1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FWG114P
    5. /
  5. 48
Page 236 / 296 Scroll up to view Page 231 - 235
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
E-6
Wireless Networking Basics
201-10301-02, May 2005
Key Size
The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit.
The 64-bit WEP data encryption method allows for a five-character (40-bit) input. Additionally,
24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. The 24
factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all
data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption
as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits
wide.
The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the
forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user
configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal
characters to ease encryption key entry.
128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available
outside of the United States due to U.S. export regulations.
When configured for 40-bit encryption, 802.11 products typically support up to four WEP Keys.
Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). For
example, “12 34 56 78 90” is a 40-bit WEP Key.
When configured for 128-bit encryption, 802.11 products typically support four WEP Keys but
some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of
two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90”
is a 128-bit WEP Key.
Table E-1:
Encryption Key Sizes
Note:
Typically, 802.11 access points can store up to four 128-bit WEP Keys but some 802.11
client adapters can only store one. Therefore, make sure that your 802.11 access and client
adapters’ configurations match.
Encryption Key Size
# of Hexadecimal Digits
Example of Hexadecimal Key Content
64-bit (24+40)
10
4C72F08AE1
128-bit (24+104)
26
4C72F08AE19D57A3FF6B260037
Page 237 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Wireless Networking Basics
E-7
201-10301-02, May 2005
WEP Configuration Options
The WEP settings must match on all 802.11 devices that are within the same wireless network as
identified by the SSID. In general, if your mobile clients will roam between access points, then all
of the 802.11 access points and all of the 802.11 client adapters on the network must have the same
WEP settings.
Note:
Whatever keys you enter for an AP, you must also enter the same keys for the client adapter
in the same order. In other words, WEP key 1 on the AP must match WEP key 1 on the client
adapter, WEP key 2 on the AP must match WEP key 2 on the client adapter, and so on.
Note:
The AP and the client adapters can have different default WEP Keys as long as the keys are
in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a
client adapter can use WEP key 3 as its default key to transmit. The two devices will communicate
as long as the AP’s WEP key 2 is the same as the client’s WEP key 2 and the AP’s WEP key 3 is
the same as the client’s WEP key 3.
Wireless Channels
The wireless frequencies used by 802.11b/g networks are discussed below.
IEEE 802.11b/g wireless nodes communicate with each other using radio frequency signals in the
ISM (Industrial, Scientific, and Medical) band between 2.4 GHz and 2.5 GHz. Neighboring
channels are 5 MHz apart. However, due to spread spectrum effect of the signals, a node sending
signals using a particular channel will utilize frequency spectrum 12.5 MHz above and below the
center channel frequency. As a result, two separate wireless networks using neighboring channels
(for example, channel 1 and channel 2) in the same general vicinity will interfere with each other.
Applying two channels that allow the maximum channel separation will decrease the amount of
channel cross-talk, and provide a noticeable performance increase over networks with minimal
channel separation.
The radio frequency channels used in 802.11b/g networks are listed in
Table E-2
:
Table E-2:
802.11b/g Radio Frequency Channels
Channel
Center Frequency
Frequency Spread
1
2412 MHz
2399.5 MHz - 2424.5 MHz
2
2417 MHz
2404.5 MHz - 2429.5 MHz
3
2422 MHz
2409.5 MHz - 2434.5 MHz
Page 238 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
E-8
Wireless Networking Basics
201-10301-02, May 2005
Note:
The available channels supported by the wireless products in various countries are different.
For example, Channels 1 to 11 are supported in the U.S. and Canada, and Channels 1 to 13 are
supported in Europe and Australia.
The preferred channel separation between the channels in neighboring wireless networks is 25
MHz (5 channels). This means that you can apply up to three different channels within your
wireless network. There are only 11 usable wireless channels in the United States. It is
recommended that you start using channel 1 and grow to use channel 6, and 11 when necessary, as
these three channels do not overlap.
WPA Wireless Security
Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security
enhancements that increase the level of data protection and access control for existing and future
wireless LAN systems.
The IEEE introduced the WEP as an optional security measure to secure 802.11b (Wi-Fi) WLANs,
but inherent weaknesses in the standard soon became obvious. In response to this situation, the
Wi-Fi Alliance announced a new security architecture in October 2002 that remedies the
shortcomings of WEP. This standard, formerly known as Safe Secure Network (SSN), is designed
to work with existing 802.11 products and offers forward compatibility with 802.11i, the new
wireless security architecture being defined in the IEEE.
