After you have all your approved clients attached to your router, simply click and integrate them each into the MAC address database. To make things easier
430 Part IV Linking Your Network Devices
(they think) the vendors often hide the name MAC address. In Figure 16-9 they call this the Wireless Card Access List of which you see the setup screen. The old way was more trouble, believe me. Let me show you why you will greatly appreciate the new way to capture MAC addresses. The Linksys WRV54G provides room for 20 MAC addresses, as you can see in Figure 16-10. Each 00 of the six in each space must be replaced with a hexadecimal (that again, unfortunately) number corresponding to one of your network clients or devices.
Figure 16-10: A list page for allowable MAC addresses.
Linksys calls this the Wireless Network Access page rather than Wireless Card Access List in the Netgear router. But it s all the same thing, and both con guration screens talk about what a MAC address is in their right-side help screens. Don t let me leave you with the idea that it is horribly dif cult to con gure the MAC addresses for the Linksys. You can t see in the screenshot, but at the bottom of the 20 entry spaces there is an active Select MAC Address For Networked Computers button. Click that and a window opens showing the connected systems known to the router. All you have to do is click the Select check box and the Linksys integrates the MAC addresses as easily as the Netgear. MAC address authentication does a great job of restricting network access to only the network clients and other devices you con gure. As you may guess, this
16 Wireless Security in Depth
can become a pain for large networks. But small networks with stable client populations (you aren t adding and subtracting stations all the time) nd this an excellent security control. Technically, this is only an authentication control, not a complete security option. You need to nd an option you re comfortable using that includes authentication and encryption. Although this is another good layer of security, you still need to put passwords on your network resources just in case someone gets access to your network through some other avenue.
Virtual Private Network Connections
VPN is another lovely three letter acronym, but one that s fairly self-explanatory. Virtual signi es something that isn t real, but acts like it is. A Private Network keeps your data traf c safe because no one else can see it. Thus a Virtual Private Network provides a way for you and your data to feel like it s running through a data tunnel built especially for you, even though the traf c goes over the Internet with all the other billions and billions of bytes ying around. VPNs can be worth an entire book themselves (several, actually), but I don t have that much space left. So let me show you one quick way to connect a VPN over my wireless network. Does it make sense to go to the trouble of con guring a VPN for use within your own of ce If you want complete wireless connection security, it does. In my case, I want a VPN to one of my server appliances to use as a le server. So I created a VPN to go over the wireless link between the ZyXel USB wireless network adapter and the Netgear WGT624 Wireless Firewall Router to the Tritton ASAP 120GB Network Attached Storage unit. The important part is getting access to the remote network by linking to the VPN device on the far end. After you make that connection, your computer thinks it s on that network. Windows XP clients have all you need for the client side of the VPN. Here s the process for enabling VPNs for the client: 1. Open Network Connections (Start My Network Places View Network Connections). 2. Under Network Tasks (the left-side menu) click Create A New Connection; then click Next. 3. Click Connect To The Network At My Workplace; then click Next. 4. Click Virtual Private Network Connection; then click Next. 5. Provide the Connection Name for future reference. 6. Provide the VPN Server Selection (server name or IP address). 7. Click Finish to create an icon for this VPN connection.
