Enhancing Broadband
| All Products | Modems | Routers | Business | Wireless | Forum | News | Contact Us |
 |
 |
 |
 |
All Products Modems Routers Business Wireless ST 110 ST 120 ST 545 ST 570 ST 580 Forum News Press Contact Us |
 |
 |
 |
 |
Speedtouch 580 Wireless Security Setup
Overview
When using a wireless network, either at work or at home, it is recommended, that you setup some form of security on your network. It is possible to run a wireless network without security, but this is only recommended if unauthorised users cannot access the wireless network due to physical limitations. (i.e. if they are not going to be able to get close enough to the ST580 to pick up the wireless signal.)
The ST580 wireless routers have a number of available security and encryption settings. A combination of these can be used to make your wireless network secure reducing the risk of unauthorised access or interception of your personal data.
- Access control
The ST580 can be configured to control the “access mode”, of wireless clients. This feature allows / restricts new wireless clients from the network based on the clients MAC address, and provides a mechanism to control this access via registration.
- Encryption (security mode)
Security of the actual information (data) being transmitted wirelessly can be achieved by using encryption. This feature protects your wireless communication from eavesdroppers. The ST580 has 3 security modes.
-
Level 0 – no encryption
-
Level 1 – WEP encryption
-
Level 2 – WPA encryption
Procedure
The ST580 default wireless settings have no access control method enabled or security settings selected.
Configuration of the wireless security feature is managed through the ST580 WEB MANAGEMENT interface or CLI interface. Which access control and/or security modes you choose to use, is entirely up to you. You can use any of the options described below to secure your network. Some hints and tips for wireless security are at the end of this document.
Wireless Security Setup
| PLEASE NOTE: Care must be taken when modifying wireless security settings while connected wirelessly, as changes may disconnect wireless connection to router. For this reason it is recommended that the connection to the router by via the USB or ETHERNET ports. |
The WLAN LED on the front panel of the ST580, display’s the level of encryption used and level of activity over the wireless connection.
| RED LED | Level 0 – no encryption |
| ORANGE LED | Level 1 – WEP encryption |
| GREEN LED | Level 2 – WPA encryption |
A flashing WLAN LED signifies an active link transferring data.
Access Control List (ACL mode)
1. Access the ST580 web management pages and select wireless from the Basic menu. The first TAB presented is the Access Point Settings
2. The Access Control tab allows you to manage the SpeedTouch 580 Access Control List (ACL). Select “ACL Acess Mode” dropdown and chose method of access allowed.
'New wireless client allowed (automatically)' is selected by default - Any client with the correct wireless settings (Network Name and, if required, Network key) will be automatically associated to the SpeedTouch and will be allowed to send/receive data via the SpeedTouch 580 wireless access point.
'New wireless client allowed (via registration) ' allows authorization of new stations to the access control list through a manual registration process. The registration process can be run through a registration button on the front panel of the SpeedTouch 580, or on the Access Control tab.
'No new station allowed – allows only previously registered stations can use the wireless network, or stations that are manually entered into the access list.
3. Select station name by clicking on the arrow next to the appropriate station. Once the station is selected all three fields will be have a grey background. To change the station name to the PC network name for easy recognition, enter the desired name in the Name field. Select apply to add change.
4. Select NEW to add a new station manually. Select apply to add change.
5. Select SAVE ALL to make all changes permanent
Encryption (security mode)
Three security levels are available for protecting the SpeedTouch network environment.
-
level 0: No security i.e. the data will not be encrypted, no authentication process will be used.
-
level 1: Backwards compatible security with any Wi-Fi certified client(WEP), i.e. encrypting the traffic between the SpeedTouch and the clients by sharing a pre-defined 64-bit or 128-bit Network key.
-
level 2: WPA-PSK is the highest form of security available but make sure that your wireless client and client/manager are compatible with it.
By default the Security mode is set to ‘Security Level 0 – no encryption’ this means that any data transferred wirelessly is completely un-protected.
NOTE: The default WEP & WPA codes for this router are listed on the label affixed to the bottom of the ST580.
1. Access the ST580 web management pages and select wireless from the Basic menu. Select the Security Tab.
2. Security level 1 – WEP’ you will be displayed the WEP encryption properties as below:
WEP encryption uses a special encryption key that must be identical in your PC’s wireless configuration as it is in the router. You will also see this key displayed on the bottom of your router. When set to hexadecimal, you can create your own key with any number from 0-9 and the letters from a-f and A-F.
3. ‘Security level 2 – WPA-PSK (WPA Personal) The WPA properties will be shown as below:
WPA encryption is the newest and most secure encryption standard available for wireless networks. The WPA passphrase is also shown on the bottom of your router, but can be modified in the same way as a WEP key can. The WPA passphrase must also be identical on your PC’s wireless configuration as it is in the router.
General security tips
1. The best security setup you can use is:
- Needing the correct SSID to connect and modifying the network name to a more secure string of numbers and letters. (12 random characters is best)
- Enabling the ‘New stations allowed (via registration)’ access mode, registering the required clients, and then changing the access mode to ‘No new stations allowed’
- Turning on the WPA encryption and modifying the WPA passphrase to not be the same as the one printed on the router.
2. Try and situate the router in the middle of the required broadcast zone. If you have your router by an exterior wall of your premises, there is almost 100m outside from that wall that can pick up your wireless signal. You may discover that your neighbours are using your internet connection!!
3. If you modify your SSID
or encryption keys, call us. We can store these securely in our
database for if you ever forget/loose them.