Wireless Security Configuration

:!: Wireless LAN is always a security risk! Regardless how much security and encryption you use, anyone can still eavesdrop on your data traffic, even from a distance!

There are several ways WLAN security can be increased. Each of the settings must be carried out on both the Internet Gate and all the other wireless equipment in the WLAN.

Network Name (Service Set Identifier, SSID)

All wireless clients on the same WLAN must use the same SSID to be able to connect. Change the SSID to something else. (The SSID should be something hard to associate, thus e.g. company names are not recommended).

Security – Enable Encryption

You are strongly recommended to enable encryption!

Encryption (WEP)

Wired Equivalent Privacy (WEP) encrypts all data transferred between wireless devices. The encryption key can be 64 or 128 bits long.

You can enter 10 or 26 hexadecimal digits into each of the “Key” fields to specify a 64 or 128 bits long encryption key. The same key must be entered into all other wireless equipment too on the WLAN. (Some older WLAN equipment does not support 128-bit key length. In that case please specify only 10 digits resulting in a 64-bit key.)

Enter at least one security key. For even more increased security you should enter multiple keys, and change between them with regular intervals. The key should be something hard to associate, thus e.g. company telephone numbers are not recommended. Just enter 10 or 26 random digits (or letters A-F) into the fields.

:!: Even though Windows computers allow use of alphanumerical characters as WEP PSK they convert them to a hexadecimal key used. You must then enter that key into your Internet Gate, not the alphanumerical string. To avoid compability problems always use 10 or 26 hexadecimal digits, not alphanumerical strings.

Authentication Type

Shared Key is recommended. Using shared key each new wireless client has to be authenticated before gaining access to the wireless network. (Unfortunately even shared key has a security breach, as the authentication process can easily be eavesdropped and the WEP keys exposed.)

Encryption (WPA-PSK )

As a number of weaknesses in previous encryption methods like WEP has been reported, WPA (WiFi Protected Access) was introduced. Enter a passphrase on between 8 and 63 characters in WPA-PSK Passphrase and on all the other wireless equipment in the WLAN.

Closed System

Enable Closed System as it will prevent wireless clients without SSID to connect, and makes it more difficult to obtain the Internet Gate SSID.

WLAN – LAN Traffic

The Internet Gate places your WLAN and LAN on two different subnets, making your LAN machines hidden, but still accessible from WLAN.

If you want to fully isolate WLAN, so machines on it can reach the Internet but cannot reach your LAN, set the AIR interface to “isolated” on the Network page.

Open access

If you do want to open up your wireless network for everyone (not recommended), then do the following: set SSID to “public”, set Security to “Disabled”, and disable “Closed System” and “Access Control”.

Café Mode

In café mode the wireless clients can´t see or communicate with each other.

:!: Opening up your wireless network is an extreme security risk! Your network – even PCs on your Ethernet connection – becomes extremely vulnerable for attacks!

wireless/wireless_security_configuration.txt · Last modified: 2010/11/02 14:23 by tibor
CC Attribution-Noncommercial-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0