NETGEAR WAG302 manual Temporal Key Integrity Protocol Tkip

Page 105

Reference Manual for the NETGEAR ProSafe Dual Band Wireless Access Point WAG302

Temporal Key Integrity Protocol (TKIP)

WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the following:

The verification of the security configuration after the encryption keys are determined.

The synchronized changing of the unicast encryption key for each frame.

The determination of a unique starting unicast encryption key for each preshared key authentication.

Michael

With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver.

With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity check (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. The MIC field is encrypted together with the frame data and the ICV.

Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to prevent replay attacks.

Optional AES Support to be Phased In

One of the encryption methods supported by WPA, besides TKIP, is the advanced encryption standard (AES), although AES support will not be required initially for Wi-Fi certification. This is viewed as the optimal choice for security conscience organizations, but the problem with AES is that it requires a fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP is a pragmatic compromise that allows organizations to deploy better security while AES capable equipment is being designed, manufactured, and incrementally deployed.

Wireless Networking Basics

B-17

202-10078-01

Image 105
Contents NETGEAR, Inc Technical Support Tested to Comply with FCC Standards WAG302 ProSafe Dual Band Wireless Access PointDeclaration of Conformity Industry Canada Compliance Statement Product and Publication Details Contents Chapter Management Appendix a Specifications Appendix C Command Line Reference Chapter About This Manual Audience, Scope, Conventions, and FormatsBold How to Use This Manual Printing a Page in the Html View How to Print this ManualAbout This Manual Chapter Introduction About the WAG302 ProSafe Dual Band Wireless Access PointSupported Standards and Conventions Key FeaturesAutoCell-The Self-Organizing Wireless Network 802.11a/g Standards-based Wireless Networking Compatible and Related Netgear ProductsAutosensing Ethernet Connections with Auto Uplink What’s In the Box? System RequirementsHardware Description Front Panel100 Rear Panel 802.11a Wlan802.11g Wlan Serial Console Port Observing Placement and Range Guidelines Chapter Basic Installation and ConfigurationCabling Requirements Time Zone Adjust for Daylight Saving TIme Disabled Default Factory SettingsEnabled but Trap forwarding is disabled Secure Telnet EnabledLUHOHVVDWD 6HFXULW\2SWLRQV Understanding WAG302 Wireless Security OptionsSET UP the WAG302 Access Point Installing the WAG302 Access PointLogin window Web browser will then display the WAG302 General information Basic Settings menu Basic Installation and Configuration Wireless Settings 11a menu Deploy the WAG302 Access Point How to Log In to the WAG302 Using Its Default IP Address Wireless Settings 11a Understanding Basic Wireless SettingsBasic Installation and Configuration Wireless Settings 11b/g Basic Installation and Configuration Basic Installation and Configuration Understanding WEP/WPA Security Options 10 WEP/WPA Settings menus for 11a and 11b/gBasic Installation and Configuration 802.11a Configuration Before You Change the Ssid and WEP Settings802.11b/g Configuration How to Set Up and Test Basic Wireless Connectivity Access Control 11a menu Access Control 11b/g menu How to Restrict Wireless Access by MAC AddressHow to Configure WEP Click Apply to save your settings How to Configure WPA with Radius 13 Radius Server Settings menu 14 WEP/WPA Settings menus for 11a and 11bg 15 WEP/WPA Settings menus for 11a and 11bg How to Configure WPA-PSKIP Address Using the Basic IP Settings OptionsSpanning Tree Protocol Basic Installation and Configuration Remote Management Chapter ManagementHow to Use the CLI via the Console Port Using the Secure Telnet InterfaceSecure Telnet Client CLI CommandsSyslog and Activity Log information Using Syslog and Activity Log InformationGeneral Information Viewing General and Statistical InformationField Description Access Point Information Current IP SettingsCurrent Wireless Settings 11a Field Description Current Wireless Settings 11b/g Field Description Wired Ethernet Received/Transmitted Wireless 11a Received/TransmittedStatistics Field Description Wireless 11b/g Received/Transmitted Viewing a List of Attached DevicesRefresh button Configuration File Management Upgrading the Wireless Access Point SoftwareRestoring the WAG302 to the Factory Default Settings Saving and Retrieving the ConfigurationRebooting the Access Point Using the Reset Button to Restore Factory Default SettingsSet Password menu Changing the Administrator PasswordManagement Understanding Advanced IP Settings for Wireless Clients Chapter Advanced ConfigurationAdvanced IP Settings for Wireless Clients screen Understanding Advanced Wireless Settings Enhance RF Privacy -- Default Disable Problem AutoCell SettingsAuto RF Management -- Default Enable AutoCell RF ManagementAuto RF Management Enhanced RF Security ‘Stealth Mode’ Additional AutoCell View Management Options Advanced Wireless Settings screen Configuring Wireless LAN ParametersEnabling Wireless Bridging and Repeating Point-to-Point Bridge How to Configure a WAG302 as a Point-to-Point BridgeManual Advanced Configuration Multi-Point bridging How to Configure Wireless RepeatingAdvanced Configuration No lights are lit on the access point Chapter TroubleshootingLAN light is not lit Wireless LAN activity light does not light upWhen I enter a URL or IP address I get a timeout error Cannot connect to the WAG302 to configure itUsing the Reset Button to Restore Factory Default Settings Appendix a Specifications Specifications for the WAG302Parameter WAG302 ProSafe Dual Band Wireless Access Point Specifications Appendix B Wireless Networking Basics Wireless Networking OverviewInfrastructure Mode Network Name Extended Service Set Identification Essid Ad Hoc Mode Peer-to-Peer WorkgroupAuthentication Authentication and WEP Data Encryption802.11b Authentication Open System Steps 802.11b Authentication Shared Key Steps Key Size Wireless Channels WEP Configuration Options802.11b/g Wireless Channels Channel Center Frequency Frequency Spread Table B-2 802.11b/g Radio Frequency ChannelsChannel Frequency 802.11a Wireless ChannelsWAG302 user can use five channels in turbo mode WPA Wireless SecurityHow Does WPA Compare to WEP? How Does WPA Compare to Ieee 802.11i? What are the Key Features of WPA Security?Wireless Networking Basics Radius Server Figure B-3 WPA OverviewAccess point replies with an EAP-request identity message WPA Data Encryption Key Management Temporal Key Integrity Protocol Tkip Product Support for WPA Is WPA Perfect?Changes to Wireless Access Points Changes to Wireless Client Programs Command Sets Appendix C Command Line ReferenceCommand Line Reference Command Line Reference Command Line Reference 802.1x 100BASE-Tx802.11a 802.11bAuto Uplink CatCertificate Authority Domain Name Dynamic Host Configuration ProtocolLocal area network Internet ProtocolMAC address MbpsNetmask NetBIOSNetwork Address Translation PacketWide area network Wi-Fi Windows Internet Naming ServiceWireless Network Name Ssid Glossary
Related manuals
Manual 2 pages 4.37 Kb