Fortinet 50A/50B Wireless Security, Wireless Equivalent Privacy WEP, Wi-Fi Protected Access WPA

Page 60

Wireless Security

Using a wireless network

Wireless Security

Radio waves transmitted between a wireless device and access points provide the weakest link between the wireless device and network servers. Wireless networking can be risky because information travels on radio waves, which is a public medium. The 802.11 standard includes security options to stop your information from being intercepted by unwanted sources. These are Wireless Equivalent Privacy (WEP) and WiFi Protected Access (WPA) encryption. Wireless encryption is only used between the wireless device and the AP. The AP decrypts the data before sending it along the wired network. The FortiWiFi-50B supports both encryption methods.

Wireless Equivalent Privacy (WEP)

WEP security uses an encryption key between the wireless device and the AP. For WEP security, the wireless device and AP must use the same encryption key, and is manually typed by the wireless user and administrator. When activated, the wireless device encrypts the data with the encryption key for each frame using RSA RC4 ciphers.

There has been criticism of WEP security. WEP keys are static. They must be changed manually and frequently on both the wireless device and the APs. On a small company or network with a few users and APs, this is not a big issue. However, the more users and APs, changing WEP keys regularly can become an administrative headache and potentially error prone. Consequently, keys are rarely changed over months or years, leaving a hacker plenty of time to get the key and gain access to the network.

In small wireless networking environments, activating WEP security will significantly minimize outside infiltrators from getting in your network and is better than no security at all. However, it is still very important that you regularly change the WEP key, at least weekly; or monthly at most.

Wi-Fi Protected Access (WPA)

WPA was developed to replace the WEP standard and provide a higher level of data protection for wireless networks. WPA provides two methods of authentication; through 802.1X authentication or pre-shared keys.

802.1X authenticates users through an EAP authentication server such as a RADIUS server authenticates each user before they can connect to the network. The encryption keys can be changed at varying intervals to minimize the opportunity for hackers to crack the key being used.

In a network setup where a RADIUS server is not a viable option, WPA also provides authentication with preshared keys using Temporal Key Integrity Protocol (TKIP). Using TKIP, the encryption key is continuously re-keyed while the user is connected to the wireless network. This creates a unique key on every data packet. To further ensure data integrity, a Message Integrity Code (MIC also known as Michael) is incorporated into each packet. It uses an 8 byte message integrity code that is encrypted using the MAC addresses and data from each frame to provide a more secure packet transmission.

WPA provides a more robust security between the wireless device and the access point. The FortiWiFi-50B device supports both WPA methods.

60

FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide

01-30004-0265-20070831

Image 60
Contents Install G U I D E Trademarks Regulatory complianceContents Factory defaults Configuring the FortiGate unitConfiguring the modem interface Using a wireless networkFortiGate Firmware Index Reverting to a previous firmware versionFortiUSB key Introduction About the FortiGate unitFortiGate-50A FortiWiFi-50B FortiGate-50BFortiGate-100 Register your FortiGate unitFortiGuard Subscription Services Fortinet Family ProductsFortiClient FortiMailAbout this document FortiAnalyzerFortiReporter FortiBridgeDocument conventions Typographic conventionsFortinet documentation Customer service and technical support Fortinet Tools and Documentation CDFortinet Knowledge Center Comments on Fortinet technical documentationCustomer service and technical support Installing the FortiGate unit Package ContentsTechnical Specifications Dimensions WeightPower Requirements SpecificationsFortiWiFi-50B package contents FortiGate-100 package contents Front BackPowering on the FortiGate unit To power on the FortiGate unitMounting Power over Ethernet Powering off the FortiGate unit Connecting to the FortiGate unitCommand line interface Connecting to the web-based managerFortiGate login To connect to the web-based managerConnecting to the CLI To connect to the CLIBits per second 9600 Data bits Parity Stop bits Flow controlQuick installation using factory defaults Quick configuration using default settingsGo to System Network Options Quick installation using factory defaults Factory defaults Factory default Dhcp server configuration Factory default NAT/Route mode network configurationFactory default Transparent mode network configuration Factory default firewall configurationAdministrative access Management IPFactory default protection profiles Restoring the default settings Restoring the default settings using the web-based managerRestoring the default settings using the CLI To reset the default settings Go to System StatusRestoring the default settings Configuring the FortiGate unit Planning the FortiGate configurationNAT/Route mode NAT/Route mode with multiple external network connections Internet RouterTransparent mode NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route modeNAT/Route mode settings Go to System Network InterfaceDhcp or PPPoE configuration Using the web-based managerConfiguring basic settings Adding a default route To configure interfaces Go to System Network InterfaceTo add a default route Go to Router Static Verifying the web-based manager configuration Using the command line interfaceConfiguring the FortiGate unit to operate in NAT/Route mode Verify the connectionTo configure DNS server settings ExampleTo set the external interface to use DHCP, enter To set the external interface to use PPPoE, enterTo add a default route Connecting the FortiGate unit to the networks Configuring the networksTo connect the FortiGate unit Transparent mode installation Preparing to configure Transparent modeTransparent mode settings Administrator Password DNS SettingsTo change to Transparent mode using the CLI To verify the DNS server settingsReconnecting to the web-based manager Connecting the FortiGate unit to your networkTo connect the FortiGate unit running in Transparent mode Next steps Set the date and timeUpdating antivirus and IPS signatures Scheduling antivirus and IPS updates To update IPS signatures using the CLITo enable schedule updates from the CLI Updating the IPS signatures from the CLITo add an override server using the CLI Adding an override serverNext steps Configuring the modem interface Connecting a modem to the FortiGate-50ASelecting a modem mode Redundant mode configurationStand alone mode configuration Configuring the modem for the FortiGate-50A Mode must be standalone Interface nameCLI commands for the FortiGate-50A Phone-numberAdding a Ping Server Dead gateway detectionAdding firewall policies for modem connections Using a wireless network Setting up a wireless networkPositioning an Access Point Radio Frequency interfaceUsing multiple access points Using multiple APs to provide a constant strong signalWireless Security Wireless Equivalent Privacy WEPWi-Fi Protected Access WPA FortiWiFi-50B operation modes Service Set IdentifierAccess Point mode Additional security measuresClient mode FortiWiFi in Access Point modeSetting up the FortiWiFi-50B as an Access Point Changing the operating modeSet the Dhcp settings Configure the firewall policies To set the data security Go to System Wireless SettingsSet the security options Upgrading the firmware using the web-based manager To upgrade the firmware using the web-based managerFortiGate Firmware Upgrading to a new firmware versionUpgrading the firmware using the CLI To upgrade the firmware using the CLIFor information, see the FortiGate Administration Guide Reverting to a previous firmware versionReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLIExecute ping To install firmware from a system reboot Press Any Key To Download Boot Image Restoring the previous configuration Backup and Restore from the FortiUSB key To backup configuration using the CLIFortiUSB key Using the USB Auto-Install feature To restore configuration using the CLITo configure the USB Auto-Install using the CLI Testing a new firmware image before installing it Additional CLI commands for the FortiUSB keyTo test a new firmware image Testing a new firmware image before installing it Installing and using a backup firmware image Installing a backup firmware imageTo install a backup firmware image Press any key to enter configuration menuEnter File Name image.out Installing and using a backup firmware image Index CLIWall mounting Web-based manager, connecting
Related manuals
Manual 272 pages 22.37 Kb