Internet security


1. Configuration Manager Admin password

Change router Configuration Manager’s password form its (default of admin):

Consult your routers manual which will illustrate how you can login to your router and update your administrator password.

2. Use sensible network security

Set network passwords and change them regularly. See your computer’s instructions.

Use good quality antivirus software to protect your computers. Update it regularly with latest virus upgrades

If you enable file sharing on your computer, you should not share your system files and should protect shared folders with a password. See help for your operating system.

If carrying sensitive information (e.g. corporate environment), you should use VPN type (Virtual Private Network) technology to protect your data. Follow guidelines from your company’s network administrator.

3. NAT Firewall
Most routers use NAT (Network Address Translation) to assign an address to your ADSL Modem. Only the NAT address is visible from the outside world and your computers are therefore protected against direct intrusion.

Make sure NAT is enabled consult your router documentation.

Introduction to Wireless Networking

A network is two or more computers connected together sharing Internet connection, files and peripheral devices such as printers. Your wireless router allows your computers to connect to the Internet without wires. This lets you move a laptop computer around while staying connected to the Internet or lets you locate a desktop computer in a room that cannot easily be reached with cables.

Your wireless router forms an Infrastructure wireless network.

Infrastructure Network
In the infrastructure network a Base Unit is used as the central point of all communications and acts as a gateway to the Internet. The Internet connection is automatically shared between all computers associated with the Base Unit. As a result, laptop or desktop computers on your wireless network can connect to the Internet as if they were directly plugged into the ADSL socket.


Ad-Hoc Network
You router creates an Infrastructure Network which is the most efficient way to share an Internet connection. For information, this section describes the other type of wireless network, the ad-hoc network, also known as peer-to-peer network.

In the ad-hoc network, computers communicate between one another without the need for a Base Unit. Windows’ Internet Connection Sharing can be used to share an Internet connection available on one computer between all computers on the network. At least one computer must already be connected to the Internet and be switched-on for other computers to access the Internet.

In the example below, computer B is connected to the Internet and equipped with a wireless Adapter. Computer A, equipped with a wireless Adapter also that can share the Internet connection using Windows Internet Connection Sharing running on computer B.


Wireless Network Settings

  1. A Wireless Network is defined by the following settings:
  2. Wireless Network Name (SSID): Identifies your wireless network.
  3. Channel: Wireless Networks operate in the 2.4GHz frequency band where 14 channels are available. Devices must operate on the same channel to be able to communicate. In an infrastructure network, the Base Unit controls the channel allocation.
  4. Security: You can use Hidden Name (Hidden SSID), WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) mechanisms to ensure the integrity of the network

How to Password Protect a Microsoft Office 97/2002/2003/2007 Document

It is very simple to password protect a document in Microsoft Office. Providing you use a good password; at least 8 characthers, a mixture of upper case, lower case, numbers and symbols) your document will be relativley secure.

Please see an earlier blog post How Strong is you password? for more information.

Password Protecting a Microsoft Office 97/2002/2003 Document

Tools > Options > Security

Microsoft-Office 2002-2003 Password Protect-Options














Microsoft-Office 2002-2003 Password Protect-Encryption Type








Password Protecting a Microsoft Office 2007 Document

Save As > Tools > General Options

Microsoft-Office 2007 Password Protect-Save as











Microsoft-Office 2007 Password Protect-General options

How strong is your password?

Earlier versions of Microsoft Word, 97, 2000, and 2003 use a DES 40bit form of encryption which meant that a brute-force attack (which is to try all the possible combinations of passwords) meant that cracking the password was guaranteed.

However Word 2007 uses AES 128bit encryption, which makes the brute-force attack very very slow. For example in tests on a Word 2003 passworded document I got upto 2,500,000 passwords per minute using 10 computers at once. With the same hardware configuration I only got a mere 260 passwords per minute for a Word 2007 document.

Well Done, Microsoft Office 2007 team, Bill Gates you should be proud!

After 5 days and 112 million tries I gave-up!

