1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FWG114P
    5. /
  5. 50
Page 246 / 296 Scroll up to view Page 241 - 245
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
E-16
Wireless Networking Basics
201-10301-02, May 2005
Is WPA Perfect?
WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS)
attacks. If the access point receives two data packets that fail the message integrity code (MIC)
within 60 seconds of each other, then the network is under an active attack, and as a result, the
access point employs counter measures, which include disassociating each station using the access
point. This prevents an attacker from gleaning information about the encryption key and alerts
administrators, but it also causes users to lose network connectivity for 60 seconds. More than
anything else, this may just prove that no single security tactic is completely invulnerable. WPA is
a definite step forward in WLAN security over WEP and has to be thought of as a single part of an
end-to-end network security strategy.
Product Support for WPA
Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA
standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before
August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
WPA requires software changes to the following:
Wireless access points
Wireless network adapters
Wireless client programs
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged
To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can
support both WEP and WPA clients at the same time. During the association, the wireless AP
determines which clients use WEP and which clients use WPA. The disadvantage to supporting a
mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because
WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are
maintained.
However, a mixed mode supporting WPA and non-WPA clients would offer network security that
is no better than that obtained with a non-WPA network, and thus this mode of operation is
discouraged.
Page 247 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
Wireless Networking Basics
E-17
201-10301-02, May 2005
Changes to Wireless Access Points
Wireless access points must have their firmware updated to support the following:
The new WPA information element
To advertise their support of WPA, wireless APs send the beacon frame with a new 802.11
WPA information element that contains the wireless AP's security configuration (encryption
algorithms and wireless security configuration information).
The WPA two-phase authentication
Open system, then 802.1x (EAP with RADIUS or preshared key).
TKIP
Michael
AES
(optional)
To upgrade your wireless access points to support WPA, obtain a WPA firmware update from your
wireless AP vendor and upload it to your wireless AP.
Changes to Wireless Network Adapters
Wireless networking software in the adapter, and possibly in the OS or client application, must be
updated to support the following:
The new WPA information element
Wireless clients must be able to process the WPA information element and respond with a
specific security configuration.
The WPA two-phase authentication
Open system, then 802.1x supplicant (EAP or preshared key).
TKIP
Michael
AES
(optional)
To upgrade your wireless network adapters to support WPA, obtain a WPA update from your
wireless network adapter vendor and update the wireless network adapter driver.
For Windows wireless clients, you must obtain an updated network adapter driver that supports
WPA. For wireless network adapter drivers that are compatible with Windows XP (Service Pack 1)
and Windows Server 2003, the updated network adapter driver must be able to pass the adapter's
WPA capabilities and security configuration to the Wireless Zero Configuration service.
Page 248 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
E-18
Wireless Networking Basics
201-10301-02, May 2005
Microsoft has worked with many wireless vendors to embed the WPA firmware update in the
wireless adapter driver. So, to update your Microsoft Windows wireless client, all you have to do
is obtain the new WPA-compatible driver and install the driver. The firmware is automatically
updated when the wireless network adapter driver is loaded in Windows.
Changes to Wireless Client Programs
Wireless client programs must be updated to permit the configuration of WPA authentication (and
preshared key) and the new WPA encryption algorithms (TKIP and the optional AES component).
To obtain the Microsoft WPA client program, visit the Microsoft Web site.
Page 249 / 296
Virtual Private Networking
F-1
201-10301-02, May 2005
Appendix F
Virtual Private Networking
There have been many improvements in the Internet, including Quality of Service, network
performance, and inexpensive technologies, such as DSL. But one of the most important advances
has been in Virtual Private Networking (VPN) Internet Protocol security (IPSec). IPSec is one of
the most complete, secure, and commercially available, standards-based protocols developed for
transporting data.
What is a VPN?
A VPN is a shared network, where private data is segmented from other traffic, so that only the
intended recipient has access. The term VPN was originally used to describe a secure connection
over the Internet. Today, however, VPN is also used to describe private networks, such as Frame
Relay, Asynchronous Transfer Mode (ATM), and Multiprotocol Label Switching (MPLS).
A key aspect of data security is that the data flowing across the network is protected by encryption
technologies. Private networks lack data security, which allows data attackers to tap directly into
the network and read the data. IPSec-based VPNs use encryption to provide data security, which
increases the network’s resistance to data tampering or theft.
IPSec-based VPNs can be created over any type of IP network, including the Internet, Frame
Relay, ATM, and MPLS, but only the Internet is ubiquitous and inexpensive.
VPNs are traditionally used for:
Intranets:
Intranets connect an organization’s locations. These locations range from the
headquarters offices, to branch offices, to a remote employee’s home. Often this connectivity
is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS
accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting
home users is also very expensive compared to Internet-access technologies, such as DSL or
cable. Because of this, organizations are moving their networks to the Internet, which is
inexpensive, and using IPSec to create these networks.
Page 250 / 296
Reference Manual for the ProSafe Wireless 802.11g
Firewall/Print Server Model FWG114P v2
F-2
Virtual Private Networking
201-10301-02, May 2005
Remote Access:
Remote access enables telecommuters and mobile workers to access e-mail
and business applications. A dial-up connection to an organization’s modem pool is one
method of access for remote workers, but is expensive because the organization must pay the
associated long distance telephone and service costs. Remote access VPNs greatly reduce
expenses by enabling mobile workers to dial a local Internet connection and then set up a
secure IPSec-based VPN communications to their organization.
Extranets
: Extranets are secure connections between two or more organizations. Common
uses for extranets include supply-chain management, development partnerships, and
subscription services. These undertakings can be difficult using legacy network technologies
due to connection costs, time delays, and access availability. IPSec-based VPNs are ideal for
extranet connections. IPSec-capable devices can be quickly and inexpensively installed on
existing Internet connections.
What is IPSec and How Does It Work?
IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data
authentication, integrity, and confidentiality as data is transferred between communication points
across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle
that is organized for transmission across a network, and includes a header and payload (the data in
the packet). IPSec emerged as a viable network security standard because enterprises wanted to
ensure that data could be securely transmitted over the Internet. IPSec protects against possible
security exposures by protecting data while in transit.
IPSec Security Features
IPSec is the most secure method commercially available for connecting network sites. IPSec was
designed to provide the following security features when transferring packets across networks:
Authentication:
Verifies that the packet received is actually from the claimed sender.
Integrity:
Ensures that the contents of the packet did not change in transit.
Confidentiality:
Conceals the message content through encryption.
IPSec Components
IPSec contains the following elements:

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top