LANCOM 1811n Wireless – LANCOM 1821n Wireless
Chapter 8: Security settings
78
EN
8.1.4
Access control by MAC address
Every network device has a unique identification number. This identification
number is known as the MAC address (
M
edia
A
ccess
C
ontrol) and it is unique
worldwide.
The MAC address is programmed into the hardware. Wireless LAN devices
from LANCOM Systems display their MAC number on the housing.
Access to an infrastructure network can be limited to certain wireless LAN
devices by defining MAC addresses. The access points have filter lists in (ACL
– access control list) for storing authorized MAC addresses.
8.1.5
IPSec over WLAN
With the help of the IPSec-over-WLAN technology in addition to the security
measures described already, a wireless network for the exchange of especially
sensitive data can be optimally secured. Required for this is a base station
with VPN support and the LANCOM Advanced VPN Client that operates under
Windows 2000, XP and Windows Vista™. Client software from third parties is
available for other operating systems.
8.2
Tips for the proper treatment of keys and passphra-
ses
By observing a few vital rules on the treatment of keys you can significantly
increase the security of encryption techniques.
Keep your keys as secret as possible.
Never write down a key. Popular but completely unsuitable are, for
example: Notebooks, wallets and text files on the computer. Do not pass
on a key unless it is absolutely necessary.
Choose a random key.
Use long random strings that combine letters and numbers (at least 32 to
a maximum of 63 characters). Keys that are normal words are not secure.
If you suspect anything, change the key immediately.
When an employee with access to a key leaves the company, then it is
high time to change the wireless LAN key. Even if there is the slightest sus-
picion of a leak, renew the key.
LEPS avoids the global distribution of passphrases.
Activate LEPS to enable the use of individual passphrases.