The length and complexity of your password can determine how secure it is:

Password is 6 characters long
94 possible characters in the password
26 uppercase + 26 lowercase + 32 special + 10 numbers = 94
946 = 689,869,781,056 unique password permutations
Need 133,076 password attempts/sec to attempt all combinations
(946/60 days (5184000 seconds) = 133,076)

Password is 7 characters long,
94 possible characters in the password
26 uppercase + 26 lowercase + 32 special + 10 numbers = 94
947 = 64,847,759,419,264 unique password permutations
Need 12,509,212 password attempts/sec to attempt all combinations
(947/60 days (5184000 seconds) = 12,509,212)







To summarise:

Make your password a long as possible
Use lower and uppercase, numbers and special symbols where appropriate.
Think of a short phrase and use that as your password.

Different Data Destruction Methods

Data is stored on a hard disk as a sequence of 1s and 0s (ones and zeros) represented by differently magnetized parts of a disk. Information removed from a hard disk drive by non-secure means (for example, by simply deleting the file) can easily be recovered by file recovery software. By using specialised equipment, someone may be able to recover even repeatedly overwritten information.

When you delete a file from your disk, Windows deletes the reference to that file from its File Allocation Table (FAT), but the actual data remains on your hard disk in the same sectors in which it previously existed. Even deleting partitions or formatting your hard drive wont actually remove the data. It remains for prying eyes to see whether its financial information (such as online banking information, payroll data, social security numbers or credit card numbers), confidential e-mail messages, personal photos or other private information. If you leave critical data on the disk, a knowledgeable person can look into your private information and crime, such as identity theft, becomes easy.

To prevent data retrieval, the existing data must be destroyed. You permanently destroy data by writing over it usually with some pattern (such as all zeroes, 00000, or all ones, 11111). Sophisticated data thieves can read or interpret deleted data and can retrieve that information even from reformatted drives. Therefore most standards implement permanent destruction by repeatedly writing patterns over the original data.

 Eight different methods for destroying data:

American: U.S. Standard, DoD 5220.22-M
American: NAVSO P-5239-26 (RLL)
American: NAVSO P-5239-26 (MFM)
German: VSITR
Russian: GOST P50739-95
Peter Gutmann algorithm
Bruce Schneier algorithm

Fast Method
The Fast method, as its name indicates, is the quickest method. It performs a single pass on the selected partition or drive and zeroes out all sectors. This method may be sufficient if you feel that you dont need to be concerned about someone attempting to recover the data. Perhaps youre giving an old computer to another family member or its to be transferred to another person in your department.

Even though this method is named Fast, depending on the size of the disk, erasing the disk with this method will require considerable time. For example, erasing an external FireWire (IEEE 1394) 120 GB disk may take almost 2 hours.

U.S. Standard, DoD 5220.22-M
To destroy data, this method uses four passes:

1. Writes randomly selected symbols to each byte of each sector.
2. Writes the complement of the first passs pattern to each byte of each sector.
3. Writes random symbols again.
4. Verifies the data written in the third pass.

 NAVSO P-5239-26 (RL)
To destroy data, this method uses four passes:

1. Writes 0x01 to all sectors.
2. Writes 0x27FFFFFF to each sector.
3. Writes random symbols to each sector.
4. Verifies the data written in the third pass.

 NAVSO P-5239-26 (MFM)
To destroy data, this method uses four passes:

1. Writes 0x01 to all sectors.
2. Writes 0x7FFFFFFF to each sector.
3. Writes random symbols to each sector.
4. Verifies the data written in the third pass.

To destroy data, this method uses seven passes:

1. Writes 0x00 to all sectors.
2. Writes 0xFF to all sectors.
3. Writes 0x00 to all sectors.
4. Writes 0xFF to all sectors.
5. Writes 0x00 to all sectors.
6. Writes 0xFF to all sectors.
7. Writes 0xAA to all sectors.

Russian: GOST P50739-95
In one pass, GOST writes logical zeros (0x00) to each byte of each sector for 6th to 4th security level systems. For 3rd to 1st security level systems, it writes randomly selected numbers to each byte of each sector.

Peter Gutmann algorithm
The Gutmann method uses thirty-five passes to securely erase date. While this method is very secure, it is also the method that takes the longest time.

Bruce Schneier algorithm
Bruce Schneiers algorithm uses seven passes:

1. Writes 0xFF to all sectors.
2. Writes 0x00 to all sectors.
3. Writes a cryptographically secure pseudo-random sequence to all sectors.
4. Writes a cryptographically secure pseudo-random sequence to all sectors.
5. Writes a cryptographically secure pseudo-random sequence to all sectors.
6. Writes a cryptographically secure pseudo-random sequence to all sectors.
7. Writes a cryptographically secure pseudo-random sequence to all sectors.

