NETGEAR WG111U user manual WPA Data Encryption Key Management

Page 76

User’s Manual for the NETGEAR Super AG Wireless USB 2.0 Adapter WG111U

3.The client sends an EAP-response packet containing the identity to the authentication server. The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS).

4.The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or some other EAP authentication type.

5.The authentication server will either send an accept or reject message to the access point.

6.The access point sends an EAP-success packet (or reject packet) to the client.

7.If the authentication server accepts the client, then the access point will transition the client's port to an authorized state and forward additional traffic.

The important part to know at this point is that the software supporting the specific EAP type resides on the authentication server and within the operating system or application “supplicant” software on the client devices. The access point acts as a “pass through” for 802.1x messages, which means that you can specify any EAP type without needing to upgrade an 802.1x-compliant access point. As a result, you can update the EAP authentication type to such devices as token cards (Smart Cards), Kerberos, one-time passwords, certificates, and public key authentication or as newer types become available and your requirements for security change.

WPA Data Encryption Key Management

With 802.1x, the rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1x provide no mechanism to change the global encryption key used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required.

For the unicast encryption key, the Temporal Key Integrity Protocol (TKIP) changes the key for every frame, and the change is synchronized between the wireless client and the wireless access point (AP). For the global encryption key, WPA includes a facility (the Information Element) for the wireless AP to advertise the changed key to the connected wireless clients.

If configured to implement dynamic key exchange, the 802.1x authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1x implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

