Home » ZyXEL Manuals » Networking » ZyXEL P-660HW-D1 v2 » Manual Viewer

ZyXEL P-660HW-D1 v2 User Guide - Page 106

Wireless Security Overview

Get ZyXEL P-660HW-D1 v2 PDF manuals and user guides

View all ZyXEL P-660HW-D1 v2 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 106 highlights

Chapter 7 Wireless LAN • Every wireless client in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 7.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network. 7.2.1 SSID Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. This type of security is fairly weak, however, because there are ways for unauthorized devices to get the SSID. In addition, unauthorized devices can still see the information that is sent in the wireless network. 7.2.2 MAC Address Filter Every wireless client has a unique identification number, called a MAC address.1 A MAC address is usually written using twelve hexadecimal characters2; for example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each wireless client, see the appropriate User's Guide or other documentation. You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network. If a wireless client is allowed to use the wireless network, it still has to have the correct settings (SSID, channel, and security). If a wireless client is not allowed to use the wireless network, it does not matter if it has the correct settings. This type of security does not protect the information that is sent in the wireless network. Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized wireless client. Then, they can use that MAC address to use the wireless network. 7.2.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. This is called user authentication. However, every wireless client in the wireless network has to support IEEE 802.1x to do this. For wireless networks, there are two typical places to store the user names and passwords for each user. • In the AP: this feature is called a local user database or a local database. 1. Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. 2. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. 106 P-660HW-Dx v2 User's Guide

