Choosing Authentication and Security Encryption Methods - NETGEAR FVM318 说明书|使用手册

    whichever security encryption settings you choose for the fvm318 will be enforced for all wireless connections. for example, if you choose ipsec, then the only wireless connections allowed will be those established according to the vpn tunnel settings you specify.

    automatic authentication scheme selection

    the fvm318 automatically selects the wireless appropriate authentication scheme based on the encryption strength you choose.

    1 for wep encryption, the fvm318 will enforce the shared key wireless authentication scheme.

    2 for ipsec, the fvm318 will enforce the ipsec pre-shared key authentication scheme.

    3 for disable, the fvm318 will use the open system authentication scheme.

    if your wireless adapter requires you to configure an authentication scheme, set it accordingly. please refer to “authentication and wep encryption” on page b-13 for a full explanation of each of these options, as defined by the ieee 802.11b wireless communication standard.

    encryption strength choices

    choose the encryption strength from the drop-down list.

    disable

    no encryption will be applied. this setting is useful for troubleshooting your wireless connection, but leaves your wireless data fully exposed.

    ipsec

    selecting ipsec displays the ipsec connection list. click add to configure a new ipsec connection. to edit an existing connection, click the radio button next to the connection on the list, then click edit. the ipsec settings screens are shown below.

    1 choose aggressive or main mode. aggressive mode is the default. aggressive mode is required when you use the safenet softremote basic vpn client for windows which is included on the fvm318 resource cd.

    2 select the encryption protocol.

    des is the least strong and aes - 256 is the strongest. aes - 256 is the default. the safenet softremote basic vpn client for windows requires either 3des or aes - 256.

    1 des - the data encryption standard (des) processes input data that is 64 bits wide, encrypting these values using a 56 bit key. faster but less secure than 3des or aes.

    2 3des - (triple des) achieves a higher level of security by encrypting the data three times using des with three different, unrelated keys.

    3 aes - 128, - 192, or - 256. most secure. advanced encryption standard, a symmetric 128-bit block data encryption technique. it is an iterated block cipher with a variable block length and a variable key length. the block length and the key length can be independently specified to 128, 192 or 256 bits.the u.s government adopted the algorithm as its encryption technique in october 2000, replacing the des encryption it used. aes works at multiple network layers simultaneously.

    once you have filled in the fvm318 settings, configure the wireless client accordingly.

    64 or 128 bit wep

    when 64 bit wep or 128 bit wep is selected, wep encryption will be applied.

wep provides some degree of privacy, but can be defeated without great difficulty. if wep is enabled, you can manually or automatically program the four data encryption keys. these values must be identical on all pcs and access points in your network.

    please refer to “overview of wep parameters” on page b-16 for a full explanation of each of these options, as defined by the ieee 802.11b wireless communication standard.

    there are two methods for creating wep encryption keys:

    1 passphrase. enter a word or group of printable characters in the passphrase box and click the generate button.

    2 manual. 64-bit wep: enter 10 hexadecimal digits (any combination of 0-9, a-f, or a-f). 128-bit wep: enter 26 hexadecimal digits (any combination of 0-9, a-f, or a-f).

    clicking the radio button selects which of the four keys will be active.

    procedure 3-1: set up and test basic wireless connectivity

    follow the instructions below to set up and test basic wireless connectivity. once you have established basic wireless connectivity, you can enable security settings appropriate to your needs.

    1.log in to the fvm318 firewall at its default lan address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever lan address and password you have set up.

    2.click the wireless settings link in the main menu of the fvm318 firewall.

    3.choose a suitable descriptive name for the wireless network name (ssid). in the ssid box, enter a value of up to 32 alphanumeric characters. the default ssid is wireless.

    wireless access point devices like the fvm318 broadcast the ssid and any other wireless node in the same area can receive this ssid. this is not a security feature. it is simply the name of the wireless network. in a setting where there is more than one wireless network, different wireless network names provide a means for separating the traffic. any device you want to participate in this wireless network will need to use this ssid.

    the ssid of any wireless access adapters must match the ssid you configure in the fvm318 cable/dsl prosafe wireless vpn security firewall. if they do not match, you will not get a wireless connection to the fvm318.

    4.set the region. select the region in which the wireless interface will operate.

    5.set the channel. the default channel is 6.

    this field determines which operating frequency will be used. it should not be necessary to change the wireless channel unless you notice interference problems with another nearby wireless router or access point. select a channel that is not being used by any other wireless networks within several hundred feet of your firewall. for more information on the wireless channel frequencies please refer to “wireless channel selection” on page b-18.

    6.for initial configuration and test, leave the wireless card access list set to “everyone” and the encryption strength set to “disabled.”

    7.click apply to save your changes.

    if you are configuring the firewall from a wireless pc and you change the firewall’s ssid, channel, or security settings, you will lose your wireless connection when you click on apply. you must then change the wireless settings of your pc to match the firewall’s new settings.

    8.configure and test your pcs for wireless connectivity.

    program the wireless adapter of your pcs to have the same ssid and channel that you configured in the router. check that they have a wireless link and are able to obtain an ip address by dhcp from the firewall.

    once your pcs have basic wireless connectivity to the firewall, then you can configure the advanced wireless security functions of the firewall.

    procedure 3-2: restrict wireless access by mac address

    to restrict access based on mac addresses, follow these steps:

    1.log in to the fvm318 firewall at its default lan address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever lan address and password you have set up.

    2.click the wireless settings link in the main menu of the fvm318 firewall.

    3.from the wireless settings menu, click the trusted pcs button to display the wireless access menu shown below.

    4.enter the mac address of the authorized pc. enter a descriptive name for the pc in the device name field. the mac address is usually printed on the wireless card, or it may appear in the firewall’s “attached devices” dhcp table.

    you can copy and paste the mac addresses from the firewall’s attached devices menu into the mac address box of this menu. to do this, configure each wireless pc to obtain a wireless link to the firewall. the pc should then appear in the attached devices menu.

    5.click add to save your entry.

    6.click back to return to the wireless settings menu

    7.be sure that the trusted pcs only radio button is selected, then click apply.

    to edit a mac address from the table, click on it to select it, then click the edit or delete button.

    when configuring the firewall from a wireless pc whose mac address is not in the trusted pc list, if you select trusted pcs only, you will lose your wireless connection when you click on apply. you must then access the firewall from a wired pc to make any further changes.

    procedure 3-3: configure wep

    to configure wep data encryption, follow these steps:

    1.log in to the fvm318 firewall at its default lan address of http://192.168.0.1 with its default user name of admin and default password of password, or using whatever lan address and password you have set up.

    2.click the wireless settings link in the main menu of the fvm318 firewall.

    3.from the security encryption menu drop-down list, select the wep encryption type you will use.

    4.you can manually or automatically program the four data encryption keys. these values must be identical on all pcs and access points in your network.

    1 automatic - enter a word or group of printable characters in the passphrase box and click the generate button. the four key boxes will be automatically populated with key values.

    2 manual - enter ten hexadecimal digits (any combination of 0-9, a-f, or a-f) select which of the four keys will be active.

    please refer to “overview of wep parameters” on page b-16 for a full explanation of each of these options, as defined by the ieee 802.11b wireless communication standard.

    5.click apply to save your settings.

    when configuring the firewall from a wireless pc, if you configure wep settings, you will lose your wireless connection when you click on apply. you must then either configure your wireless adapter to match the firewall wep settings or access the firewall from a wired pc to make any further changes.