1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. WGR614v5
    5. /
  5. 32
Page 156 / 172 Scroll up to view Page 151 - 155
Reference Manual for the 54 Mbps Wireless Router WGR614 v5
D-16
Wireless Networking Basics
June 2004 202-10036-01
Is WPA Perfect?
WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS)
attacks. If the access point receives two data packets that fail the Message Integrity Code (MIC)
check within 60 seconds of each other then the network is under an active attack, and as a result,
the access point employs counter measures, which includes disassociating each station using the
access point. This prevents an attacker from gleaning information about the encryption key and
alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More
than anything else, this may just prove that no single security tactic is completely invulnerable.
WPA is a definite step forward in WLAN security over WEP and has to be thought of as a single
part of an end-to-end network security strategy.
Product Support for WPA
Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA
standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before
August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
WPA requires software changes to the following:
Wireless access points
Wireless network adapters
Wireless client programs
Supporting a Mixture of WPA and WEP Wireless Clients
To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can
support both WEP and WPA clients at the same time. During the association, the wireless AP
determines which clients use WEP and which clients use WPA. The disadvantage to supporting a
mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because
WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are
maintained.
However, a mixed mode supporting WPA and non-WPA clients would offer network security that
is no better than that obtained with a non-WPA network, and thus this mode of operation is
discouraged.
Changes to Wireless Access Points
Wireless access points must have their firmware updated to support the following:
Page 157 / 172
Reference Manual for the 54 Mbps Wireless Router WGR614 v5
Wireless Networking Basics
D-17
June 2004 202-10036-01
The new WPA information element
To advertise their support of WPA, wireless APs send the beacon frame with a new 802.11
WPA information element that contains the wireless AP's security configuration (encryption
algorithms and wireless security configuration information).
The WPA two-phase authentication
Open system, then 802.1x (EAP with RADIUS or preshared key).
TKIP
Michael
AES
(optional)
To upgrade your wireless access points to support WPA, obtain a WPA firmware update from your
wireless AP vendor and upload it to your wireless AP.
Changes to Wireless Network Adapters
Wireless network adapters must have their firmware updated to support the following:
The new WPA information element
Wireless clients must be able to process the WPA information element and respond with a
specific security configuration.
The WPA two-phase authentication
Open system, then 802.1x (EAP or preshared key).
TKIP
Michael
AES
(optional)
To upgrade your wireless network adapters to support WPA, obtain a WPA update from your
wireless network adapter vendor and update the wireless network adapter driver.
For Windows wireless clients, you must obtain an updated network adapter driver that supports
WPA. For wireless network adapter drivers that are compatible with Windows XP (Service Pack 1)
and Windows Server 2003, the updated network adapter driver must be able to pass the adapter's
WPA capabilities and security configuration to the Wireless Zero Configuration service.
Microsoft has worked with many wireless vendors to embed the WPA firmware update in the
wireless adapter driver. So, to update you Windows wireless client, all you have to do is obtain the
new WPA-compatible driver and install the driver. The firmware is automatically updated when
the wireless network adapter driver is loaded in Windows.
Page 158 / 172
Reference Manual for the 54 Mbps Wireless Router WGR614 v5
D-18
Wireless Networking Basics
June 2004 202-10036-01
Changes to Wireless Client Programs
Wireless client programs must be updated to permit the configuration of WPA authentication (and
preshared key) and the new WPA encryption algorithms (TKIP and the optional AES component).
To obtain the Microsoft WPA client program, visit the following Microsoft Web site.
Page 159 / 172
June 2004 202-10036-01
Glossary
1
Glossary
Use the list below to find definitions for technical terms used in this manual.
List of Glossary Terms
10BASE-T
IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring.
100BASE-Tx
IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring.
802.1x
802.1x defines port-based, network access control used to provide authenticated network access and
automated data encryption key management.
The IEEE 802.1x draft standard offers an effective framework for authenticating and controlling user traffic
to a protected network, as well as dynamically varying encryption keys. 802.1x uses a protocol called EAP
(Extensible Authentication Protocol) and supports multiple authentication methods, such as token cards,
Kerberos, one-time passwords, certificates, and public key authentication. For details on EAP specifically,
refer to IETF's RFC 2284.
802.11a
IEEE specification for wireless networking at 54 Mbps operating in unlicensed radio bands over 5GHz.
802.11b
IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS)
technology and operating in the unlicensed radio spectrum at 2.5GHz.
802.11g
A soon to be ratified IEEE specification for wireless networking at 54 Mbps using direct-sequence
spread-spectrum (DSSS) technology and operating in the unlicensed radio spectrum at 2.5GHz. 802.11g is
backwards compatible with 802.11b.
ADSL
Short for asymmetric digital subscriber line, a technology that allows data to be sent over existing copper
telephone lines at data rates of from 1.5 to 9 Mbps when receiving data (known as the downstream rate) and
from 16 to 640 Kbps when sending data (known as the upstream rate).
Page 160 / 172
Reference Manual for the 54 Mbps Wireless Router WGR614 v5
2
Glossary
June 2004 202-10036-01
ADSL requires a special ADSL modem. ADSL is growing in popularity as more areas around the world
gain access.
AES
Advanced Encryption Standard, a symmetric 128-bit block data encryption technique.
It is an iterated block cipher with a variable block length and a variable key length. The block length and the
key length can be independently specified to 128, 192 or 256 bits.The U.S government adopted the
algorithm as its encryption technique in October 2000, replacing the DES encryption it used. AES works at
multiple network layers simultaneously.
ARP
Address Resolution Protocol, a TCP/IP protocol used to convert an IP address into a physical address (called
a DLC address), such as an Ethernet address.
A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host
on the network that has the IP address in the request then replies with its physical hardware address. There is
also Reverse ARP (RARP) which can be used by a host to discover its IP address. In this case, the host
broadcasts its physical address and a RARP server replies with the host's IP address.
Auto Uplink
Auto Uplink
TM
technology (also called MDI/MDIX) eliminates the need to worry about crossover vs.
straight-through Ethernet cables. Auto Uplink
TM
will accommodate either type of cable to make the right
connection.
Cat 5
Category 5
unshielded twisted pair (UTP) cabling. An Ethernet network operating at 10 Mbits/second
(10BASE-T) will often tolerate low quality cables, but at 100 Mbits/second (10BASE-Tx) the cable must be
rated as Category 5, or Cat 5 or Cat V, by the Electronic Industry Association (EIA).
This rating will be printed on the cable jacket. Cat 5 cable contains eight conductors, arranged in four
twisted pairs, and terminated with an RJ45 type connector. In addition, there are restrictions on maximum
cable length for both 10 and 100 Mbits/second networks.
Denial of Service attack
DoS. A hacker attack designed to prevent your computer or network from operating or communicating.
DHCP
An Ethernet protocol specifying how a centralized DHCP server can assign network configuration
information to multiple DHCP clients. The assigned information includes IP addresses, DNS addresses, and
gateway (router) addresses.
DMZ
A Demilitarized Zone is used by a company that wants to host its own Internet services without sacrificing
unauthorized access to its private network.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top