Home » ZyXEL Manuals » Networking » ZyXEL P-2802HW-I1 » Manual Viewer

ZyXEL P-2802HW-I1 User Guide - Page 103

Encryption

Get ZyXEL P-2802HW-I1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 103 highlights

Chapter 8 Wireless LAN Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. 8.2.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication. (See Section 8.2.3 on page 102 for information about this.) Table 28 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WPA Static WEP WPA-PSK Strongest WPA2-PSK WPA2 For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPAPSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network. " It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. The other types of encryption are better than none at all, but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly. When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device. Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. P-2802H(W)(L)-I Series User's Guide 103

Section	Page
User's Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	27
Introduction	33
Introducing the ZyXEL Device	35
1.1 Overview	35
1.2 Ways to Manage the ZyXEL Device	36
1.3 Good Habits for Managing the ZyXEL Device	37
1.4 Applications for the ZyXEL Device	37
1.4.1 Secure Internet Access	37
1.4.2 Wireless LAN Application	38
1.4.3 Making Calls via Internet Telephony Service Provider	38
1.4.4 Making Peer-to-peer Calls	39
1.5 LEDs	40
1.6 The RESET Button	41
1.6.1 Using The Reset Button	41
Introducing the Web Configurator	43
2.1 Web Configurator Overview	43
2.1.1 Accessing the Web Configurator	43
2.2 Web Configurator Main Screen	46
2.2.1 Title Bar	46
2.2.2 Navigation Panel	47
2.2.3 Main Window	49
2.2.4 Status Bar	49
Wizard	51
Internet and Wireless Setup Wizard	53
3.1 Introduction	53
3.2 Internet Access Wizard Setup	53
3.3 Wireless Connection Wizard Setup	58
3.3.1 Manually Assign a WPA-PSK key	61
3.3.2 Manually Assign a WEP Key	61
VoIP Wizard And Example	65
4.1 Introduction	65
4.2 VoIP Wizard Setup	65
Advanced	71
Status Screens	73
5.1 Status Screen	73
5.2 Any IP Table	76
5.3 WLAN Status (“W” models only)	77
5.4 Packet Statistics	77
5.5 VoIP Statistics	79
WAN Setup	83
6.1 WAN Overview	83
6.1.1 PPP over Ethernet	83
6.1.2 IP Address Assignment	83
6.1.3 Nailed-Up Connection (PPP)	84
6.2 Internet Access Setup	84
6.2.1 Advanced Internet Access Setup	86
6.3 WAN Interface Setup	87
LAN Setup	89
7.1 LAN Overview	89
7.1.1 LANs, WANs and the ZyXEL Device	89
7.1.2 DHCP Setup	90
7.2 DNS Server Addresses	90
7.3 LAN TCP/IP	90
7.3.1 IP Address and Subnet Mask	91
7.3.2 RIP Setup	92
7.3.3 Multicast	92
7.3.4 Any IP	93
7.4 Configuring LAN IP	94
7.4.1 Configuring Advanced LAN Setup	95
7.5 DHCP Setup	96
7.6 LAN Client List	97
7.7 LAN IP Alias	99
Wireless LAN	101
8.1 Wireless Network Overview	101
8.2 Wireless Security Overview	102
8.2.1 SSID	102
8.2.2 MAC Address Filter	102
8.2.3 User Authentication	102
8.2.4 Encryption	103
8.2.5 One-Touch Intelligent Security Technology (OTIST)	104
8.3 Additional Wireless Terms	104
8.4 General WLAN Screen	104
8.4.1 No Security	105
8.4.2 WEP Encryption Screen	106
8.4.3 WPA(2)-PSK	107
8.4.4 WPA(2) Authentication Screen	109
8.4.5 Wireless LAN Advanced Setup	110
8.5 OTIST Screen	111
8.5.1 Notes on OTIST	113
8.6 MAC Filter	114
Network Address Translation (NAT) Screens	117
9.1 NAT General Overview	117
9.1.1 NAT Definitions	117
9.1.2 What NAT Does	118
9.1.3 How NAT Works	118
9.1.4 NAT Application	118
9.1.5 NAT Mapping Types	119
9.2 SUA (Single User Account) Versus NAT	120
9.3 NAT General Setup	120
9.4 Port Forwarding	121
9.4.1 Default Server IP Address	122
9.4.2 Port Forwarding: Services and Port Numbers	122
9.4.3 Configuring Servers Behind Port Forwarding (Example)	122
9.5 Configuring Port Forwarding	123