This method is a very secure method particularly if you dont want to take the time to use the Peter Gutmann algorithm.

ADSL Frequently Asked Questions

What are microfilters?
Microfilters are small devices you install on your phone line between the phone and the wall connection to block electrical noises. Without microfilters, you may hear noise from the ADSL connection when talking on your phone. Ensure that you have plugged your modem in the correct socket on the micro filter otherwise it will not work and may be damaged.

How do I install the ADSL Router?
The best way to install the router is to follow the process on the paper quick start guide included with your product or on the CD.

Do I need a special Internet browser?
No. You can use most Internet browsers, such as Netscape Navigator* or Microsoft Internet Explorer*. Internet Explorer is provided on the installation CD.

Can I access my e-mail account over the Internet?
Web-based e-mail accounts,(e.g. Hotmail, Yahoo mail, and Talk21) are unaffected by the use of Broadband. Pop3 e-mail provided by an ISP may encounter problems if your ISP has chosen not to implement the necessary authentication protocols. Your ISP mail may be suspended if you cancel your contract with your ISP.

What services do I need?
To connect to the Internet, your ADSL Broadband service must be activated on your telephone line.

When can I install my ADSL Router?
You can install your modem at any time, however you will only be able to use your Broadband connection from the activation date you were given by your Service Provider.

What might affect the performance of my ADSL or telephony?
There are a few things that may affect the performance:

The ADSL Microfilters. Make sure you use good quality microfilters.
Old or incorrect extension wiring.
Old or some low quality telephones.
Can I use my activated ADSL line without Microfilters
Your ADSL Microfilters guarantee that your phone line and Broadband service do not interfere and should therefore be used all the time.

Can I access ADSL Broadband services using any modem/router?
ADSL Broadband services requires the use of an ADSL modem/router. This is different to other types of modem analogue modems and ISDN Terminal Adapter/PC cards, they will not work.

How many telephony devices can I have on my line?
Each telephony device has a REN (Ringing Equivalent Number) value, which should be shown on the underside of the device. The line will support a total REN of 4.

Is the bandwidth capacity of ADSL Broadband guaranteed?
No, ADSL provides variable bandwidth the capacity you receive is dependent upon the capacity available and will be shared by other users..

Wireless Frequently Asked Questions
How do I secure my wireless network?
See here for instructions

How many computers can I connect to the Base Unit?
In theory up to 250 computers can be connected to the Base Unit (wired or wireless). However, all these computers would have to share the broadband line and would experience poor download speeds. Depending upon actual traffic generated by each computer, up to 10 should give you an acceptable Internet experience.

Can I connect computers to the wired network sockets and the wireless network at the same time?

If my neighbour has a similar product, will there be any interference?
Not unless both heavily surfing at the same time. You can change the operating channel if you are experiencing serious interference.

Can anyone “listen in” to my data or connect to my base station?
Not if you take precautions and secure your wireless network: see Wireless Security

Can I share files and printers between computers connected to the base station?
Yes. All computer should be visible in Network Neighbourhood / My Network Places.

Glossary of Wireless terms, Ad Hoc, MAC, Channel, Ethernet

Access Point
An internetworking device that seamlessly connects wired and wireless networks. Access Points combined with a distributed system support the creation of multiple radio cells that enable roaming throughout a facility.

Ad Hoc
A network composed solely of stations within mutual communication range of each other (no Access Point connected).

Basic Service Set ID. Wireless MAC address of the device that controls the wireless network. In infrastructure mode, this is the base station, in Ad-hoc mode, it is the wireless adpater itself.

A medium used to pass protocol data units that can be used simultaneously in the same volume of space by other channels of the same physical layer, with an acceptably low frame error ratio due to mutual interference.

Extended Service Set. A set of one or more interconnected Basic Service Sets (BSSs) and integrated Local Area Networks (LANs) can be configured as an Extended Service Set.

The most widely used medium access method, which is defined by the IEEE 802.3 standard. Ethernet is normally a shared media LAN; i.e., all the devices on the network segment share total bandwidth. Ethernet networks operate at 10Mbps using CSMA/CD to run over 10BaseT cables.