B-14

Wireless Networking Basics

202-10065-01

Image 76
Contents 202-10065-01 Technical Support Certificate of the Manufacturer/ImporterDeclaration Of Conformity FCC Guidelines for Human ExposureFCC Requirements for Operation in the United States Operation Using 2.4 GHz Channels in France Export RestrictionsMetropolitan Regions with Eased Restrictions in 2.4GHz Band Operation Using 5 GHz Channels in the European Community Allowed 5GHz Channels in Each European Community CountryVii Viii Contents Chapter Configuration Appendix C Preparing Your Network to Work with a Router Glossary Index Manual Specifications Chapter About This ManualAudience, Scope, Conventions Typographical conventionsHow to Use this Manual Html version of this manualHow to Print this Manual About This Manual Chapter Introduction About the WG111UKey Features 802.11a and 802.11b/g Wireless NetworkingComparison of Wireless Modes Comparing the 802.11a, 802.11b, and 802.11g ModesRoad Map for ‘How to Get There From Here’ What’s in the Box?Road Map for How to Get There From Here If I Want To? What’s Needed? What Do I Do? How Do I?Netgear Super AG Netgear Super AG Wireless Wired network Wirelessly connect What You Need Before You Begin Chapter Basic SetupVerifying System Requirements Determining Placement of the USB Adapter Observing Location and Range GuidelinesTwo Basic Operating Modes Attach fastener to back of plastic cradleWG111U Default Wireless Configuration Settings Basic Installation InstructionsFor Windows XP Users Installing a WG111U Install the Netgear Super AG Wireless USB 2.0 Adapter WG111U Configure your WG111U Verify wireless connectivity to your network For Windows 2000, ME, and 98SE Users Installing a WG111U Found New Hardware Wizard WG111U System Tray Icon Configure your WG111U WG111U Wireless Connection Indicators Status LED Interpreting the LED on the WG111ULED Descriptions Interpreting System Tray Icon Colors Color Condition DescriptionRed YellowUnderstanding the Configuration Options Chapter ConfigurationUsing Configuration Profiles How to Configure an Infrastructure Mode Profile Connecting to an Access Point in Infrastructure ModeRun the WG111U Smart Wireless Wizard Configure the wireless network settings Save your settings in a ProfileHow to Configure an Ad-hoc Mode Profile Connecting to Another PC in Ad-hoc ModeConfigure the PC network settings Ad-Hoc Setting dialog box Ping -t 192.168.0.1 and then click OK What’s on the Statistics Page? StatisticsUnderstanding the Advanced Settings Advanced SettingsEuropean Regulatory Requirements for Transmit Power Control TPC Configuration ProcedureConfiguration Chapter Wireless Security Configuration Understanding the Security OptionsUsing WEP Security Basic Requirements for WEPWireless Network Name Ssid WEP Security Settings WorksheetWEP Security Encryption Key Configure the Network Name Ssid settings How to Configure WEP Encryption SecurityConfigure the WEP settings Using WPA-PSK Advanced Security Basic Requirements for WPA-PSKWPA-PSK Security Settings Worksheet How to Configure WPA-PSK Advanced SecurityConfigure the WPA-PSK settings WPA-PSK settings screenWireless Security Configuration Chapter Troubleshooting Basic TipsAd Hoc mode is not working correctly Frequently Asked QuestionsGeneral Questions How to use XP’s own Wireless configuration utility New Hardware Wizard appears after installation has completedTroubleshooting Appendix a Technical Specifications USBTechnical Specifications Wireless Networking Overview Appendix B Wireless Networking BasicsInfrastructure Mode Network Name Extended Service Set Identification Essid Ad Hoc Mode Peer-to-Peer WorkgroupWireless Channels Radio frequency channels used are listed in Table B-1 Table B-1 802.11g Radio Frequency ChannelsWEP Wireless Security WEP AuthenticationAccess point have the same WEP are described below Authentication Shared Key Steps Key Size and Configuration WPA Wireless Security How to Use WEP ParametersHow Does WPA Compare to WEP? What are the Key Features of WPA Security? How Does WPA Compare to Ieee 802.11i?Wireless Networking Basics Login Authentication Figure B-3 WPA OverviewFigure B-4 802.1x Authentication Sequence WPA Data Encryption Key Management Temporal Key Integrity Protocol Tkip Supporting a Mixture of WPA and WEP Wireless Clients Changes to Wireless Access PointsIs WPA Perfect? Product Support for WPAWPA two-phase authentication Changes to Wireless Network AdaptersNew WPA information element MichaelChanges to Wireless Client Programs Computer Network Configuration Requirements Appendix C Preparing Your Network to Work with a RouterWhat You Need To Use a Router with a Broadband Modem Cabling and Computer HardwareInternet Configuration Requirements Where Do I Get the Internet Configuration Parameters?Record Your Internet Connection Information Preparing Your Computers for TCP/IP Networking Installing or Verifying Windows Networking Components Configuring Windows 95, 98, and Me for TCP/IP NetworkingInstalling a New Adapter Installing TCP/IP Installing the Client for Microsoft NetworksVerify the Configuration Settings Open the Network PanelVerify the Properties IP Address Setting Selecting the Windows’ Internet Access MethodVerifying TCP/IP Properties Configuring Windows NT4, 2000 or XP for IP Networking Configuring Dhcp of TCP/IP in Windows XP, 2000, or NT4 Dhcp Configuration of TCP/IP in Windows XPOpen the Network Connection Window Go to the Network Connection Status windowGo to Properties Set Dhcp for TCP/IPDhcp Configuration of TCP/IP in Windows Check the Local Area Connection Properties SettingsComplete the configuration Check the Internet Protocol PropertiesDhcp Configuration of TCP/IP in Windows NT4 Go to TCP/IP PropertiesVerifying TCP/IP Properties for Windows XP, 2000, and NT4 Set the TCP/IP PropertiesMacOS 8.6 or Configuring the Macintosh for TCP/IP NetworkingMacOS Verifying the Readiness of Your Internet Account Verifying TCP/IP Properties for Macintosh ComputersAre Login Protocols Used? What Is Your Configuration Information?Select the Gateway tab Restarting the Network Glossary Glossary-2 Glossary Glossary-3 Glossary-4 Glossary Glossary-5 Glossary-6 Index NumericsIndex-2