Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

B-16

Wireless Networking Basics

202-10083-01

Is WPA Perfect?

WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS)

attacks. If the access point receives two data packets that fail the Message Integrity Code (MIC)

check within 60 seconds of each other then the network is under an active attack, and as a result,

the access point employs counter measures, which includes disassociating each station using the

access point. This prevents an attacker from gleaning information about the encryption key and

alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More

than anything else, this may just prove that no single security tactic is completely invulnerable.

WPA is a definite step forward in WLAN security over WEP and has to be thought of as a single

part of an end-to-end network security strategy.

Product Support for WPA

Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA

standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before

August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.

WPA requires software changes to the following:

•

Wireless access points

•

Wireless network adapters

•

Wireless client programs

Supporting a Mixture of WPA and WEP Wireless Clients

To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can

support both WEP and WPA clients at the same time. During the association, the wireless AP

determines which clients use WEP and which clients use WPA. The disadvantage to supporting a

mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because

WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are

maintained.

However, a mixed mode supporting WPA and non-WPA clients would offer network security that

is no better than that obtained with a non-WPA network, and thus this mode of operation is

discouraged.

Changes to Wireless Access Points

Wireless access points must have their firmware updated to support the following:

Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

Wireless Networking Basics

B-17

202-10083-01

•

The new WPA information element

To advertise their support of WPA, wireless APs send the beacon frame with a new 802.11

WPA information element that contains the wireless AP's security configuration (encryption

algorithms and wireless security configuration information).

•

The WPA two-phase authentication

Open system, then 802.1x (EAP with RADIUS or preshared key).

•

TKIP

•

Michael

•

AES

(optional)

To upgrade your wireless access points to support WPA, obtain a WPA firmware update from your

wireless AP vendor and upload it to your wireless AP.

Changes to Wireless Network Adapters

Wireless network adapters must have their firmware updated to support the following:

•

The new WPA information element

Wireless clients must be able to process the WPA information element and respond with a

specific security configuration.

•

The WPA two-phase authentication

Open system, then 802.1x (EAP or preshared key).

•

TKIP

•

Michael

•

AES

(optional)

To upgrade your wireless network adapters to support WPA, obtain a WPA update from your

wireless network adapter vendor and update the wireless network adapter driver.

For Windows wireless clients, you must obtain an updated network adapter driver that supports

WPA. For wireless network adapter drivers that are compatible with Windows XP (Service Pack 1)

and Windows Server 2003, the updated network adapter driver must be able to pass the adapter's

WPA capabilities and security configuration to the Wireless Zero Configuration service.

Microsoft has worked with many wireless vendors to embed the WPA firmware update in the

wireless adapter driver. So, to update you Windows wireless client, all you have to do is obtain the

new WPA-compatible driver and install the driver. The firmware is automatically updated when

the wireless network adapter driver is loaded in Windows.

Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

B-18

Wireless Networking Basics

202-10083-01

Changes to Wireless Client Programs

Wireless client programs must be updated to permit the configuration of WPA authentication (and

preshared key) and the new WPA encryption algorithms (TKIP and the optional AES component).

To obtain the Microsoft WPA client program, visit the following Microsoft Web site.

202-10083-01

Glossary

1

Glossary

Use the list below to find definitions for technical terms used in this manual.

Numeric

802.11b

IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS)

technology and operating in the unlicensed radio spectrum at 2.5GHz.

802.11g

An IEEE specification for wireless networking at 54 Mbps using direct-sequence spread-spectrum (DSSS)

technology and operating in the unlicensed radio spectrum at 2.5GHz. 802.11g is backwards compatible

with 802.11b.

10BASE-T

The IEEE specification for 10 Mbps Ethernet over Category 3, 4, or 5 twisted-pair cable.

100BASE-TX

The IEEE specification for 100 Mbps Fast Ethernet over Category 5 twisted-pair cable.

gain access.

A

ADSL

Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper

telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and

from 16 to 640 Kbps when sending data (known as the upstream rate).

ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world

gain access.

Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

2

Glossary

202-10083-01

B

Bandwidth

The information capacity, measured in bits per second, that a channel could transmit. Bandwidth examples

include 10 Mbps for Ethernet, 100 Mbps for Fast Ethernet, and 1000 Mbps (I Gbps) for Gigabit Ethernet.

C

Class of Service

A term to describe treating different types of traffic with different levels of service priority.

Higher priority

traffic gets faster treatment during times of switch congestion

D

DHCP

See “Dynamic Host Configuration Protocol.”

DSL

Short for digital subscriber line, but is commonly used in reference to the asymmetric version of this

technology (ADSL) that allows data to be sent over existing copper telephone lines at data rates of from 1.5

to 9 Mbps when receiving data (known as the downstream rate) and from 16 to 640 Kbps when sending data

(known as the upstream rate).

ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world

gain access.

Dynamic Host Configuration Protocol.

DHCP is a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing,

a device can have a different IP address every time it connects to the network. In some systems, the device's

IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP

addresses. Dynamic addressing simplifies network administration because the software tracks IP addresses

rather than requiring an administrator to manage the task. A new computer can be added to a network

without the hassle of manually assigning it a unique IP address.