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	27
Introduction	31
Introducing the ZyXEL Device	33
1.1 Overview	33
1.2 Ways to Manage the ZyXEL Device	35
1.3 Good Habits for Managing the ZyXEL Device	35
1.4 LEDs	35
1.5 Hardware Connections	36
1.5.1 Splitters and Microfilters	36
Introducing the Web Configurator	39
2.1 Web Configurator Overview	39
2.2 Accessing the Web Configurator	39
2.2.1 User Access	40
2.2.2 Administrator Access	40
2.3 Resetting the ZyXEL Device	42
2.3.1 Using the Reset Button	42
2.4 Navigating the Web Configurator	42
2.4.1 Navigation Panel	42
2.4.2 Status Screen	44
2.4.3 Status: Any IP Table	47
2.4.4 Status: WLAN Status	47
2.4.5 Status: Bandwidth Status	48
2.4.6 Status: Packet Statistics	48
2.4.7 Changing Login Password	50
Wizards	51
Wizard Setup for Internet Access	53
3.1 Introduction	53
3.2 Internet Access Wizard Setup	53
3.2.1 Automatic Detection	55
3.2.2 Manual Configuration	55
3.3 Wireless Connection Wizard Setup	60
3.3.1 Manually assign a WPA-PSK key	63
3.3.2 Manually assign a WEP key	63
Bandwidth Management Wizard	67
4.1 Introduction	67
4.2 Predefined Media Bandwidth Management Services	67
4.3 Bandwidth Management Wizard Setup	68
Network	73
WAN Setup	75
5.1 WAN Overview	75
5.1.1 Encapsulation	75
5.1.2 Multiplexing	76
5.1.3 Encapsulation and Multiplexing Scenarios	76
5.1.4 VPI and VCI	77
5.1.5 IP Address Assignment	77
5.1.6 Nailed-Up Connection (PPP)	77
5.1.7 NAT	78
5.2 Metric	78
5.3 Traffic Shaping	78
5.3.1 ATM Traffic Classes	79
5.4 Zero Configuration Internet Access	80
5.5 Internet Connection	80
5.5.1 Configuring Advanced Internet Connection Setup	82
5.6 Configuring More Connections	84
5.6.1 More Connections Edit	85
5.6.2 Configuring More Connections Advanced Setup	88
5.7 Traffic Redirect	89
5.8 Configuring WAN Backup	89
LAN Setup	93
6.1 LAN Overview	93
6.1.1 LANs, WANs and the ZyXEL Device	93
6.1.2 DHCP Setup	94
6.1.3 DNS Server Address	94
6.1.4 DNS Server Address Assignment	94
6.2 LAN TCP/IP	95
6.2.1 IP Address and Subnet Mask	95
6.2.2 RIP Setup	96
6.2.3 Multicast	96
6.2.4 Any IP	97
6.3 Configuring LAN IP	98
6.3.1 Configuring Advanced LAN Setup	99
6.4 DHCP Setup	100
6.5 LAN Client List	101
6.6 LAN IP Alias	102
Wireless LAN	105
7.1 Wireless Network Overview	105
7.2 Wireless Security Overview	106
7.2.1 SSID	106
7.2.2 MAC Address Filter	106
7.2.3 User Authentication	106
7.2.4 Encryption	107
7.2.5 One-Touch Intelligent Security Technology (OTIST)	108
7.3 General Wireless LAN Screen	108
7.3.1 No Security	109
7.3.2 WEP Encryption	110
7.3.3 WPA-PSK/WPA2-PSK	111
7.3.4 WPA/WPA2	113
7.3.5 Wireless LAN Advanced Setup	115
7.4 OTIST	117
7.4.1 Enabling OTIST	117
7.4.2 Starting OTIST	119
7.4.3 Notes on OTIST	120
7.5 MAC Filter	121
7.6 WMM QoS	122
7.6.1 WMM QoS Example	122
7.6.2 WMM QoS Priorities	122
7.6.3 Services	123
7.7 QoS Screen	124
7.7.1 ToS (Type of Service) and WMM QoS	125
7.7.2 Application Priority Configuration	126
Network Address Translation (NAT) Screens	129
8.1 NAT Overview	129
8.1.1 NAT Definitions	129
8.1.2 What NAT Does	130
8.1.3 How NAT Works	130
8.1.4 NAT Application	130
8.1.5 NAT Mapping Types	131
8.2 SUA (Single User Account) Versus NAT	132
8.3 SIP ALG	132
8.4 NAT General Setup	133
8.5 Port Forwarding	134
8.5.1 Default Server IP Address	134
8.5.2 Port Forwarding: Services and Port Numbers	134
8.5.3 Configuring Servers Behind Port Forwarding (Example)	135
8.6 Configuring Port Forwarding	135
8.6.1 Port Forwarding Rule Edit	136
8.7 Address Mapping	137
8.7.1 Address Mapping Rule Edit	139
Security	141
Firewalls	143
9.1 Firewall Overview	143
9.2 Types of Firewalls	143
9.2.1 Packet Filtering Firewalls	143
9.2.2 Application-level Firewalls	144
9.2.3 Stateful Inspection Firewalls	144
9.3 Introduction to ZyXEL’s Firewall	144
9.3.1 Denial of Service Attacks	145
9.4 Denial of Service	145
9.4.1 Basics	145
9.4.2 Types of DoS Attacks	146
9.5 Stateful Inspection	148
9.5.1 Stateful Inspection Process	149
9.5.2 Stateful Inspection and the ZyXEL Device	150
9.5.3 TCP Security	150
9.5.4 UDP/ICMP Security	151
9.5.5 Upper Layer Protocols	151
9.6 Guidelines for Enhancing Security with Your Firewall	152
9.6.1 Security In General	152
9.7 Packet Filtering Vs Firewall	153
9.7.1 Packet Filtering:	153
9.7.2 Firewall	153
Firewall Configuration	155
10.1 Access Methods	155
10.2 Firewall Policies Overview	155
10.3 Rule Logic Overview	156
10.3.1 Rule Checklist	156
10.3.2 Security Ramifications	156
10.3.3 Key Fields For Configuring Rules	157
10.4 Connection Direction	157
10.4.1 LAN to WAN Rules	158
10.4.2 Alerts	158
10.5 General Firewall Policy	158
10.6 Firewall Rules Summary	159
10.6.1 Configuring Firewall Rules	161
10.6.2 Customized Services	164
10.6.3 Configuring a Customized Service	164
10.7 Example Firewall Rule	165
10.8 Predefined Services	169
10.9 Anti-Probing	171
10.10 DoS Thresholds	172
10.10.1 Threshold Values	172
10.10.2 Half-Open Sessions	173
10.10.3 Configuring Firewall Thresholds	173
Content Filtering	177
11.1 Content Filtering Overview	177
11.2 Configuring Keyword Blocking	177
11.3 Configuring the Schedule	178
11.4 Configuring Trusted Computers	179
Advanced	181
Static Route	183
12.1 Static Route	183
12.2 Configuring Static Route	183
12.2.1 Static Route Edit	184
Bandwidth Management	187
13.1 Bandwidth Management Overview	187
13.2 Application-based Bandwidth Management	187
13.3 Subnet-based Bandwidth Management	187
13.4 Application and Subnet-based Bandwidth Management	188
13.5 Scheduler	188
13.5.1 Priority-based Scheduler	188
13.5.2 Fairness-based Scheduler	189
13.6 Maximize Bandwidth Usage	189
13.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic	189
13.6.2 Maximize Bandwidth Usage Example	189
13.6.3 Bandwidth Management Priorities	191
13.7 Over Allotment of Bandwidth	191
13.8 Configuring Summary	191
13.9 Bandwidth Management Rule Setup	192
13.10 DiffServ	194
13.10.1 DSCP and Per-Hop Behavior	194
13.10.2 Rule Configuration	194
13.11 Bandwidth Monitor	197
Dynamic DNS Setup	199
14.1 Dynamic DNS Overview	199
14.1.1 DYNDNS Wildcard	199
14.2 Configuring Dynamic DNS	199
Remote Management Configuration	203
15.1 Remote Management Overview	203
15.1.1 Remote Management Limitations	204
15.1.2 Remote Management and NAT	204
15.1.3 System Timeout	204
15.2 WWW	204
15.3 Telnet	205
15.4 Configuring Telnet	205
15.5 Telnet Login	206
15.6 Configuring FTP	207
15.7 SNMP	207
15.7.1 Supported MIBs	209
15.7.2 SNMP Traps	209
15.7.3 Configuring SNMP	209
15.8 Configuring DNS	210
15.9 Configuring ICMP	211
Universal Plug-and-Play (UPnP)	213
16.1 Introducing Universal Plug and Play	213
16.1.1 How do I know if I'm using UPnP?	213
16.1.2 NAT Traversal	213
16.1.3 Cautions with UPnP	213
16.2 UPnP and ZyXEL	214
16.2.1 Configuring UPnP	214
16.3 Installing UPnP in Windows Example	215
16.3.1 Installing UPnP in Windows Me	215
16.3.2 Installing UPnP in Windows XP	216
16.4 Using UPnP in Windows XP Example	217
16.4.1 Auto-discover Your UPnP-enabled Network Device	218
16.4.2 Web Configurator Easy Access	221
Maintenance and Troubleshooting	225
System	227
17.1 General Setup	227
17.1.1 General Setup and System Name	227
17.1.2 General Setup	227
17.2 Time Setting	229
Logs	233
18.1 Logs Overview	233
18.1.1 Alerts and Logs	233
18.2 Viewing the Logs	233
18.3 Configuring Log Settings	234
18.3.1 Example E-mail Log	236
18.4 Log Descriptions	237
Tools	251
19.1 Firmware Upgrade	251
19.2 Configuration Screen	253
19.2.1 Backup Configuration	253
19.2.2 Restore Configuration	254
19.2.3 Back to Factory Defaults	255
19.3 Restart	255
Diagnostic	257
20.1 General Diagnostic	257
20.2 DSL Line Diagnostic	257
Troubleshooting	259
21.1 Power, Hardware Connections, and LEDs	259
21.2 ZyXEL Device Access and Login	260
21.3 Internet Access	261
Appendices and Index	263
Product Specifications and Wall Mounting	265
Wireless LANs	271
Setting up Your Computer’s IP Address	285
IP Addresses and Subnetting	301
Firewall Commands	311
Internal SPTGEN	317
Pop-up Windows, JavaScripts and Java Permissions	333
NetBIOS Filter Commands	339
Triangle Route	341
Legal Information	343
Customer Support	347

