Home » ZyXEL Manuals » Networking » ZyXEL P-660HW-D1 v2 » Manual Viewer

ZyXEL P-660HW-D1 v2 User Guide - Page 107

Encryption

Get ZyXEL P-660HW-D1 v2 PDF manuals and user guides

View all ZyXEL P-660HW-D1 v2 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 107 highlights

Chapter 7 Wireless LAN • In a RADIUS server: this is a server used in businesses more than in homes. If your AP does not provide a local user database and if you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. Local user databases also have an additional limitation that is explained in the next section. 7.2.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of user authentication. (See Section 7.2.3 on page 106 for information about this.) Table 31 Types of Encryption for Each Type of Authentication NO AUTHENTICATION RADIUS SERVER Weakest No Security WPA Static WEP WPA-PSK Strongest WPA2-PSK WPA2 " For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK. Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network. It is recommended that wireless networks use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly. It is not possible to use WPA-PSK, WPA or stronger encryption with a local user database. In this case, it is better to set up stronger encryption with no authentication than to set up weaker encryption with the local user database. P-660HW-Dx v2 User's Guide 107

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	27
Introduction	31
Introducing the ZyXEL Device	33
1.1 Overview	33
1.2 Ways to Manage the ZyXEL Device	35
1.3 Good Habits for Managing the ZyXEL Device	35
1.4 LEDs	35
1.5 Hardware Connections	36
1.5.1 Splitters and Microfilters	36
Introducing the Web Configurator	39
2.1 Web Configurator Overview	39
2.2 Accessing the Web Configurator	39
2.2.1 User Access	40
2.2.2 Administrator Access	40
2.3 Resetting the ZyXEL Device	42
2.3.1 Using the Reset Button	42
2.4 Navigating the Web Configurator	42
2.4.1 Navigation Panel	42
2.4.2 Status Screen	44
2.4.3 Status: Any IP Table	47
2.4.4 Status: WLAN Status	47
2.4.5 Status: Bandwidth Status	48
2.4.6 Status: Packet Statistics	48
2.4.7 Changing Login Password	50
Wizards	51
Wizard Setup for Internet Access	53
3.1 Introduction	53
3.2 Internet Access Wizard Setup	53
3.2.1 Automatic Detection	55
3.2.2 Manual Configuration	55
3.3 Wireless Connection Wizard Setup	60
3.3.1 Manually assign a WPA-PSK key	63
3.3.2 Manually assign a WEP key	63
Bandwidth Management Wizard	67
4.1 Introduction	67
4.2 Predefined Media Bandwidth Management Services	67
4.3 Bandwidth Management Wizard Setup	68
Network	73
WAN Setup	75
5.1 WAN Overview	75
5.1.1 Encapsulation	75
5.1.2 Multiplexing	76
5.1.3 Encapsulation and Multiplexing Scenarios	76
5.1.4 VPI and VCI	77
5.1.5 IP Address Assignment	77
5.1.6 Nailed-Up Connection (PPP)	77
5.1.7 NAT	78
5.2 Metric	78
5.3 Traffic Shaping	78
5.3.1 ATM Traffic Classes	79
5.4 Zero Configuration Internet Access	80
5.5 Internet Connection	80
5.5.1 Configuring Advanced Internet Connection Setup	82
5.6 Configuring More Connections	84
5.6.1 More Connections Edit	85
5.6.2 Configuring More Connections Advanced Setup	88
5.7 Traffic Redirect	89
5.8 Configuring WAN Backup	89
LAN Setup	93
6.1 LAN Overview	93
6.1.1 LANs, WANs and the ZyXEL Device	93
6.1.2 DHCP Setup	94
6.1.3 DNS Server Address	94
6.1.4 DNS Server Address Assignment	94
6.2 LAN TCP/IP	95
6.2.1 IP Address and Subnet Mask	95
6.2.2 RIP Setup	96
6.2.3 Multicast	96
6.2.4 Any IP	97
6.3 Configuring LAN IP	98
6.3.1 Configuring Advanced LAN Setup	99
6.4 DHCP Setup	100
6.5 LAN Client List	101
6.6 LAN IP Alias	102
Wireless LAN	105
7.1 Wireless Network Overview	105
7.2 Wireless Security Overview	106
7.2.1 SSID	106
7.2.2 MAC Address Filter	106
7.2.3 User Authentication	106
7.2.4 Encryption	107
7.2.5 One-Touch Intelligent Security Technology (OTIST)	108
7.3 General Wireless LAN Screen	108
7.3.1 No Security	109
7.3.2 WEP Encryption	110
7.3.3 WPA-PSK/WPA2-PSK	111
7.3.4 WPA/WPA2	113
7.3.5 Wireless LAN Advanced Setup	115
7.4 OTIST	117
7.4.1 Enabling OTIST	117
7.4.2 Starting OTIST	119
7.4.3 Notes on OTIST	120
7.5 MAC Filter	121
7.6 WMM QoS	122
7.6.1 WMM QoS Example	122
7.6.2 WMM QoS Priorities	122
7.6.3 Services	123
7.7 QoS Screen	124
7.7.1 ToS (Type of Service) and WMM QoS	125
7.7.2 Application Priority Configuration	126
Network Address Translation (NAT) Screens	129
8.1 NAT Overview	129
8.1.1 NAT Definitions	129
8.1.2 What NAT Does	130
8.1.3 How NAT Works	130
8.1.4 NAT Application	130
8.1.5 NAT Mapping Types	131
8.2 SUA (Single User Account) Versus NAT	132
8.3 SIP ALG	132
8.4 NAT General Setup	133
8.5 Port Forwarding	134
8.5.1 Default Server IP Address	134
8.5.2 Port Forwarding: Services and Port Numbers	134
