WNHDE111 Manual: Choosing Appropriate Wireless Security

Unlike wired networks, wireless networks allow anyone with a compatible adapter to receive your wireless data transmissions well beyond your walls. Operating an unsecured wireless network creates an opportunity for outsiders to eavesdrop on your network traffic or to enter your network to access your computers and files. Indoors, computers can connect over 802.11n/a wireless networks at ranges of up to 500 feet. Such distances can allow for others outside your immediate area to access your network. Use the security features of your wireless equipment that are appropriate to your needs.

The time it takes to establish a wireless connection can vary depending on both your security settings and router placement.

Stronger security methods can entail a cost in terms of throughput, latency, battery consumption, and equipment compatibility. In choosing an appropriate security level, you can also consider the effort compared to the reward for a hacker to break into your network. As a minimum, however, NETGEAR recommends using WEP with Shared Key authentication. Do not run an unsecured wireless network unless it is your intention to provide free Internet access for the public.

WEP connections can take slightly longer to establish. Also, WEP, WPA-PSK, and WPA2-PSK encryption can consume more battery power on a notebook computer, and can cause significant performance degradation with a slow computer.

Manually specify your SSID and your wireless security settings. The Wireless-N AccessPoint/Bridge provides two screens for configuring the wireless settings: the basic Wireless Settings screen, which you access under Setup in the main menu, and the Advanced Wireless Settings screen.

Use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement
WPA/WPA2 security on both the router and the client device. If the clients in your network are WPS capable, you can use Wi-Fi Protected Setup (WPS) to automatically set the SSID and implement WPA/WPA2 security on both the bridge and the client device.

Basic security options are listed in order of increasing effectiveness below. For more details on wireless security methods, Wireless Networking Basics.

Table 4-1. Wireless Security Options
Security Type	Description
None.	No wireless security. Recommended only for troubleshooting wireless connectivity. Do not run an unsecured wireless network unless it is your intention to provide free Internet access for the public.
WEP. Wired Equivalent Privacy. For more information, see Configuring WEP Wireless Security.	Wired Equivalent Privacy (WEP) data encryption provides moderate data security. WEP Shared Key authentication and WEP data encryption can be defeated by a determined eavesdropper using publicly available tools.
WPA-PSK (TKIP). WPA2-PSK (AES). WPA-PSK (TKIP) + WPA2-PSK (AES). Mixed mode. For more information, see Configuring WPA Wireless Security.	Wi-Fi Protected Access with Pre-Shared Key (WPA-PSK and WPA2-PSK) data encryption provides extremely strong data security, very effectively blocking eavesdropping. Because WPA and WPA2 are relatively new standards, older wireless adapters and devices might not support them.

Table 4-2. Other Features That Enhance Security
Security Type	Description
Turn off the broadcast of the wireless network name SSID. For more information, see Viewing Advanced Wireless Settings.	If you disable the broadcast of the SSID, only devices that know the correct SSID can connect. This nullifies the wireless network discovery feature of some products such as Windows XP, but your data is still fully exposed to an intruder using available wireless eavesdropping tools.
Restrict access based on MAC address. For more information, see Restricting Wireless Access by MAC Address.	You can restrict access to only trusted computers so that unknown computers cannot wirelessly connect to the Wireless-N AccessPoint/Bridge. MAC address filtering adds an obstacle against unwanted access to your network by the general public, but the data broadcast over the wireless link is fully exposed. This data includes your trusted MAC addresses, which can be read and impersonated by a hacker.
Use the Push 'N' Connect feature (Wi-Fi Protected Setup). For more information, see Using Push 'N' Connect (Wi-Fi Protected Setup).	Wi-Fi Protected Setup provides easy setup by means of a push button. Older wireless adapters and devices might not support this. Check whether devices are WPS enabled.