policy - Tax-Aide for CA2

Wireless Printing
Updated 10/30/2008
POLICY
Tax-Aide Wireless Printing Policy
The use of Wireless Networking is not permitted at any site for full
client/server networking of Taxwise.
Wireless networking, for the purpose of printer sharing ONLY, is permitted.
Wireless Printing Security Policy
A router will be used for wireless printer sharing and all the following steps
will be taken to secure any wireless network used:
1. Infrastructure1 network configuration will be used. Ad-Hoc2 networks
are not permitted.
2. The wireless router or access point will be protected by changing the
default username and adding a password.
3. The manufacturer’s default SSID3 will be changed to "TAV" (without
quotes).
4. WPA4 encryption will be used.
5. MAC5 address filtering is optional and adds extra security when used in
conjunction with WPA.
6. A wireless network will never be connected such as to allow connection
to the Internet while using wireless networking for printer sharing.
7. High power antennae and/or other signal boosters will not be used.
8. File sharing will be turned off.
See the following pages for policy implementation procedures
1
Infrastructure --A wireless network centered about an access point. In this environment, the access
point not only provides communication with a wired network but also mediates wireless
network traffic in the immediate neighborhood.
2
Ad Hoc ----------Computers communicate directly with one another without using an access point (AP) or
any connection to a wired network.
3
SSID ------------The SSID is a sequence of up to 32 letters or numbers that is the ID, or name, of a
wireless local area network. The SSID is set by a network administrator and for open
wireless networks, the SSID is broadcast to all wireless devices within range of the
network access point. A closed wireless network does not broadcast the SSID, requiring
users to know the SSID to access the network.
4
WPA -------------Short for Wi-Fi Protected Access and it is extra strong encryption for Wi-Fi networks.
5
MAC -------------Media Access Control address, a hardware address that uniquely identifies each node of
a network.
Wireless Printing
POLICY IMPLEMENTATION
Due to the large number of different makes and models of wireless
equipment it is not possible to address all possible settings and methods.
It is the responsibility of the TCS and or TC to ensure that policy
requirements are met.
This guide is written around the Belkin Model F5D7230-4 Wireless G Router.
For other makes and models read the manual. Quick Start Guides are not
usually appropriate as they deal primarily with sharing an Internet
connection using a cable modem or DSL line.
1. If the computer you will connect directly to the Router with an Ethernet cable
has built-in wireless capability then turn off the wireless feature (push button
on the HP NX6110 laptops). Wireless can also be disabled in network settings.
Right click on the wireless connection and select disable.
2. Do not connect the computer to the Router yet.
3. Install the Router software using the manufacturer’s CD. Accept all the
defaults.
4. Connect the Router to the computer with an Ethernet patch cable. Do not use
the WAN port on the router. The WAN port is usually clearly identified, and we
don’t use it.
5. Using your web browser access the Router by going to the “site” 192.168.2.1
(some routers may use a different address – see Router documentation)
6. Click on Utilities – System Settings. The current password for the Router
access is blank.
Wireless Printing
POLICY IMPLEMENTATION
7. Enter a new password, and confirm it. No other changes are necessary on this
screen. Scroll to the bottom of the screen and click “Apply” – the Router will
reboot once you click on OK.
8. Login in to the Router using the password just assigned,
9. Click on “Wireless – Channel and SSID”
a. Change the SSID from its default to TAV.
b. Click “Apply changes” and reboot the Router again.
10. Login to the Router again
a. Click on “Wireless – security”.
b. Scroll to select a security mode of WPA.
c. Enter either the WPA key.
d. Write down the WPA key – you will need it. If you forget it just log on
to the router and look it up.
e. Click apply changes.
11. OPTIONAL - Log in to the Router again and access “Firewall – MAC address
filtering”.
a. Check the “Enable MAC address filtering” box.
b. Enter the MAC address of each of the devices that will be allowed to
connect to the wireless network.
The list of allowed MAC addresses can be updated later.
c. Click Apply changes.
Your Wireless Router should now be configured for secure access
Accessing the Wireless Router from another computer:
If the computer does not have built in Wireless capability install a wireless card
according to the manufacturer’s instructions.
These guidelines are written around an HP NX6110 Laptop that does have built-in
wireless.
1. Make sure that the Wireless LAN on the HP laptop is turned on (switch by
power switch – blue light should be on).
2. If using the default Windows Wireless Zero Configuration Service, right click
on the wireless icon in the right of the task bar.
3. Select "View Available Wireless Networks".
4. Click on the name of the Wireless Network you want to use (TAV).
5. Click on "Connect"
6. If using the Broadcom Wireless Utility, right click on
the wireless icon in the right of the task bar.
7. Click on “Open Utility”
8. Under the Wireless Network tab click “Add”
Wireless Printing
POLICY IMPLEMENTATION
9. To “Join an existing network (recommended) click “Next”
10. Enter the SSID you assigned to the Router and click “Next”
11. The Wireless network should be found. Click “Next”.
12.
Enter the WPA Key you set up, confirm it, and click “Next”.
Hint – if you expect to
do this a lot then put the WEP key into a text file stored on a secure flash drive. You can then
copy and paste the key.
13. Click “Next”, then – if the connection is successful – click “Finish”.
14. Click “Apply” then OK
15. Your connection is done. Proceed now as for wired networking. EXCEPT
remember that full networking of TaxWise using wireless is not permitted.
Managing the Wireless network at a site.
• On the computer that is directly connected to the Wireless Router
periodically during a tax session access the router. Verify with the
DHCP Client List, that ONLY the computers you expect are connected to
the network.
NETWORK SETTINGS LOG
SSID
XXXXXXXXXX
WPA KEY
XX
MAC
ADDRESS
1
MAC
ADDRESS
2
MAC
ADDRESS
3
MAC
ADDRESS
4
MAC
ADDRESS
5
MAC
ADDRESS
6
MAC
ADDRESS
7
MAC
ADDRESS
8
MAC
ADDRESS
9
XX
XX
XX
XX
XX
XX
XX
XX
XX
XX
XX
XX
Open as PDF
Similar pages