Wireless security, Port forwarding, Virtual private networks – Motorola SURFBOARD SVG2500 User Manual

1 OVERVIEW

17

Wireless Security

Because WLAN data is transmitted using radio signals, it may be possible for an
unauthorized person to access your WLAN unless you prevent them from doing so.
To prevent unauthorized eavesdropping of data transmitted over your LAN, you must
enable wireless security. The default SVG2500 settings neither provide security for
transmitted data nor protect network data from unauthorized intrusions

.

The SVG2500 provides the following wireless security measures, which are
described in

Section 9, SVG2500 Wireless Pages.

To prevent unauthorized eavesdropping, you must encrypt data transmitted over the
wireless interface using one of the following:

• If all of your wireless clients support Wi-Fi Protected Access (WPA) encryption,

Motorola recommends using WPA. Otherwise, configure a Wired Equivalency
Privacy (WEP) key on the SVG2500 and each WLAN client.

• To protect LAN data from unauthorized intrusions, you can restrict WLAN access

to computers having one or both of:

•

Known MAC addresses

•

The same unique network name (SSID) as the SVG2500

Restricting access to computers having the same network name is also called
“disabling SSID broadcasting” or “enabling closed network operation.”

Port Forwarding

The SVG2500 opens logical data ports when a computer on its LAN sends data,
such as e-mail messages or web data, to the Internet. A logical data port is different
from a physical port, such as an Ethernet port. Data from a protocol must go through
certain data ports.

Some applications, such as games and video conferencing, require multiple data
ports. If you enable NAT, this can cause problems because NAT assumes that data
sent through one port will return to the same port. You may need to configure port
forwarding to run applications with special requirements.

To configure port forwarding, you must specify an inbound (source) port or range of
ports. The inbound port opens only when data is sent to the inbound port and closes
again after a specified time elapses with no data sent to it. You can configure up to
32 port forwarding entries using the Advanced Port Forwarding Page.

Virtual Private Networks

The SVG2500 supports multiple

tunnel

VPN

pass-through

operation to securely

connect remote computers over the Internet. The SVG2500:

• Is compatible with Point to Point Tunneling Protocol

(PPTP)

and Layer 2 Tunneling

Protocol

(L2TP)

• Is fully interoperable with any

IPSec

client or gateway and

ANX

certified IPSec

stacks