Quick Reference Guide

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Wireless Configuration 4-3

v1.0, January 2010

There are several ways you can enhance the security of your wireless network:

• Restrict Access Based on MAC address. You can restrict access to only trusted PCs so that

unknown PCs cannot wirelessly connect to the VPN firewall. MAC address filtering adds an

obstacle against unwanted access to your network, but the data broadcast over the wireless link

is fully exposed.

• Turn Off the Broadcast of the Wireless Network Name (SSID). If you disable broadcast of

the SSID, only devices that have the correct SSID can connect. This nullifies the wireless

network “discovery” feature of some products such as Windows XP, but the data is still fully

exposed to a determined snoop using specialized test equipment like wireless sniffers.

• Use WEP. Wired Equivalent Privacy (WEP) data encryption provides data security. WEP

open authentication and WEP data encryption will block all but the most determined

eavesdropper. This data encryption mode has been superseded by WPA-PSK and WPA2-PSK

• Use WPA, WPA-PSK, WPA2, or WPA2-PSK (with or without RADIUS). Wi-Fi Protected

Access (WPA) data encryption provides data security. The very strong authentication along

with dynamic per frame rekeying of WPA make it virtually impossible to compromise. WPA

functions with TKIP (Temporal Key Integrity Protocol ) or (Advanced Encryption Standard)

encryption, WPA2 functions with AES only, and WPA+WPA2 functions with a combination

of TKIP and AES encryption.

Figure 4-1

Note: WEP and TKIP support only legacy rates of operation. So, AES is the

recommended encryption for use with 11n rates and speed.