Motorola Cellular Gateway NC800 User Guide Version 2.0
Page 11 of 110
DMZ
A de-militarized zone (DMZ) has one or more computers logically located outside the firewall between a
Motorola Cellular Gateway NC800 LAN and the Internet. A DMZ prevents direct access by outside users to
private data. You can use a DMZ to set up a web server without exposing confidential data on your network. A
DMZ is also useful for people playing games that have a problem running a computer game’s protocol through a
firewall. DMZ provides the person playing games a way to expose a single host directly to the Internet and thus
overcome any problems where the firewall rules might cause packets to this computer to be blocked.
Wireless Security
To prevent unauthorized eavesdropping of data transmitted over the wireless LAN, you must enable wireless
security.
802.11b/g supports two subtypes of network authentication services:
Open System and Shared key
. Under
open system authentication, any wireless station can connect to the Motorola Cellular Gateway NC800 provided
that it knows the Service Set Identifier (SSID) of the Motorola Cellular Gateway NC800. If the Motorola Cellular
Gateway NC800 is broadcasting this information, then any wireless client can access the Motorola Cellular
Gateway NC800. Under
Shared Key
authentication the Motorola Cellular Gateway NC800 generates a random
128-bit challenge. The station returns the challenge, encrypted with a shared key—a "secret" key configured
into both the station and the Motorola Cellular Gateway NC800. The Motorola Cellular Gateway NC800 decrypts
the challenge, using a CRC to verify its integrity. If the decrypted frame matches the original challenge, the
station is considered authentic. The challenge/response handshake is repeated in the opposite direction for
mutual authentication.
By default the Motorola Cellular Gateway NC800 is set to open system authentication, which provides no
security for transmitted data.
You can use either the Setup Wizard or the instructions in this guide to enable a
reasonable level of security by configuring a WEP key on the Motorola Cellular Gateway NC800. The same key
must also be configured on the wireless LAN clients (stations).
For even better security, the relatively new WLAN Protected Access Pre-Shared Key (WPA-PSK) option is also
supported by the Motorola Cellular Gateway NC800. However, in order to use WPA-PSK, you must ensure that
it is also supported on the wireless LAN clients.
A RADIUS server may also be used to do centralized authentication for WPA if PSK is not used.
You can also define a MAC access control list to restrict wireless LAN access to specified clients based on the
Client MAC address.
Virtual Private Networks
The Motorola Cellular Gateway NC800 allows multiple tunnel VPN pass-through operation to securely connect
remote computers over the Internet through the Motorola Cellular Gateway NC800. The Motorola Cellular
Gateway NC800:
•
Identifies and forwards Point to Point Tunneling Protocol (PPTP) packets
•
Identifies and forwards
certain
IPSec packets.
PPTP enables the implementation of secure, multi-protocol VPNs through private “tunnels” over the public
Internet. Through PPTP, it is possible for remote users to access their corporate networks and applications
from anywhere on the Internet. The Motorola Cellular Gateway NC800 identifies and forwards PPTP packets.
IPSec is a suite of protocols used to implement secure exchange of packets at the IP layer. VPNs using
Encapsulating Security Payload (ESP) in tunnel mode are supported. VPNs using Authentication Header (AH)
are not supported.
