2 wireless security overview, 1 ssid, 2 mac address filter – ZyXEL Communications P-2302HWUDL-P1 Series User Manual

Page 86: 3 user authentication

background image

Chapter 5 Wireless LAN

P-2302HWUDL-P1 Series User’s Guide

86

• Every device in the same wireless network must use security compatible with the AP.

Security stops unauthorized devices from using the wireless network. It can also protect
the information that is sent in the wireless network.

5.2 Wireless Security Overview

The following sections introduce different types of wireless security you can set up in the
wireless network.

5.2.1 SSID

Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area.
You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID.
In addition, you should change the default SSID to something that is difficult to guess.
This type of security is fairly weak, however, because there are ways for unauthorized wireless
devices to get the SSID. In addition, unauthorized wireless devices can still see the
information that is sent in the wireless network.

5.2.2 MAC Address Filter

Every device that can use a wireless network has a unique identification number, called a
MAC address.

1

A MAC address is usually written using twelve hexadecimal characters

2

; for

example, 00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in
the wireless network, see the device’s User’s Guide or other documentation.
You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or
not allowed to use the wireless network. If a device is allowed to use the wireless network, it
still has to have the correct information (SSID, channel, and security). If a device is not
allowed to use the wireless network, it does not matter if it has the correct information.
This type of security does not protect the information that is sent in the wireless network.
Furthermore, there are ways for unauthorized wireless devices to get the MAC address of an
authorized device. Then, they can use that MAC address to use the wireless network.

5.2.3 User Authentication

You can make every user log in to the wireless network before they can use it. This is called
user authentication. However, every device in the wireless network has to support IEEE
802.1x to do this.
For wireless networks, user names and passwords for each user can be stored in a RADIUS
server.

1.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks.

These kinds of wireless devices might not have MAC addresses.

2.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.