NETGEAR WPN111 user manual Is WPA Perfect?, Product Support for WPA, AES Support

Page 66

User Manual for the NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111

With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver.

With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity code (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. The MIC field is encrypted together with the frame data and the ICV. Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to prevent replay attacks.

AES Support

One of the encryption methods supported by WPA beside TKIP is the advanced encryption standard (AES), although AES support will not be required initially for Wi-Fi certification. This is viewed as the optimal choice for security conscience organizations, but the problem with AES is that it requires a fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP was a pragmatic compromise that allows organizations to deploy better security while AES capable equipment is being designed, manufactured, and incrementally deployed.

Is WPA Perfect?

WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the Message Integrity Code (MIC) check within 60 seconds of each other then the network is under an active attack, and as a result, the access point employs counter measures, which includes disassociating each station using the access point. This prevents an attacker from gleaning information about the encryption key and alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More than anything else, this may just prove that no single security tactic is completely invulnerable. WPA is a definite step forward in WLAN security over WEP and has to be thought of as a single part of an end-to-end network security strategy.

Product Support for WPA

Starting in August, 2003, new NETGEAR, Inc. Wi-Fi certified products will support the WPA standard. Existing NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.

WPA requires software changes to the following:

Wireless access points

B -2 0

W ire le ss N e tworkin g B a sics

202-10076-01

Page 65 Page 67
Image 66
Page 65 Page 67
Contents NETGEAR, I n c Technical Support FCC Information to User Teste d to C om p ly Ta n d a rd sContents Troubleshooting Index Viii Chapter About This Manual Audience, Scope, ConventionsHow to Print this Manual Key Features Chapter IntroductionAbout the WPN111 Road Map for ‘How to Get There From Here’ What’s in the Box?Wire le ss n etwork On n e ct to a E n tify th e Wire le ss n e tworkWire le ss To le a rn a b ou t wire le ssCon n e ction Rovid e rs For you r ve rsion of W in d ows Ctiva te m yVe rify m y n e twork Ca b le or D S L se rvice Twork Rowse r su ch a sE P C I a m u sin g to Wire le ss a n dTwork Con n e ct to th e wire le ss Wire d n etwork Igh b orh oodTwork n e e d s to b e Wire le ss a n d Com p u te r su p p ort grou p sCom b in e d D P rin t S h a rin gChapter Basic Setup What You Need Before You BeginVerifying System Requirements Two Basic Operating Modes Observing Location and Range GuidelinesWPN111 Default Wireless Configuration Settings Basic Installation InstructionsFor Windows XP Users Installing a WPN111 Click Install Driver and UtilitySta llS h ie ld W iza rd Is 1 4 M b p s wh e re a s th e V1 typ eOrt, you With a W in d ows X P L ogo te stin gTh e se Ste p s, click th e H e lp b u tton in th e W P N 1 1202-10076-01 For Windows 2000 Users Installing a WPN111 N 1 1 1 R e sou rce C D Sta llS h ie ld W iza rdOu n d N e w H a rd wa re W iza rd Sp e e d is 1Ort is 4 8 0 M b p s N 1 1 1 S yste m Tra y I con Tility WPN111 Wireless Connection Indicators Interpreting the LED on the WPN111Or re se t Interpreting System Tray Icon Colors Chapter Configuration Understanding the Configuration OptionsUsing Configuration Profiles Connecting to an Access Point in Infrastructure Mode How to Configure an Infrastructure Mode ProfileRun the WPN111 Configuration Utility Configure the wireless Network settings Save your settings in a ProfileConnecting to Another PC in Ad-hoc Mode How to Configure an Ad-hoc Mode ProfileVerify wireless connectivity to your network Configure the PC network settings Windows Run program dialog boxHow to Start a Computer-to-Computer Ad-Hoc Network Ping test resultsEnabling Wireless Security Features How to Configure WEP Encryption Security Configure the Security settingsHow to Configure WPA-PSK Encryption Security Statistics Advanced SecurityAdvanced Settings Advanced Settings202-10076-01 Chapter Troubleshooting Basic TipsFrequently Asked Questions General QuestionsNew Hardware Wizard appears after installation has completed Rou b le s h ootin g Appendix a Technical Specifications Ch n ica l S p e cifica tion s Appendix B Wireless Networking Basics Wireless Networking OverviewInfrastructure Mode Ad Hoc Mode Peer-to-Peer Workgroup Network Name Extended Service Set Identification EssidWireless Channels 802.11b/g Wireless Channels For C a n a d a Re qu e n cy G H z 5 5 2 5 5 2For U S W for E u rop eWPN111 user can use thirteen channels in non-turbomode Wireless Security Overview 152160 802.1x WEP AuthenticationWEP Overview Cisco LeapAuthentication Open System Steps WEP Keys Bit WEPHow to Use WEP Parameters WEP Key Configuration802.1x Port Based Network Access Control Figure B-4 802.1x authentication WPA Wireless Security How Does WPA Compare to WEP? What are the Key Features of WPA Security? How Does WPA Compare to Ieee 802.11i?Figure B-5 WPA Overview Figure B-6 WPA/802.1x Authentication Sequence 202-10076-01 WPA Data Encryption Key Management Temporal Key Integrity Protocol TkipMichael Is WPA Perfect? Product Support for WPAAES Support Wireless network adapters Wireless client programs 202-10076-01 Install or Verify Windows Networking Components Appendix C Preparing Your PCs for Network AccessConfiguring Windows 98 and Me for TCP/IP Networking Preparing Your Computers for TCP/IP NetworkingRe p a rin g Y ou r P C s for N e twork a cce ss Choose Settings, and then Control Panel Enabling Dhcp in Windows 98 and MeLocate your Network Neighborhood icon Primary Network Logon is set to Windows logon Selecting Windows’ Internet Access Method Verifying TCP/IP PropertiesConfiguring Windows 2000 or XP for TCP/IP Networking Dhcp Configuration of TCP/IP in Windows XP or Dhcp Configuration of TCP/IP in Windows XPTCP/IP details are presented on Support tab Dhcp Configuration of TCP/IP in Windows Verify that Obtain an IP addressObtain an IP address automatically is selected Verifying TCP/IP Properties for Windows XP or 202-10076-01 Glossary DSL Internet service provider Ssid Wins 202-10076-01 Index Numerics
Related manuals
Manual 87 pages 60.77 Kb
Top Page Image Contents