9.5.1 Port Forwarding Rule Edit	124
9.6 Address Mapping	125
9.6.1 Address Mapping Rule Edit	126
9.6.2 SIP ALG	128
Voice	129
10.1 Introduction to VoIP	129
10.2 SIP	129
10.2.1 SIP Identities	129
10.2.2 SIP Call Progression	130
10.2.3 SIP Servers	130
10.2.4 RTP	132
10.2.5 Pulse Code Modulation	132
10.2.6 Voice Coding	132
10.2.7 PSTN Call Setup Signaling	133
10.2.8 MWI (Message Waiting Indication)	133
10.2.9 Custom Tones (IVR)	133
10.3 Quality of Service (QoS)	134
10.3.1 Type of Service (ToS)	134
10.3.2 DiffServ	134
10.3.3 VLAN Tagging	135
10.4 SIP Settings Screen	135
10.5 Advanced SIP Setup Screen	137
10.6 SIP QoS Screen	141
10.7 Phone	141
10.7.1 Voice Activity Detection/Silence Suppression	141
10.7.2 Comfort Noise Generation	142
10.7.3 Echo Cancellation	142
10.8 Analog Phone Screen	142
10.9 Advanced Analog Phone Setup Screen	143
10.10 Common Phone Settings Screen	144
10.11 Phone Services Overview	145
10.11.1 The Flash Key	145
10.11.2 Europe Type Supplementary Phone Services	145
10.11.3 USA Type Supplementary Services	147
10.12 Phone Region Screen	148
10.13 Speed Dial	148
10.14 Incoming Call Policy Screen	150
10.15 PSTN Line (“L” models only)	152
10.16 PSTN Line Screen (“L” models only)	152
Firewalls	155
11.1 Firewall Overview	155
11.1.1 Stateful Inspection Firewall	155
11.1.2 About the ZyXEL Device Firewall	155
11.1.3 Guidelines For Enhancing Security With Your Firewall	156
11.2 General Firewall Policy Overview	156
11.3 Security Considerations	158
11.4 Triangle Route	158
11.4.1 The “Triangle Route” Problem	158
11.4.2 Solving the “Triangle Route” Problem	159
11.5 General Firewall Policy	160
11.6 Firewall Rules Summary	161
11.6.1 Configuring Firewall Rules	163
11.6.2 Customized Services	166
11.6.3 Configuring A Customized Service	166
11.7 Example Firewall Rule	167
11.8 Firewall Thresholds	171
11.8.1 Threshold Values	172
11.8.2 Configuring Firewall Thresholds	172
Content Filtering	175
12.1 Content Filtering Overview	175
12.2 Configuring Keyword Blocking	175
12.3 Configuring the Schedule	176
12.4 Configuring Trusted Computers	177
Introduction to IPSec	179
13.1 VPN Overview	179
13.1.1 IPSec	179
13.1.2 Security Association	179
13.1.3 Other Terminology	179
13.1.4 VPN Applications	180
13.2 IPSec Architecture	180
13.2.1 IPSec Algorithms	181
13.2.2 Key Management	181
13.3 Encapsulation	181
13.3.1 Transport Mode	182
13.3.2 Tunnel Mode	182
13.4 IPSec and NAT	182
VPN Screens	185
14.1 VPN/IPSec Overview	185
14.2 IPSec Algorithms	185
14.2.1 AH (Authentication Header) Protocol	185
14.2.2 ESP (Encapsulating Security Payload) Protocol	185
14.3 My IP Address	186
14.4 Secure Gateway Address	186
14.4.1 Dynamic Secure Gateway Address	187
14.5 VPN Setup Screen	187
14.6 Keep Alive	189
14.7 VPN, NAT, and NAT Traversal	189
14.8 Remote DNS Server	190
14.9 ID Type and Content	191
14.9.1 ID Type and Content Examples	192
14.10 Pre-Shared Key	193
14.11 Editing VPN Policies	193
14.12 IKE Phases	198
14.12.1 Negotiation Mode	199
14.12.2 Diffie-Hellman (DH) Key Groups	199
14.12.3 Perfect Forward Secrecy (PFS)	200
14.13 Configuring Advanced IKE Settings	200
14.14 Manual Key Setup	202
14.14.1 Security Parameter Index (SPI)	202
14.15 Configuring Manual Key	203
14.16 Viewing SA Monitor	205
14.17 Configuring Global Setting	207
14.18 Telecommuter VPN/IPSec Examples	207
14.18.1 Telecommuters Sharing One VPN Rule Example	207
14.18.2 Telecommuters Using Unique VPN Rules Example	208
14.19 VPN and Remote Management	210
Certificates	211
15.1 Certificates Overview	211
15.1.1 Advantages of Certificates	212
15.2 Self-signed Certificates	212
15.3 Configuration Summary	212
15.4 My Certificates	212
15.5 My Certificate Import	214
15.5.1 Certificate File Formats	215
15.6 My Certificate Create	216
15.7 My Certificate Details	218
15.8 Trusted CAs	221