4
2427 MHz
2414.5 MHz - 2439.5 MHz
5
2432 MHz
2419.5 MHz - 2444.5 MHz
6
2437 MHz
2424.5 MHz - 2449.5 MHz
7
2442 MHz
2429.5 MHz - 2454.5 MHz
8
2447 MHz
2434.5 MHz - 2459.5 MHz
9
2452 MHz
2439.5 MHz - 2464.5 MHz
10
2457 MHz
2444.5 MHz - 2469.5 MHz
11
2462 MHz
2449.5 MHz - 2474.5 MHz
12
2467 MHz
2454.5 MHz - 2479.5 MHz
13
2472 MHz
2459.5 MHz - 2484.5 MHz
Table E-2:
802.11b/g Radio Frequency Channels
Channel
Center Frequency
Frequency Spread
Page 239 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Wireless Networking Basics
E-9
201-10301-02, May 2005
WPA offers the following benefits:
Enhanced data privacy
Robust key management
Data origin authentication
Data integrity protection
The Wi-Fi Alliance is now performing interoperability certification testing on Wi-Fi Protected
Access products. Starting August of 2003, all new Wi-Fi certified products will have to support
WPA. NETGEAR will implement WPA on client and access point products and make this
available in the second half of 2003. Existing Wi-Fi certified products will have one year to add
WPA support or they will lose their Wi-Fi certification.
The 802.11i standard is currently in draft form, with ratification due at the end of 2003. While the
new IEEE 802.11i standard is being ratified, wireless vendors have agreed on WPA as an
interoperable interim standard.
How Does WPA Compare to WEP?
WEP is a data encryption method and is not intended as a user authentication mechanism. WPA
user authentication is implemented using 802.1x and the Extensible Authentication Protocol
(EAP). Support for 802.1x authentication is required in WPA. In the 802.11 standard, 802.1x
authentication was optional. For details on EAP specifically, refer to IETF's RFC 2284.
With 802.11 WEP, all access points and client wireless adapters on a particular wireless LAN must
use the same encryption key. A major problem with the 802.11 standard is that the keys are
cumbersome to change. If you do not update the WEP keys often, an unauthorized person with a
sniffing tool can monitor your network for less than a day and decode the encrypted messages.
Products based on the 802.11 standard alone offer system administrators no effective method to
update the keys.
For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity
Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger
than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices
to perform encryption operations. TKIP provides important data encryption enhancements
including a per-packet key mixing function, a message integrity check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through
these enhancements, TKIP addresses all of known WEP vulnerabilities.
Page 240 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
E-10
Wireless Networking Basics
201-10301-02, May 2005
How Does WPA Compare to IEEE 802.11i?
WPA will be forward compatible with the IEEE 802.11i security specification currently under
development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i
draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the
802.11i draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff
(for specialized 802.11 VoIP phones), as well as enhanced encryption protocols, such as
AES-CCMP. These features are either not yet ready for market or will require hardware upgrades
to implement.
What are the Key Features of WPA Security?
The following security features are included in the WPA standard:
WPA Authentication
WPA Encryption Key Management
Temporal Key Integrity Protocol (TKIP)
Michael message integrity code (MIC)
AES Support (to be phased in)
Support for a Mixture of WPA and WEP Wireless Clients, but mixing WEP and WPA is
discouraged
These features are discussed below.
WPA addresses most of the known WEP vulnerabilities and is primarily intended for wireless
infrastructure networks as found in the enterprise. This infrastructure includes stations, access
points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has
access to) user credentials (for example, user names and passwords) and authenticates wireless
users before they gain access to the network.
The strength of WPA comes from an integrated sequence of operations that encompass 802.1X/
EAP authentication and sophisticated key management and encryption techniques. Its major
operations include:
Network security capability determination. This occurs at the 802.11 level and is
communicated through WPA information elements in Beacon, Probe Response, and (Re)
Association Requests. Information in these elements includes the authentication method
(802.1X or Pre-shared key) and the preferred cipher suite (WEP, TKIP, or AES).

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top