A network component that acts as an entrance to another network.

IEEE 802.11
The IEEE 802.xx is a set of specifications for LANs from the Institute of Electrical and Electronic Engineers (IEEE). Most wired networks conform to 802.3, the specification for CSMA/CD-based Ethernet networks or 802.5, the specification for token ring networks. 802.11 defines the standard for wireless LANs encompassing three incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Infrared. IEEE standards ensure interoperability between systems of the same type.

A wireless network centered about an Access Point. In this environment, the Access Point not only provides communication with the wired network but also mediates wireless network traffic in the immediate neighborhood.

Internet Protocol. The standard protocol within TCP/IP that defines the basic unit of information passed across an Internet connection by breaking down data messages into packets, routing and transporting the packets over network connections, then reassembling the packets at their destination. IP corresponds to the network layer in the ISO/OSI model.

IP Address
An IP address is a 32-bit number that identifies each sender or receiver of information sent across the Internet. An IP address has two parts: the identifier of a particular network on the Internet and an identifier of the particular device (which can be a server or a workstation) within that network.

MAC Address
A unique number that identifies a network adapter (wireless or not).

Radio Frequency
RR, Terms: GHz, MHz, Hz The international unit for measuring frequency is Hertz (Hz), equivalent to the older unit of cycles per second. One megahertz (MHz) is one Million-Hertz. One giga hertz (GHz) is one Billion-Hertz. The standard U.S. electrical power frequency is 60 Hz, the AM broadcast radio frequency band is 0.551.6 MHz, the FM broadcast radio frequency band is 88108 MHz, and wireless 802.11 LANs operate at 2.4GHz.

Service Set ID. A group name shared by every member of a wireless network. Only client PCs with the same SSID are allowed to establish a connection.

Wired Equivalent Privacy. The optional cryptographic confidentiality algorithm specified by 802.11. The algorithm is being used to provide data confidentiality that is subjectively equivalent to the confidentiality of a wired network medium that does not employ cryptographic techniques to enhance privacy.

Wi-Fi Protected Access. The next step in wireless security after WEP. WPA uses a different algorithm that automatically and regularly generate new network keys so it is virtually impossible for a hacker to crack the key.

Gossary of DSL terms, Dynamic IP Address, Mbps

The terms below may or may not be used in these documents, but are commonly used in the delivery of DSL.

Activation Date
This is the date when the telephone Company/ISP turn on ADSL on your line. This is assuming that you are within the distance constraints of ADSL.

Asymmetric Digital Subscriber Line. A high-speed transmission technology using existing telephone lines that allow simultaneous phone conversations and Internet access. The downstream rates are greater than the upstream rate.

ARP (Address Resolution Protocol )
ARP is a TCP/IP protocol for mapping an IP address to a physical machine address that is recognized in the local network, such as an Ethernet address.

A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.

Inverse ARP (In-ARP), on the other hand, is used by a host to discover its IP address. In this case, the host broadcasts its physical address and a RARP server replies with the host’s IP address.

Asynchronous Transfer Mode. A connection-oriented switching technology that uses fixed-length cells. It is common for phone companies to use ATM to transfer data around the Internet.

Bits per second. Indicates the speed at which data bits are transferred.

Bridged Ethernet
Also referred to as RFC1483, not currently activated in the UK

Customer Premises Equipment. Your DSL modem is considered CPE equipment. It resides at your premises and connects you to the Telephone company network and then your ADSL Service Provider.

Dynamic Host Configuration Protocol. A TCP/IP protocol that provides for automatic/dynamic IP addresses. If your computer is set for DHCP, your ISP will automatically assign you an IP address each time you log on to the network.

Discrete Multi-Tone. DSL technology that uses DSPs to code information for use in a DSL network. Currently in use in the UK.

Domain Name Server. Servers on the Internet or at the ISP that maintain associations between IP addresses and Domain Names. DNS allows the user to type in a name ( instead of the numeric IP address.

Refers to the transmission direction from the Exchange to the Modem. Usually measured in Kbps.

Digital Subscriber Line. The high speed local-loop connection between the Exchange and your Modem. It provides concurrent telephony and Internet browsing over the same pair of wires. You will only need one phone number.

