Page 56 / 66 Scroll up to view Page 51 - 55
Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch
B-16
Wireless Networking Basics
202-10083-01
Is WPA Perfect?
WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS)
attacks. If the access point receives two data packets that fail the Message Integrity Code (MIC)
check within 60 seconds of each other then the network is under an active attack, and as a result,
the access point employs counter measures, which includes disassociating each station using the
access point. This prevents an attacker from gleaning information about the encryption key and
alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More
than anything else, this may just prove that no single security tactic is completely invulnerable.
WPA is a definite step forward in WLAN security over WEP and has to be thought of as a single
part of an end-to-end network security strategy.
Product Support for WPA
Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA
standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before
August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
WPA requires software changes to the following:
Wireless access points
Wireless network adapters
Wireless client programs
Supporting a Mixture of WPA and WEP Wireless Clients
To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can
support both WEP and WPA clients at the same time. During the association, the wireless AP
determines which clients use WEP and which clients use WPA. The disadvantage to supporting a
mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because
WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are
maintained.
However, a mixed mode supporting WPA and non-WPA clients would offer network security that
is no better than that obtained with a non-WPA network, and thus this mode of operation is
discouraged.
Changes to Wireless Access Points
Wireless access points must have their firmware updated to support the following:
Page 57 / 66
Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch
Wireless Networking Basics
B-17
202-10083-01
The new WPA information element
To advertise their support of WPA, wireless APs send the beacon frame with a new 802.11
WPA information element that contains the wireless AP's security configuration (encryption
algorithms and wireless security configuration information).
The WPA two-phase authentication
Open system, then 802.1x (EAP with RADIUS or preshared key).
TKIP
Michael
AES
(optional)
To upgrade your wireless access points to support WPA, obtain a WPA firmware update from your
wireless AP vendor and upload it to your wireless AP.
Changes to Wireless Network Adapters
Wireless network adapters must have their firmware updated to support the following:
The new WPA information element
Wireless clients must be able to process the WPA information element and respond with a
specific security configuration.
The WPA two-phase authentication
Open system, then 802.1x (EAP or preshared key).
TKIP
Michael
AES
(optional)
To upgrade your wireless network adapters to support WPA, obtain a WPA update from your
wireless network adapter vendor and update the wireless network adapter driver.
For Windows wireless clients, you must obtain an updated network adapter driver that supports
WPA. For wireless network adapter drivers that are compatible with Windows XP (Service Pack 1)
and Windows Server 2003, the updated network adapter driver must be able to pass the adapter's
WPA capabilities and security configuration to the Wireless Zero Configuration service.
Microsoft has worked with many wireless vendors to embed the WPA firmware update in the
wireless adapter driver. So, to update you Windows wireless client, all you have to do is obtain the
new WPA-compatible driver and install the driver. The firmware is automatically updated when
the wireless network adapter driver is loaded in Windows.
Page 58 / 66
Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch
B-18
Wireless Networking Basics
202-10083-01
Changes to Wireless Client Programs
Wireless client programs must be updated to permit the configuration of WPA authentication (and
preshared key) and the new WPA encryption algorithms (TKIP and the optional AES component).
To obtain the Microsoft WPA client program, visit the following Microsoft Web site.
Page 59 / 66
202-10083-01
Glossary
1
Glossary
Use the list below to find definitions for technical terms used in this manual.
Numeric
802.11b
IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS)
technology and operating in the unlicensed radio spectrum at 2.5GHz.
802.11g
An IEEE specification for wireless networking at 54 Mbps using direct-sequence spread-spectrum (DSSS)
technology and operating in the unlicensed radio spectrum at 2.5GHz. 802.11g is backwards compatible
with 802.11b.
10BASE-T
The IEEE specification for 10 Mbps Ethernet over Category 3, 4, or 5 twisted-pair cable.
100BASE-TX
The IEEE specification for 100 Mbps Fast Ethernet over Category 5 twisted-pair cable.
gain access.
A
ADSL
Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper
telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and
from 16 to 640 Kbps when sending data (known as the upstream rate).
ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world
gain access.
Page 60 / 66
Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch
2
Glossary
202-10083-01
B
Bandwidth
The information capacity, measured in bits per second, that a channel could transmit. Bandwidth examples
include 10 Mbps for Ethernet, 100 Mbps for Fast Ethernet, and 1000 Mbps (I Gbps) for Gigabit Ethernet.
C
Class of Service
A term to describe treating different types of traffic with different levels of service priority.
Higher priority
traffic gets faster treatment during times of switch congestion
D
DHCP
See “Dynamic Host Configuration Protocol.”
DSL
Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this
technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5
to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data
(known as the upstream rate).
ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world
gain access.
Dynamic Host Configuration Protocol.
DHCP is a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing,
a device can have a different IP address every time it connects to the network. In some systems, the device's
IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP
addresses. Dynamic addressing simplifies network administration because the software tracks IP addresses
rather than requiring an administrator to manage the task. A new computer can be added to a network
without the hassle of manually assigning it a unique IP address.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top