Page 91 / 120 Scroll up to view Page 86 - 90
Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302
Wireless Networking Basics
B-3
202-10078-01
Authentication and WEP Data Encryption
The absence of a physical connection between nodes makes the wireless links vulnerable to
eavesdropping and information theft. To provide a certain level of security, the IEEE 802.11
standard has defined these two types of authentication methods:
Open System
. With Open System authentication, a wireless computer can join any network
and receive any messages that are not encrypted.
Shared Key
. With Shared Key authentication, only those PCs that possess the correct
authentication key can join the network. By default, IEEE 802.11 wireless devices operate in
an Open System network.
Wired Equivalent Privacy (WEP) data encryption is used when the wireless devices are configured
to operate in Shared Key authentication mode.
802.11 Authentication
The 802.11 standard defines several services that govern how two 802.11 devices communicate.
The following events must occur before an 802.11 Station can communicate with an Ethernet
network through an access point, such as the one built in to the WAG302:
1.
Turn on the wireless station.
2.
The station listens for messages from any access points that are in range.
3.
The station finds a message from an access point that has a matching SSID.
4.
The station sends an authentication request to the access point.
5.
The access point authenticates the station.
6.
The station sends an association request to the access point.
7.
The access point associates with the station.
8.
The station can now communicate with the Ethernet network through the access point.
An access point must authenticate a station before the station can associate with the access point or
communicate with the network. The IEEE 802.11 standard defines two types of authentication:
Open System and Shared Key.
Open System Authentication
allows any device to join the network, assuming that the device
SSID matches the access point SSID. Alternatively, the device can use the “ANY” SSID
option to associate with any available Access Point within range, regardless of its SSID.
Page 92 / 120
Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302
B-4
Wireless Networking Basics
202-10078-01
Shared Key Authentication
requires that the station and the access point have the same WEP
Key to authenticate. These two authentication procedures are described below.
Open System Authentication
The following steps occur when two devices use Open System Authentication:
1.
The station sends an authentication request to the access point.
2.
The access point authenticates the station.
3.
The station associates with the access point and joins the network.
This process is illustrated below.
Figure B-1:
Open system authentication
Shared Key Authentication
The following steps occur when two devices use Shared Key Authentication:
1.
The station sends an authentication request to the access point.
2.
The access point sends challenge text to the station.
3.
The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and
sends the encrypted text to the access point.
4.
The access point decrypts the encrypted text using its configured WEP Key that corresponds
to the station’s default key. The access point compares the decrypted text with the original
challenge text. If the decrypted text matches the original challenge text, then the access point
and the station share the same WEP Key and the access point authenticates the station.
FVM318
Access Point
1) Authentication request sent to AP
2) AP authenticates
3) Client connects to network
802.11b Authentication
Open System Steps
Cable or
DLS modem
Client
attempting
to connect
Page 93 / 120
Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302
Wireless Networking Basics
B-5
202-10078-01
5.
The station connects to the network.
If the decrypted text does not match the original challenge text (the access point and station do not
share the same WEP Key), then the access point will refuse to authenticate the station and the
station will be unable to communicate with either the 802.11 network or Ethernet network.
This process is illustrated below.
Figure B-2:
Shared key authentication
Overview of WEP Parameters
Before enabling WEP on an 802.11 network, you must first consider what type of encryption you
require and the key size you want to use. Typically, there are three WEP Encryption options
available for 802.11 products:
1.
Do Not Use WEP:
The 802.11 network does not encrypt data. For authentication purposes, the
network uses Open System Authentication.
2.
Use WEP for Encryption:
A transmitting 802.11 device encrypts the data portion of every
packet it sends using a configured WEP Key. The receiving device decrypts the data using the
same WEP Key. For authentication purposes, the network uses Open System Authentication.
FVM318
Access Point
1) Authentication
request sent to AP
2) AP sends challenge text
3) Client encrypts
challenge text and
sends it back to AP
4) AP decrypts,and if correct,
authenticates client
5) Client connects to network
802.11b Authentication
Shared Key Steps
Cable or
DLS modem
Client
attempting
to connect
Page 94 / 120
Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302
B-6
Wireless Networking Basics
202-10078-01
3.
Use WEP for Authentication and Encryption:
A transmitting 802.11 device encrypts the data
portion of every packet it sends using a configured WEP Key. The receiving device decrypts the
data using the same WEP Key. For authentication purposes, the wireless network uses Shared Key
Authentication.
Note:
Some 802.11 access points also support
Use WEP for Authentication Only
(Shared Key
Authentication without data encryption).
Key Size
The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit.
The 64-bit WEP data encryption method allows for a five-character (40-bit) input. Additionally, 24
factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. The 24
factory-set bits are not user-configurable). This encryption key will be used to encrypt/decrypt all
data transmitted via the wireless interface. Some vendors refer to the 64-bit WEP data encryption
as 40-bit WEP data encryption since the user-configurable portion of the encryption key is 40 bits
wide.
The 128-bit WEP data encryption method consists of 104 user-configurable bits. Similar to the
forty-bit WEP data encryption method, the remaining 24 bits are factory set and not user
configurable. Some vendors allow passphrases to be entered instead of the cryptic hexadecimal
characters to ease encryption key entry.
128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available
outside of the United States due to U.S. export regulations.
When configured for 40-bit encryption, 802.11 products typically support up to four WEP Keys.
Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). For
example, “12 34 56 78 90” is a 40-bit WEP Key.
When configured for 128-bit encryption, 802.11 products typically support four WEP Keys but
some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of
two hexadecimal digits (0-9 and A-F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90”
is a 128-bit WEP Key.
Page 95 / 120
Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302
Wireless Networking Basics
B-7
202-10078-01
Note:
Typically, 802.11 access points can store up to four 128-bit WEP Keys but some 802.11
client adapters can only store one. Therefore, make sure that your 802.11 access and client
adapters’ configurations match.
WEP Configuration Options
The WEP settings must match on all 802.11 devices that are within the same wireless network as
identified by the SSID. In general, if your mobile clients will roam between access points, then all
of the 802.11 access points and all of the 802.11 client adapters on the network must have the same
WEP settings.
Note:
Whatever keys you enter for an AP, you must also enter the same keys for the client adapter
in the same order. In other words, WEP key 1 on the AP must match WEP key 1 on the client
adapter, WEP key 2 on the AP must match WEP key 2 on the client adapter, and so on.
Note:
The AP and the client adapters can have different default WEP Keys as long as the keys are
in the same order. In other words, the AP can use WEP key 2 as its default key to transmit while a
client adapter can use WEP key 3 as its default key to transmit. The two devices will communicate
as long as the AP’s WEP key 2 is the same as the client’s WEP key 2 and the AP’s WEP key 3 is
the same as the client’s WEP key 3.
Wireless Channels
The wireless frequencies used by 802.11a/g networks are discussed below.
802.11b/g Wireless Channels
IEEE 802.11b/g wireless nodes communicate with each other using radio frequency signals in the
ISM (Industrial, Scientific, and Medical) band between 2.4 GHz and 2.5 GHz. Neighboring
Table B-1:
Encryption Key Sizes
Encryption Key Size
# of Hexadecimal Digits
Example of Hexadecimal Key Content
64-bit (24+40)
10
4C72F08AE1
128-bit (24+104)
26
4C72F08AE19D57A3FF6B260037

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top