Digital Subscriber Line Access Multiplexer. This is the equipment installed at the phone companys Exchange that allows for ADSL. It splits your regular voice traffic from data traffic. Your Exchange must have the proper DSLAM for you to get DSL.

Digital Signal Processor. A chip on the modem that handles line signalling.

Dial-up Networking. This is a Microsoft application that is used to connect to the Internet when using a PPPoA connection type. It was first used to connect analogue modems.

Dynamic IP Address
This is a service provided by your ISP that automatically assigns you a random IP address from one of their pool of addresses. Your address may change each time you log on to the network. If you are hosting a Web server, you do not want to have a dynamic IP address. You should use a static address.

Frequently Asked Questions.

G.Lite is the informal name of a way to deploy DSL services to home and small-business users. Also known as Universal ADSL, G.Lite makes it possible to have Internet connections to home and business computers at up to 4.0 Mbps (millions of bits per second) over regular phone lines. A technology that is not used extensively and not in the UK.

Internet Protocol. The networking protocol used as the primary method for transferring data over the Internet. It is also used in many LANs.

Internet Service Provider – A company that provides you with access to the Internet. In these guides they are referred to generically as Service Providers. This can be either a Telephone company or one of many separate companies. To get Internet access you must have a Service Provider account that supports DSL and an activated ADSL line. Your ISP will provide you with the necessary account information.

Kilobits per second. One K is 1,024 bits.

Last Mile
This is also referred to as the Local Loop. It is the distance between the CPE equipment and the Exchange.

Local area network. Used to link a number of computers together in a home or business. The Ethernet side of the ADSL Router is called the LAN port. It is a twisted-pair Ethernet 10Base-T interface. A hub can be connected to the LAN port. More than one computers, such as server or printer, can be connected through this hub to the ADSL Router and composes a LAN.

Local Loop
The distance between the Exchange equipment and the customers premises. Also known as the Last Mile.

Mail Server
Mail servers are located at the ISP and hold and route your e-mail until you access it. There are incoming and outgoing mail servers. Find out from your ISP what the name of your mail servers are.

Megabits per second. One megabit is 1,048,576 bits.

Microfilters are devices that connect between your telephone and the phone socket. Because DSL allows voice and data to share the same pair of wires, Microfilters (like POTS splitters) keep the signals from interfering with each other. If you hear excess noise on your telephones after DSL service has been activated, make sure that your Microfilters are installed or that you have good quality filters.

Name Server
Name servers translate names from one form into another. For example, the Internet relies on Domain Name Servers (DNSs) that translate domain names (for example, into IP addresses (for example,

NAT (Network Address Translation)
NAT is an Internet standard that translates a private IP within one network to a public IP address, either a static or dynamic one. NAT provides a type of firewall by hiding internal IP addresses. It also enables a company to use more internal IP addresses.

If the IP addresses given by your ISP are not enough for each PC on the LAN and the ADSL Router, you need to use NAT. With NAT, you make up a private IP network for the LAN and assign an IP address from that network to each PC. One of some public addresses is configured and mapped to a private workstation address when accesses are made through the gateway to a public network.

For example, the ADSL Router is assigned with the public IP address of With NAT enabled, it creates a Virtual LAN. Each PC on the Virtual LAN is assigned with a private IP address with default value of to These PCs are not accessible by the outside word but they can communicate with the outside world through the public IP

News Server
News servers are located at the ISP. They hold and route messages from Internet news-groups. You can subscribe to newsgroups for reading and replying to messages. Contact your ISP for more information about using their news server.

Network Interface Card. A board that often resides in the computer that connects a computer to a network (LAN).

Network Terminating Equipment. This is the box that attaches to the customers house at the where your telephone line enters the house.

Permanent Virtual Circuit. A PVC is the combination of the VPI/VCI pair. This pair of numbers is used to identify a route through an ATM/ADSL network. The current default setting is 0,38.

Plain Old Telephone Service. Refers to the standard telephone service used in most homes.

POTS Splitter
A device that separates the POTS information from the DSL information. Because DSL and POTS share the same line, it is necessary to keep the two signals from interfering with each other. A POTS splitter will be situated at Network Terminating Equipment (where the line enters the premises), other times, a Microfilter will be used.

