Table of ContentsPreviousNextIndexSearch Knowledge Base

Complete PDF manual
PDF of this chapter

Choosing Appropriate Wireless Security

Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive your wireless data transmissions well beyond your walls. Operating an unsecured wireless network creates an opportunity for outsiders to eavesdrop on your network traffic or to enter your network to access your computers and files. Indoors, computers can connect over 802.11g/n wireless networks at ranges of up to 300 feet. Such distances can allow for others outside your immediate area to access your network. Use the security features of your wireless equipment that are appropriate to your needs.

The time it takes to establish a wireless connection can vary depending on both your security settings and router placement.

Stronger security methods can entail a cost in terms of throughput, latency, battery consumption, and equipment compatibility. In choosing an appropriate security level, you can also consider the effort compared to the reward for a hacker to break into your network. As a minimum, however, NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured wireless network unless it is your intention to provide free Internet access for the public.

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK encryption can consume more battery power on a notebook computer, and can cause significant performance degradation with a slow computer.

Note: NETGEAR recommends that you change the administration password of your router. Default passwords are well known, and an intruder can use your administrator access to read or disable your security settings. For information about how to change the administrator password, see Changing the Administrator Password.

Figure 2-1

The WNDR3300 router provides two screens for configuring the wireless settings, the basic Wireless Settings screen, which you access under Setup in the main menu (Changing Basic Wireless Settings), and the advanced Wireless Settings screen, which you access under Advanced (Changing Basic Wireless Settings).

Basic security options are listed in order of increasing effectiveness in Table 2-1.. Other features that affect security are listed in Table 2-2.. For more details on wireless security methods, click the link to the online document Wireless Networking Basics.

Table 2-1. Wireless Security Options 
Security Type
No wireless security. Recommended only for troubleshooting wireless connectivity. Do not run an unsecured wireless network unless it is your intention to provide free Internet access for the public.
WEP. Wired Equivalent Privacy.
Wired Equivalent Privacy (WEP) data encryption provides moderate data security. WEP Shared Key authentication and WEP data encryption can be defeated by a determined eavesdropper using publicly available tools.
For more information, see Configuring WEP Wireless Security.
WPA-PSK (TKIP). WPA-PSK standard encryption with TKIP encryption type.
WPA2-PSK (AES). Wi-Fi Protected Access version 2 with Pre-Shared Key; WPA2-PSK standard encryption with the AES encryption type.
WPA-PSK (TKIP) + WPA2-PSK (AES). Mixed mode.
Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and WPA2-PSK) data encryption provides extremely strong data security, very effectively blocking eavesdropping. Because WPA and WPA2 are relatively new standards, older wireless adapters and devices might not support them.
Table 2-2. Other Features That Enhance Security 
Security Type
Disable the wireless router radio.
If you disable the wireless router radio, wireless devices cannot communicate with the router at all. You might disable this when you are away or when other users of your network all use wired connections.
For more information, see Viewing Advanced Wireless Settings.
Turn off the broadcast of the wireless network name SSID.
If you disable the broadcast of the SSID, only devices that know the correct SSID can connect. This nullifies the wireless network discovery feature of some products such as Windows XP, but your data is still fully exposed to an intruder using available wireless eavesdropping tools.
For more information, see Viewing Advanced Wireless Settings.
Restrict access based on MAC address.
You can restrict access to only trusted computers so that unknown computers cannot wirelessly connect to the WNDR3300 router. MAC address filtering adds an obstacle against unwanted access to your network by the general public, but the data broadcast over the wireless link is fully exposed. This data includes your trusted MAC addresses, which can be read and impersonated by a hacker.
For more information, see Restricting Wireless Access by MAC Address.
Modify your firewall's rules.
By default, the firewall allows any outbound traffic and prohibits any inbound traffic except for responses to your outbound traffic. However, you can modify the firewall's rules.
For more information, see Understanding Your Firewall.
Use WPS (Wi-Fi Protected Setup).
Wi-Fi Protected Setup provides easy setup by means of a push button. Older wireless adapters and devices might not support this. Check whether devices are WPS enabled.
For more information, see Using WPS Security (Wi-Fi Protected Setup).

Table of ContentsPreviousNextIndexSearch Knowledge Base 202-10301-01, February 2008