8.5.3 Configuring Servers Behind Port Forwarding (Example)	135
8.6 Configuring Port Forwarding	135
8.6.1 Port Forwarding Rule Edit	136
8.7 Address Mapping	137
8.7.1 Address Mapping Rule Edit	139
Security	141
Firewalls	143
9.1 Firewall Overview	143
9.2 Types of Firewalls	143
9.2.1 Packet Filtering Firewalls	143
9.2.2 Application-level Firewalls	144
9.2.3 Stateful Inspection Firewalls	144
9.3 Introduction to ZyXEL’s Firewall	144
9.3.1 Denial of Service Attacks	145
9.4 Denial of Service	145
9.4.1 Basics	145
9.4.2 Types of DoS Attacks	146
9.5 Stateful Inspection	148
9.5.1 Stateful Inspection Process	149
9.5.2 Stateful Inspection and the ZyXEL Device	150
9.5.3 TCP Security	150
9.5.4 UDP/ICMP Security	151
9.5.5 Upper Layer Protocols	151
9.6 Guidelines for Enhancing Security with Your Firewall	152
9.6.1 Security In General	152
9.7 Packet Filtering Vs Firewall	153
9.7.1 Packet Filtering:	153
9.7.2 Firewall	153
Firewall Configuration	155
10.1 Access Methods	155
10.2 Firewall Policies Overview	155
10.3 Rule Logic Overview	156
10.3.1 Rule Checklist	156
10.3.2 Security Ramifications	156
10.3.3 Key Fields For Configuring Rules	157
10.4 Connection Direction	157
10.4.1 LAN to WAN Rules	158
10.4.2 Alerts	158
10.5 General Firewall Policy	158
10.6 Firewall Rules Summary	159
10.6.1 Configuring Firewall Rules	161
10.6.2 Customized Services	164
10.6.3 Configuring a Customized Service	164
10.7 Example Firewall Rule	165
10.8 Predefined Services	169
10.9 Anti-Probing	171
10.10 DoS Thresholds	172
10.10.1 Threshold Values	172
10.10.2 Half-Open Sessions	173
10.10.3 Configuring Firewall Thresholds	173
Content Filtering	177
11.1 Content Filtering Overview	177
11.2 Configuring Keyword Blocking	177
11.3 Configuring the Schedule	178
11.4 Configuring Trusted Computers	179
Advanced	181
Static Route	183
12.1 Static Route	183
12.2 Configuring Static Route	183
12.2.1 Static Route Edit	184
Bandwidth Management	187
13.1 Bandwidth Management Overview	187
13.2 Application-based Bandwidth Management	187
13.3 Subnet-based Bandwidth Management	187
13.4 Application and Subnet-based Bandwidth Management	188
13.5 Scheduler	188
13.5.1 Priority-based Scheduler	188
13.5.2 Fairness-based Scheduler	189
13.6 Maximize Bandwidth Usage	189
13.6.1 Reserving Bandwidth for Non-Bandwidth Class Traffic	189
13.6.2 Maximize Bandwidth Usage Example	189
13.6.3 Bandwidth Management Priorities	191
13.7 Over Allotment of Bandwidth	191
13.8 Configuring Summary	191
13.9 Bandwidth Management Rule Setup	192
13.10 DiffServ	194
13.10.1 DSCP and Per-Hop Behavior	194
13.10.2 Rule Configuration	194
13.11 Bandwidth Monitor	197
Dynamic DNS Setup	199
14.1 Dynamic DNS Overview	199
14.1.1 DYNDNS Wildcard	199
14.2 Configuring Dynamic DNS	199
Remote Management Configuration	203
15.1 Remote Management Overview	203
15.1.1 Remote Management Limitations	204
15.1.2 Remote Management and NAT	204
15.1.3 System Timeout	204
15.2 WWW	204
15.3 Telnet	205
15.4 Configuring Telnet	205
15.5 Telnet Login	206
15.6 Configuring FTP	207
15.7 SNMP	207
15.7.1 Supported MIBs	209
15.7.2 SNMP Traps	209
15.7.3 Configuring SNMP	209
15.8 Configuring DNS	210
15.9 Configuring ICMP	211
Universal Plug-and-Play (UPnP)	213
16.1 Introducing Universal Plug and Play	213
16.1.1 How do I know if I'm using UPnP?	213
16.1.2 NAT Traversal	213
16.1.3 Cautions with UPnP	213
16.2 UPnP and ZyXEL	214
16.2.1 Configuring UPnP	214
16.3 Installing UPnP in Windows Example	215
16.3.1 Installing UPnP in Windows Me	215
16.3.2 Installing UPnP in Windows XP	216
16.4 Using UPnP in Windows XP Example	217
16.4.1 Auto-discover Your UPnP-enabled Network Device	218
16.4.2 Web Configurator Easy Access	221
Maintenance and Troubleshooting	225
System	227
17.1 General Setup	227
17.1.1 General Setup and System Name	227
17.1.2 General Setup	227
17.2 Time Setting	229
Logs	233
18.1 Logs Overview	233
18.1.1 Alerts and Logs	233
18.2 Viewing the Logs	233
18.3 Configuring Log Settings	234
18.3.1 Example E-mail Log	236
18.4 Log Descriptions	237
Tools	251
19.1 Firmware Upgrade	251
19.2 Configuration Screen	253
19.2.1 Backup Configuration	253
19.2.2 Restore Configuration	254
19.2.3 Back to Factory Defaults	255
19.3 Restart	255
Diagnostic	257
20.1 General Diagnostic	257
20.2 DSL Line Diagnostic	257
Troubleshooting	259
21.1 Power, Hardware Connections, and LEDs	259
21.2 ZyXEL Device Access and Login	260
21.3 Internet Access	261
Appendices and Index	263
Product Specifications and Wall Mounting	265
Wireless LANs	271
Setting up Your Computer’s IP Address	285
IP Addresses and Subnetting	301
Firewall Commands	311
Internal SPTGEN	317
Pop-up Windows, JavaScripts and Java Permissions	333
NetBIOS Filter Commands	339
Triangle Route	341
Legal Information	343
Customer Support	347