Point-to-Point over ATM Protocol (also sometimes seen as simply PPP). A protocol that some ISPs use to give users access to the ISPs computers and the Internet. You will currently need PPPoA, but the BT Voyager USB can support many protocols (Bridged Ethernet, Routed Ethernet, or Point-to-Point Protocol over Ethernet (PPPoE).

Point-to-Point over Ethernet (also sometimes seen as simply PPP). A protocol that some ISPs use to give users access to the ISPs computers and the Internet. You will currently need PPPoA, but the BT Voyager USB can support many protocols (Bridged Ethernet, Routed Ethernet, or Point-to-Point Protocol over ATM (PPPoA).

Private IP Address
Private IP addresses are also LAN IP addresses, but are considered “illegal” IP addresses to the Internet. They are private to an enterprise while still permitting full network layer connectivity between all hosts inside an enterprise as well as all public hosts of different enterprises.
The ADSL Router uses private IP addresses by assigning them to the LAN that cannot be directly accessed by the Internet or remote server. To access the Internet, private network should have an agent to translate the private IP address to public IP address.

Public IP Address
Public IP addresses are LAN IP addresses that can be considered “legal” for the Internet, because they can be recognized and accessed by any device on the other side of the DSL connection. In most cases they are allocated by your ISP.
If you are given a range of fixed IP addresses, then one can be assigned to the router and the others to network devices on the LAN, such as computer workstations, ftp servers, and web servers.

A standard that provides guidelines for Bridged Ethernet and Routed Ethernet connection protocols. (PPPoA, PPPoE etc). Current protocol used in the UK is PPPoA.

Routed Ethernet
Also referred to as RFC1483, this is a protocol that some ISPs use to give access to their computers and then to the Internet. Current setting in the UK is PPPoA.

A device that directs LAN traffic through a network.

Static IP Address
This is an IP address that has been permanently assigned to you by your ISP.

Transmission Control Protocol/Internet Protocol. The most widely used protocol suite of the World Wide Web.

Training up
With DSL, a negotiation needs to be made between the Modem equipment and the Exchange equipment (DSLAM). This process is called Training. When they have successfully talk to each other, they are considered Trained. Your modem must be Trained before you can pass any traffic or browse the Internet. Training will establish your speed and line quality. When this has been successfully completed both your lights will solid green.

Refers to the transmission speed from your modem to the Exchange equipment. (Downstream is from the Exchange to your Modem).

Virtual Circuit Identifier. This number is part of the PVC. It establishes your channel through the telephone company equipment. Default setting is 0.

Virtual Server
You can designate virtual servers, e.g., a FTP, web, telnet or mail server, on your local network and make them accessible to the outside world. A virtual server means that it is not a dedicated server — that is, the entire computer is not dedicated to running on the public network but in the private network.

Virtual Path Identifier. This is part of the PVC. This, combined with the VCI, establishes your channel through the phone company equipment. Default setting is 38.

WAN (Wide Area Network)
The DSL port of the ADSL Router composes the WAN interface, which supports PPP or RFC 1483 connecting to another remote DSL device.

Wireless Security WEP WPA WPA-PSK

Wireless routers are designed to be easy to protect against unwanted connection. It is recommended that you set-up security as soon as you have successfully installed the product and checked that default settings work to connect to the Internet.

WEP and WPA wireless security mechanism to protect data transmitted over the wireless network and to prevent unauthorised connection. Access list based are based on MAC Addresses so you can specify which wireless adapters are authorised to use your network.
First you need to decide the type of wireless security you want to use. Please Consult your Router Manual.

WEP (Wired Equivalent Privacy) is the security used as standard in older 802.11b wireless networks. Select 64-bit WEP or 128-bit WEP if: You wish to connect older wireless adapters that do not support WPA (see opposite) such as the BT Voyager 1010/1020 to your wireless network now or in the future WPA or WPA-PSK

WPA (Wi-Fi Protected Access) is the next generation of security for wireless networks. WPA-PSK is the version of WPA specific for the home or small office users because it does not require an authentication server. With WPA-PSK, your network key is regularly and automatically changed so hackers cannot decode the key by listening to your connection.

Select WPA-PSK if: All your wireless adapters support WPA. Check your wireless adapter’s specification.
You wish to benefit from the additional security offered by WPA over standard WEP

For help on Enterprises security with WPA or 802.1x,  please refer Router Manual