15.9 Trusted CA Import	223
15.10 Trusted CA Details	224
15.11 Trusted Remote Hosts	226
15.12 Verifying a Trusted Remote Host’s Certificate	228
15.12.1 Trusted Remote Host Certificate Fingerprints	228
15.13 Trusted Remote Hosts Import	229
15.14 Trusted Remote Host Certificate Details	229
15.15 Directory Servers	232
15.16 Directory Server Add and Edit	233
Static Route	235
16.1 Static Route	235
16.2 Configuring Static Route	235
16.2.1 Static Route Edit	236
Quality of Service (QoS)	239
17.1 QoS Overview	239
17.1.1 IEEE 802.1Q Tag	239
17.1.2 IP Precedence	240
17.1.3 DiffServ	240
17.1.4 Automatical Priority Queue Assignment	241
17.2 Configuring QoS General Screen	241
17.3 Class Setup	242
17.3.1 Class Configuration	243
17.3.2 QoS Example	246
17.4 QoS Monitor	248
Dynamic DNS Setup	251
18.1 Dynamic DNS Overview	251
18.1.1 DYNDNS Wildcard	251
18.2 Configuring Dynamic DNS	251
Remote Management Configuration	255
19.1 Remote Management Overview	255
19.1.1 Remote Management Limitations	256
19.1.2 Remote Management and NAT	256
19.1.3 System Timeout	256
19.2 WWW (HTTP and HTTPS)	257
19.3 WWW	258
19.4 HTTPS Example	259
19.4.1 Internet Explorer Warning Messages	259
19.4.2 Netscape Navigator Warning Messages	260
19.4.3 Avoiding the Browser Warning Messages	260
19.4.4 Login Screen	261
19.5 Telnet	263
19.6 Configuring Telnet	263
19.7 Configuring FTP	264
19.8 SNMP	265
19.8.1 Supported MIBs	266
19.8.2 SNMP Traps	267
19.8.3 Configuring SNMP	267
19.9 Configuring DNS	268
19.10 Configuring ICMP	269
Universal Plug-and-Play (UPnP)	271
20.1 Introducing Universal Plug and Play	271
20.1.1 How do I know if I'm using UPnP?	271
20.1.2 NAT Traversal	271
20.1.3 Cautions with UPnP	271
20.2 UPnP and ZyXEL	272
20.2.1 Configuring UPnP	272
20.3 Installing UPnP in Windows Example	273
20.4 Using UPnP in Windows XP Example	276
Maintenance, Troubleshooting and Specifications	283
System	285
21.1 General Setup and System Name	285
21.1.1 General Setup	285
21.2 Time Setting	287
Logs	289
22.1 Logs Overview	289
22.1.1 Alerts and Logs	289
22.2 Viewing the Logs	289
22.3 Configuring Log Settings	290
22.4 SMTP Error Messages	292
22.4.1 Example E-mail Log	293
22.5 Log Descriptions	294
Tools	303
23.1 Introduction	303
23.2 Filename Conventions	303
23.3 File Maintenance Over WAN	304
23.4 Firmware Upgrade Screen	305
23.5 Backup and Restore	306
23.5.1 Backup Configuration	307
23.5.2 Restore Configuration	307
23.5.3 Reset to Factory Defaults	308
23.6 Restart	309
23.7 Using FTP or TFTP to Back Up Configuration	309
23.7.1 Using the FTP Commands to Back Up Configuration	309
23.7.2 FTP Command Configuration Backup Example	310
23.7.3 Configuration Backup Using GUI-based FTP Clients	310
23.7.4 Backup Configuration Using TFTP	310
23.7.5 TFTP Command Configuration Backup Example	311
23.7.6 Configuration Backup Using GUI-based TFTP Clients	311
23.8 Using FTP or TFTP to Restore Configuration	312
23.8.1 Restore Using FTP Session Example	312
23.9 FTP and TFTP Firmware and Configuration File Uploads	312
23.9.1 FTP File Upload Command from the DOS Prompt Example	313
23.9.2 FTP Session Example of Firmware File Upload	313
23.9.3 TFTP File Upload	313
23.9.4 TFTP Upload Command Example	314
Diagnostic	315
24.1 General Diagnostic	315
24.2 DSL Line Diagnostic	315
Troubleshooting	317
25.1 Power, Hardware Connections, and LEDs	317
25.2 ZyXEL Device Access and Login	318
25.3 Internet Access	320
25.4 Phone Calls and VoIP	321
25.5 Problems With Multiple SIP Accounts	322
25.5.1 Outgoing Calls	322
25.5.2 Incoming Calls	323
Product Specifications	325
Appendices and Index	335
Setting up Your Computer’s IP Address	337
Pop-up Windows, JavaScripts and Java Permissions	349
IP Addresses and Subnetting	355
Wireless LANs	363
Services	373
Internal SPTGEN	377
Legal Information	401
Customer Support	405