Match case Limit results 1 per page

Chapter 7 Wireless LAN

P-660HW-Dx v2 User’s Guide

107

•

In a RADIUS server: this is a server used in businesses more than in homes.

If your AP does not provide a local user database and if you do not have a RADIUS server,

you cannot set up user names and passwords for your users.

Unauthorized devices can still see the information that is sent in the wireless network, even if

they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless

users to get a valid user name and password. Then, they can use that user name and password

to use the wireless network.

Local user databases also have an additional limitation that is explained in the next section.

7.2.4

Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless

network. Encryption is like a secret code. If you do not know the secret code, you cannot

understand the message.

The types of encryption you can choose depend on the type of user authentication. (See

Section 7.2.3 on page 106

for information about this.)

For example, if the wireless network has a RADIUS server, you can choose

WPA

WPA2

If users do not log in to the wireless network, you can choose no encryption,

Static WEP

WPA-PSK

, or

WPA2-PSK

Usually, you should set up the strongest encryption that every wireless client in the wireless

network supports. For example, suppose the AP does not have a local user database, and you

do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless

network has two wireless clients. Device A only supports WEP, and device B supports WEP

and WPA. Therefore, you should set up

Static WEP

in the wireless network.

It is recommended that wireless networks use WPA-PSK, WPA, or stronger

encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is

still possible for unauthorized devices to figure out the original information

pretty quickly.

It is not possible to use

WPA-PSK

WPA

or stronger encryption with a local

user database. In this case, it is better to set up stronger encryption with no

authentication than to set up weaker encryption with the local user database.

Table 31

Types of Encryption for Each Type of Authentication

NO AUTHENTICATION

RADIUS SERVER

Weakest

No Security

WPA

Static WEP

WPA-PSK

Strongest

WPA2-PSK

WPA2