1 Advanced SIP Settings	151
12.3 QoS	158
12.4 Technical Reference	159
12.4.1 SIP Call Progression	159
12.4.2 SIP Client Server	160
12.4.3 SIP User Agent	160
12.4.4 SIP Proxy Server	160
12.4.5 SIP Redirect Server	161
12.4.6 NAT and SIP	162
12.4.7 DiffServ	162
12.4.8 DSCP and Per-Hop Behavior	163
The Phone Screens	165
13.1 Overview	165
13.1.1 What You Can Do in This Chapter	165
13.1.2 What You Need to Know	165
13.2 Analog Phone	166
13.2.1 Advanced Analog Phone Setup	168
13.3 Common	169
13.4 Region	170
13.5 Technical Reference	170
13.5.1 The Flash Key	170
13.5.2 Europe Type Supplementary Phone Services	171
13.5.3 USA Type Supplementary Services	173
The Phone Book Screens	175
14.1 Overview	175
14.1.1 What You Can Do in This Chapter	175
14.1.2 What You Need to Know	175
14.2 Incoming Call Policy	176
14.3 Speed Dial	178
Tools & Status Screens	181
The Certificates Screens	183
15.1 Overview	183
15.1.1 What You Can Do in This Chapter	183
15.1.2 What You Need to Know	183
15.2 My Certificates	184
15.2.1 My Certificates Create	186
15.2.2 My Certificate Edit	189
15.2.3 My Certificate Import	192
15.3 Trusted CAs	193
15.3.1 Trusted CA Edit	195
15.3.2 Trusted CA Import	197
15.4 Technical Reference	198
15.4.1 Certificate Authorities	198
15.4.2 Verifying a Certificate	200
The Firewall Screens	203
16.1 Overview	203
16.1.1 What You Can Do in This Chapter	203
16.1.2 What You Need to Know	203
16.2 Firewall Setting	204
16.2.1 Firewall Rule Directions	204
16.2.2 Triangle Route	205
16.2.3 Firewall Setting Options	206
16.3 Service Setting	207
16.4 Technical Reference	208
16.4.1 Stateful Inspection Firewall.	208
16.4.2 Guidelines For Enhancing Security With Your Firewall	209
16.4.3 The “Triangle Route” Problem	209
Content Filter	213
17.1 Overview	213
17.1.1 What You Can Do in This Chapter	213
17.2 Filter	214
17.3 Schedule	216
The Remote Management Screens	217
18.1 Overview	217
18.1.1 What You Can Do in This Chapter	217
18.1.2 What You Need to Know	218
18.2 WWW	219
18.3 Telnet	220
18.4 FTP	220
18.5 SNMP	221
18.5.1 SNMP Traps	222
18.5.2 SNMP Options	223
18.6 DNS	224
18.7 Security	225
The Logs Screens	227
19.1 Overview	227
19.1.1 What You Can Do in This Chapter	227
19.1.2 What You Need to Know	227
19.2 View Logs	229
19.3 Log Settings	231
19.4 Log Message Descriptions	233
The UPnP Screen	243
20.1 Overview	243
20.1.1 What You Can Do in This Chapter	243
20.1.2 What You Need to Know	243
20.2 UPnP	244
20.3 Technical Reference	245
20.3.1 Installing UPnP in Windows XP	245
20.3.2 Web Configurator Easy Access	249
The Status Screen	253
21.1 Overview	253
21.2 Status Screen	253
21.2.1 Packet Statistics	258
21.2.2 WiMAX Site Information	259
21.2.3 DHCP Table	260
21.2.4 VoIP Statistics	261
21.2.5 WiMAX Profile	263
Troubleshooting and Specifications	265
Troubleshooting	267
22.1 Power, Hardware Connections, and LEDs	267
22.2 WiMAX Device Access and Login	268
22.3 Internet Access	270
22.4 Phone Calls and VoIP	272
22.5 Reset the WiMAX Device to Its Factory Defaults	273
22.5.1 Pop-up Windows, JavaScripts and Java Permissions	273
Product Specifications	275
Appendices and Index	277
WiMAX Security	279
Setting Up Your Computer’s IP Address	283
Wireless LANs	311
Pop-up Windows, JavaScripts and Java Permissions	327
IP Addresses and Subnetting	337
Importing Certificates	349
SIP Passthrough	381
Common Services	383
Legal Information	387
Customer Support	391

Match case Limit results 1 per page

User’s Guide

279

PPENDIX

WiMAX Security

Wireless security is vital to protect your wireless communications. Without it,

information transmitted over the wireless network would be accessible to any

networking device within range.

User Authentication and Data Encryption

The WiMAX (IEEE 802.16) standard employs user authentication and encryption to

ensure secured communication at all times.

User authentication is the process of confirming a user’s identity and level of

authorization. Data encryption is the process of encoding information so that it

cannot be read by anyone who does not know the code.

WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Protocol)

for data encryption.

WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows

additional authentication methods to be deployed with no changes to the base

station or the mobile or subscriber stations.

PKMv2

PKMv2 is a procedure that allows authentication of a mobile or subscriber station

and negotiation of a public key to encrypt traffic between the MS/SS and the base

station. PKMv2 uses standard EAP methods such as Transport Layer Security

(EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure communication.

In cryptography, a ‘key’ is a piece of information, typically a string of random

numbers and letters, that can be used to ‘lock’ (encrypt) or ‘unlock’ (decrypt) a

message. Public key encryption uses key pairs, which consist of a public (freely

available) key and a private (secret) key. The public key is used for encryption

and the private key is used for decryption. You can decrypt a message only if you

have the private key. Public key certificates (or ‘digital IDs’) allow users to verify

each other’s identity.