Fortinet ORTIWIFI-60A /AM manual Wi-Fi Protected Access WPA, Additional security measures

Page 60

Wireless Security

Using a wireless network

There has been criticism of WEP security. WEP keys are static. They must be changed manually and frequently on both the wireless device and the APs. On a small company or network with a few users and APs, this is not a big issue. However, the more users and APs, changing WEP keys regularly can become an administrative headache and potentially error prone. Consequently, keys are rarely changed over months or years, leaving a hacker plenty of time to get the key and gain access to the network.

In small wireless networking environments, activating WEP security will significantly minimize outside infiltrators from getting in your network and is better than no security at all. However, it is still very important that you regularly change the WEP key, at least weekly; or monthly at most.

Wi-Fi Protected Access (WPA)

WPA was developed to replace the WEP standard and provide a higher level of data protection for wireless networks. WPA provides two methods of authentication; through 802.1X authentication or pre-shared keys.

802.1X authenticates users through an EAP authentication server such as a RADIUS server authenticates each user before they can connect to the network. The encryption keys can be changed at varying intervals to minimize the opportunity for hackers to crack the key being used.

In a network setup where a RADIUS server is not a viable option, WPA also provides authentication with preshared keys using Temporal Key Integrity Protocol (TKIP). Using TKIP, the encryption key is continuously re-keyed while the user is connected to the wireless network. This creates a unique key on every data packet. To further ensure data integrity, a Message Integrity Code (MIC also known as Michael) is incorporated into each packet. It uses an 8 byte message integrity code that is encrypted using the MAC addresses and data from each frame to provide a more secure packet transmission.

WPA provides a more robust security between the wireless device and the access point. The FortiWiFi unit supports both WPA methods.

Additional security measures

The FortiWiFi unit includes other security measures you can use to block unwanted users from accessing your wireless network. By setting a few extra options, you can be assured your network and its information is secure.

MAC address filtering

To improve the security of your wireless network, consider enabling MAC address filtering on the FortiWiFi unit. By enabling this feature, you define the wireless devices that can access the network based on their system MAC address. When a user attempts to access the wireless network, the FortiWiFi unit checks the MAC address of the user to the list you created. If the MAC address is on the approved list, the user gains access to the network. If the user is not in the list, the user is rejected. Using MAC address filtering makes it more difficult for a hacker using random MAC addresses or spoofing a MAC address to gain access to your network.

60

FortiWiFi-60A/AM FortiOS 3.0 MR4 Install Guide

01-30004-0283-20070215

Page 59 Page 61
Image 60
Page 59 Page 61
Contents Install G U I D E Trademarks Regulatory complianceContents Configuring the FortiWiFi Configuring the modem interfaceUsing a wireless network FortiWiFi FirmwareIndex Page About the FortiWiFi unit FortiWiFi-60A/AMRegister your FortiWiFi unit FortiGuard Subscription ServicesFortinet Family Products FortiClientFortiMail FortiAnalyzerFortiReporter FortiBridgeAbout this document Document conventionsTypographic conventions Addressipv4FortiGate Install Guide Fortinet documentationCustomer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation Customer service and technical support Installing the FortiWiFi unit Package ContentsPowering on the FortiWiFi unit To power on the FortiWiFi unitSpecifications MountingConnecting to the FortiWiFi unit Powering off the FortiWiFi unitCommand line interface To power off the FortiWiFi unitConnecting to the web-based manager To connect to the web-based managerConnecting to the CLI System DashboardQuick installation using factory defaults To connect to the CLIWelcome Bits per second 9600 Data bits ParityGo to System Network Options Quick installation using factory defaults Factory defaults Factory default Dhcp server configuration Factory default NAT/Route mode network configurationFactory default Transparent mode network configuration Factory default firewall configurationFactory default protection profiles Restoring the default settings Restoring the default settings using the web-based managerRestoring the default settings using the CLI To reset the default settings Go to System StatusRestoring the default settings Planning the FortiWiFi configuration NAT/Route modeNAT/Route mode with multiple external network connections Example NAT/Route mode network configurationTransparent mode Example NAT/Route multiple internet connectionNAT/Route mode installation Preparing to configure the FortiWiFi unit in NAT/Route modeDhcp or PPPoE configuration Using the web-based managerNAT/Route mode settings Administrator Password Internal PPPoE setting User name PasswordConfiguring basic settings To configure interfaces Go to System Network InterfaceAdding a default route Verifying the web-based manager configurationUsing the command line interface Configuring the FortiWiFi unit to operate in NAT/Route modeTo add/change the administrator password To configure interfacesExample To set the WAN1 interface to use DHCP, enterTo configure DNS server settings To add a default routeTo set the WAN1 interface to use PPPoE, enter Get system interfaceConnecting the FortiWiFi unit to the networks To connect the FortiWiFi unitConfiguring the networks NAT/Route mode connectionsTransparent mode installation Preparing to configure Transparent modeTransparent mode settings Administrator Password DNS SettingsTo change to Transparent mode using the CLI To verify the DNS server settingsReconnecting to the web-based manager Connecting the FortiWiFi unit to your networkTo connect the FortiWiFi unit running in Transparent mode Next steps Set the date and timeUpdating antivirus and IPS signatures Scheduling antivirus and IPS updates To update IPS signatures using the CLIUpdating the IPS signatures from the CLI EveryTo enable schedule updates from the CLI Adding an override serverDaily WeeklyTo add an override server using the CLI Config system autoupdate override set address Set status EndNext steps Configuring the modem interface Selecting a modem mode Redundant mode configurationStand alone mode configuration To configure the FortiWiFi-60A using the CLIEnter the following to configure the dialup account Configuring modem settings Connecting and disconnecting the modem in Stand alone mode To configure modem settings Go to System Network ModemTo connect to a dial-up account Go to System Network Modem To disconnect the modemConfiguring the modem using the CLI Keywords and variables Description DefaultPeermodem1 Adding a Ping Server Adding firewall policies for modem connectionsDead gateway detection Setting up a wireless network FortiWiFi unit as an Access PointPositioning an Access Point Using multiple access pointsRadio Frequency interface Wireless Security Wireless Equivalent Privacy WEPWi-Fi Protected Access WPA Additional security measuresMAC address filtering FortiWiFi operation modes Service Set IdentifierAccess Point mode To disable Ssid Go to System Wireless SettingsSetting up the FortiWiFi unit as an Access Point Client modeChanging the operating mode Set the Dhcp settings To set the data security Go to System Wireless SettingsSet the security options Configure the firewall policies Upgrading the firmware using the web-based manager To upgrade the firmware using the web-based managerUpgrading to a new firmware version Upgrading the firmware using the CLI To upgrade the firmware using the CLIExecute restore image Tftp namestr tftpipv4 Execute restore image image.outExecute update-now Reverting to a previous firmware versionReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLIExecute restore image Tftp image.out To install firmware from a system reboot Press Any Key To Download Boot Image Press any key to display configuration menuEnter Tftp Server Address Enter Local AddressRestoring the previous configuration Save as Default firmware/Run image without savingD/RFortiUSB key Do You Want To Save The Image? y/nBackup and Restore from the FortiUSB key To backup configuration using the CLITo restore configuration using the CLI Using the USB Auto-Install feature To configure the USB Auto-Install using the CLITesting a new firmware image before installing it Additional CLI Commands for the FortiUSB keyTo test a new firmware image Testing a new firmware image before installing it Type n FortiWiFi unit running v3.x Bios Testing a new firmware image before installing it Index Numerics01-30004-0283-20070215
Top Page Image Contents