Match case Limit results 1 per page

Chapter 8 Wireless LAN

P-2802H(W)(L)-I Series User’s Guide

103

Unauthorized wireless devices can still see the information that is sent in the wireless network,

even if they cannot use the wireless network. Furthermore, there are ways for unauthorized

wireless users to get a valid user name and password. Then, they can use that user name and

password to use the wireless network.

8.2.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of authentication. (See

Section

8.2.3 on page 102

for information about this.)

For example, if the wireless network has a RADIUS server, you can choose

WPA

WPA2

. If

users do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-

PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every device in the wireless network

supports. For example, suppose you have a wireless network with the ZyXEL Device and you

do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless

network has two devices. Device A only supports WEP, and device B supports WEP and

WPA. Therefore, you should set up

Static WEP

in the wireless network.

It is recommended that wireless networks use

WPA-PSK

WPA

, or stronger

encryption. The other types of encryption are better than none at all, but it is

still possible for unauthorized wireless devices to figure out the original

information pretty quickly.

When you select

WPA2

WPA2-PSK

in your ZyXEL Device, you can also select an option

(

WPA compatible

) to support WPA as well. In this case, if some of the devices support WPA

and some support WPA2, you should set up

WPA2-PSK

WPA2

(depending on the type of

wireless network login) and select the

WPA compatible

option in the ZyXEL Device.

Many types of encryption use a key to protect the information in the wireless network. The

longer the key, the stronger the encryption. Every device in the wireless network must have the

same key.

Table 28

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2