Manualshelf

User's Manual

ManualsBrandsElectronic Systems Technology ManualsElectronicsESTEEM 195Eg
12345678910
APPENDIX E
SECURITY
Revised: 23 Jan 08 APX E-2 EST P/N AA107G
Using a combination of both the WPA or 128-Bit WEP encryption and the ACL filter provide the ESTeem an extremely secure
wireless networking layer.
DISABLING BROADCAST PROBES AND HIDING SSID
A simple but very effective way of securing a network is to make the network difficult to find. By disabling broadcast probes and
hiding the Service Set Identification (SSID), wireless and network “sniffers” will not be able to find your ESTeem Model 195Eg
network. To gain access to the wireless network, you would be required to have the SSID and all security loaded in the WLAN
card software prior to entering the network.
PROPRIETARY BRIDGE COMMUNICATION
Although the ESTeem Model 195Eg is compatible with the open communication standards IEEE 802.11g and 802.11b, the
repeater communication between the units is a proprietary communication link. No other manufacturer of wireless hardware can
access the ESTeem repeater network when bridging between Ethernet networks. This proprietary communication layer, in
combination with the other security settings, allows you as the user to reject wireless clients into the network if so desired. When
used in conjunction with the Access Control List the 802.11g and 802.11b client access can be removed.
The security level of the bridge communication link is configurable for 64-Bit WEP, 128-Bit WEP or TKIP and is completely
independent of the client access level or any other communication link level. For example, an ESTeem Model 195Eg can be
configured for WPA Enterprise for client level access, communicate to another ESTeem Model 195Eg using a TKIP bridge link
and also communicate 128-Bit WEP to our older ESTeem Model 192E radio modems all running simultaneously.
MASQUERADE MODES
When the ESTeem Model 195Eg is configured in either the Access Point Masquerade or the Client Masquerade modes, the
wireless modem functions as a network firewall. If access to the wired network is the greatest concern, place the ESTeem in the
Masquerade mode and the wireless network will be completely isolated from the wired Ethernet network.
INCREASING NETWORK SECURITY
The following are a few suggestions to help improve the overall security of your wireless network:
1. Enable the security. If you research all of the articles regarding hackers, they have gotten into the user’s network due to the
security not being enabled.
2. Set the ACL filter to include only those MAC address of the wireless Ethernet device being used on the network.
3. Set "Hide SSID" to True. As you take your access point out of the box, broadcast SSID is enabled which means that it will
accept any SSID. By hiding the SSID configured in the client must match the SSID of the access point.
4. Make sure the keys are not reused in your company, since reuse increases the statistical likelihood that someone can figure the
key out and change the default password on your access point or wireless router
5. Change the default SSID of your product. Don't change the SSID to reflect your company's main names, divisions, or products.
It just makes you too easy to target.
6. As a network administrator, you should periodically survey your company using a tool like NetStumbler to see if any "rogue"
access points pop up within your company without authorization. All of your hard work to "harden" your wireless network
could be wasted if a rogue AP was plugged into your network behind the firewall.