Match case Limit results 1 per page

Chapter 7 Wireless LAN

P-660HW-Dx v2 User’s Guide

106

•

Every wireless client in the same wireless network must use security compatible with the

AP.

Security stops unauthorized devices from using the wireless network. It can also protect

the information that is sent in the wireless network.

7.2

Wireless Security Overview

The following sections introduce different types of wireless security you can set up in the

wireless network.

7.2.1

SSID

Normally, the AP acts like a beacon and regularly broadcasts the SSID in the area. You can

hide the SSID instead, in which case the AP does not broadcast the SSID. In addition, you

should change the default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized devices

to get the SSID. In addition, unauthorized devices can still see the information that is sent in

the wireless network.

7.2.2

MAC Address Filter

Every wireless client has a unique identification number, called a MAC address.

A MAC

address is usually written using twelve hexadecimal characters

; for example, 00A0C5000002

or 00:A0:C5:00:00:02. To get the MAC address for each wireless client, see the appropriate

User’s Guide or other documentation.

You can use the MAC address filter to tell the AP which wireless clients are allowed or not

allowed to use the wireless network. If a wireless client is allowed to use the wireless network,

it still has to have the correct settings (SSID, channel, and security). If a wireless client is not

allowed to use the wireless network, it does not matter if it has the correct settings.

This type of security does not protect the information that is sent in the wireless network.

Furthermore, there are ways for unauthorized devices to get the MAC address of an authorized

wireless client. Then, they can use that MAC address to use the wireless network.

7.2.3

User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the

wireless network. You can make every user log in to the wireless network before they can use

it. This is called user authentication. However, every wireless client in the wireless network

has to support IEEE 802.1x to do this.

For wireless networks, there are two typical places to store the user names and passwords for

each user.

•

In the AP: this feature is called a local user database or a local database.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.

These kinds of wireless devices might not have MAC addresses.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.