Microsoft KB Archive/823257

= Increase Security on Your MN-500 Wireless Base Station =

Article ID: 823257

Article Last Modified on 7/28/2003

-

APPLIES TO


 * Microsoft Broadband Networking Wireless Base Station MN-700

-





SUMMARY
Microsoft Broadband Networking hardware provides technology to help you improve the security of your wireless network. To benefit from these technologies, you must configure them.



MORE INFORMATION
The following are procedures that you can use to help provide increased security on your wireless network. Each procedure can help to provide an increased layer of security and help to protect against a malicious user who may try to access your network by using wireless technology. These procedures can be implemented individually; you can use some or all of them.

Method 1: Enable Wireless Security (WEP)
To enable wireless security (also known as Wired Equivalent Privacy, or WEP) for your MN-500 base station, follow these steps:
 * 1) Open the Base Station Management Tool, and then click Security.
 * 2) On the Security menu, click Wireless Security.
 * 3) Click Enable wireless security.
 * 4) In the Encryption strength drop-down list, click 128-bit or leave the default setting of 64-bit.
 * 5) If you select 128-bit encryption, in the first Key box, type a wireless security (WEP) key.

If you select 64-bit encryption, you can type up to four WEP keys in the Key boxes.
 * 1) If you selected 64-bit encryption, in the Key index drop-down list, click a key index.

The key index number indicates the WEP key that will be activated on the network. (There are four WEP keys.)
 * 1) To save the wireless encryption, click Apply.
 * 2) Update the WEP keys that are stored on each wireless device on your network.

Method 2: Media Access Control (MAC) Filter
When you deny unspecified clients permission to connect to the base station, only the clients who you specifically grant permission to in the MAC Address table can connect to the base station and use your network resources. This is a good option if you want to enforce the highest security level on your network because it helps to prevent unknown wireless clients from being able to join your network.

However, you must make sure to not prevent your own computer from connecting to the base station. If you deny unspecified MAC addresses from connecting, make sure that you type the MAC address of each of your network adapters in the MAC Address table, and then click to select the Allow connection check box.

If you do block your own access to the base station, you must restore the factory default settings by using the Reset button on the physical device, and then reconfigure the base station.

To deny unspecified clients connection permission, follow these steps:
 * 1) Open the Base Station Management Tool, and then click Security.
 * 2) On the Security menu, click MAC Filtering.
 * 3) Click to select the Enable connection control check box.
 * 4) If you do not want unspecified clients to connect to the base station, in the drop-down list, click Deny.

In this scenario, any client whose MAC address is not listed in the MAC Address table and granted permission to connect will not be able to connect to the base station or access the Internet.
 * 1) If you clicked Deny in step 4, in the MAC Address table, specify the MAC address of any clients who you want to be able to connect to the base station, and then click to select the Allow Connection check box.
 * 2) To save your changes, click Apply.

To allow specified clients connection permission, follow these steps:
 * 1) Open the Base Station Management Tool, and then click Security.
 * 2) On the Security menu, click MAC Filtering.
 * 3) In the MAC Address table, specify the MAC address of the client who you want to grant connection permission to, and then click to select the Allow Connection check box.
 * 4) Repeat this step for any additional clients for whom you want to grant connection permission.
 * 5) Make sure that you include the MAC address of your adapter in the MAC address table so that you can access the network.
 * 6) To save your changes, click Apply.

Note Only grant connection permission to specific clients if you have enabled connection control and denied connection permission to all unspecified clients. If you have not denied connection permission to unspecified clients, any client that has the correct wireless security (WEP) information or wired connection can connect to the base station and access network resources.

Method 3: Limit Domain Host Connection Protocol (DHCP) Clients to the Actual Number of Clients
You can limit the number of DHCP addresses that your base station uses to the number of actual computers on your network. If all available DHCP addresses are being used by the computers on your network, no DHCP addresses are available to an unwanted user. To limit the Internet Protocol (IP) addresses that are available to the DHCP server, follow these steps:
 * 1) Open the Base Station Management Tool, and then click Local Area Network.
 * 2) Click to select the Enabled check box (if it is not already selected) to enable the DHCP server on the base station.
 * 3) Type a starting IP address and an ending IP address for the pool. Do not include the base station IP address in the IP address pool.

For example, if you are using the default base station IP address (192.168.2.1), and you have five computers on your network, type an address range of 192.168.2.2 through 192.168.2.6.
 * 1) Select a lease time for the assigned IP addresses.

The default time is two hours.
 * 1) Type a local domain name, if your Internet service provider (ISP) provided one for you.
 * 2) To save the new IP address range, click Apply.

Method 4: Change the Wireless Channel
To set wireless channel for base station, follow these steps:
 * 1) Open the Base Station Management Tool, and then click Wireless.
 * 2) Click to select the Enable wireless access check box if it is not already selected.
 * 3) Click to the channel number that you want in the Wireless channel number drop-down list.
 * 4) To save the new wireless channel setting, click Apply.

Keywords: kbinfo kbhardware KB823257

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.