Manuals / NETGEAR / Computer Equipment / Network Router

NETGEAR WGR614v7 manual Is WPA/WPA2 Perfect?, Product Support for WPA/WPA2

Models: WGR614v7

1 154

Download 154 pages 30.59 Kb

Page 138

54 Mbps Wireless Router WGR614v7 Reference Manual

Is WPA/WPA2 Perfect?

WPA/WPA2 is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the message integrity code (MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, the access point employs counter measures, which include disassociating each station using the access point. This prevents an attacker from gleaning information about the encryption key and alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More than anything else, this may just prove that no single security tactic is completely invulnerable. WPA/WPA2 is a definite step forward in WLAN security over WEP and has to be thought of as a single part of an end-to-end network security strategy.

Product Support for WPA/WPA2

Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.

WPA/WPA2 requires software changes to the following:

•Wireless access points

•Wireless network adapters

•Wireless client programs

Supporting a Mixture of WPA, WPA2, and WEP Wireless Clients is Discouraged

To support the gradual transition of WEP-based wireless networks to WPA/WPA2, a wireless AP can support both WEP and WPA/WPA2 clients at the same time. During the association, the wireless AP determines which clients use WEP and which clients use WPA/WPA2. The disadvantage to supporting a mixture of WEP and WPA/WPA2 clients is that the global encryption key is not dynamic. This is because WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are maintained.

However, a mixed mode supporting WPA/WPA2 and non-WPA/WPA2 clients would offer network security that is no better than that obtained with a non-WPA/WPA2 network, and thus this mode of operation is discouraged.

D-16	Wireless Networking Basics

April 2006

Image 138

NETGEAR WGR614v7 manual Is WPA/WPA2 Perfect?, Product Support for WPA/WPA2

Contents

54 Mbps Wireless Router WGR614v7 Reference Manual AprilNETGEAR, Inc Statement of Conditions EN 55 022 Declaration of ConformanceApril Customer Support Bestätigung des Herstellers/ImporteursCertificate of the Manufacturer/Importer AprilModel Number Product and Publication DetailsApril WGR614v7Chapter About This Manual ContentsConfiguring the Internet and Wireless Settings ChapterAdvanced Configuration of the Router Chapter Content FilteringMaintenance ChapterChapter TroubleshootingTechnical Specifications Appendix AAppendix C Preparing Your NetworkApril Appendix D Wireless Networking BasicsContents GlossaryContents AprilChapter About This Manual Audience, Scope, Conventions, and Formatshttp//kbserver.netgear.com/products/WGR614v7.asp How to Use This Manual Printing a Chapter How to Print this ManualPrinting a Page in the HTML View Printing the Full Manual54 Mbps Wireless Router WGR614v7 Reference Manual About This ManualApril Key Features Chapter Introduction802.11g Wireless Networking A Powerful, True Firewall with Content FilteringSecurity Autosensing Ethernet Connections with Auto UplinkExtensive Protocol Support Easy Installation and Management Package Contents Maintenance and SupportThe Router’s Front Panel Figure 2-1 WGR614v7 Front PanelStatus Light Descriptions The Router’s Rear Panel AC power adapter outlet for 12 V DC @ 1A output, 22W maximum4 3 2 54 Mbps Wireless Router WGR614v7 Reference Manual IntroductionApril Chapter 3 Configuring the Internet and Wireless Settings Initial ConfigurationLogging Into Your Router 3. Click OK and the resulting window below appears 54 Mbps Wireless Router WGR614v7 Reference ManualFigure 3-3 Login result AprilChanging Your Configuration Internet SettingsBasic Settings, No Login For the most current documentation, go to http//kbserver.netgear.com/productsautomatic/WGR614v6.aspIf you have a cable modem, this is usually the Workgroup name Usually, select Use Default MAC Address Wireless Settings Wireless SettingsWireless Settings Wireless SettingsSecurity Options Default Factory Settings http//kbserver.netgear.com/products/WGR614v6.asp How to Bypass the Configuration AssistantNETGEAR Product Registration, Support, and Documentation http//kbserver.netgear.com/documentation/WGR614v6.asp3-12 54 Mbps Wireless Router WGR614v7 Reference ManualConfiguring the Internet and Wireless Settings AprilChapter Content Filtering Content Filtering OverviewBlocking Access to Internet Sites Blocking Access to Internet Services Configuring a User Defined Service Figure 4-3 Add Services menuScheduling When Blocking Will Be Enforced Configuring Services Blocking by IP Address RangeViewing Logs of Web Access or Attempted Web Access Configuring E-Mail Alert and Web Access Log Notifications Turn e-mail notification on Chapter Maintenance Viewing Wireless Router Status InformationApril 54 Mbps Wireless Router WGR614v7 Reference ManualWireless Router Status Fields FieldFigure 5-2 Connection Status screen 54 Mbps Wireless Router WGR614v7 Reference ManualWireless Router Status Fields continued Connection Status ItemsFigure 5-3 Router Statistics screen 54 Mbps Wireless Router WGR614v7 Reference ManualConnection Status Items continued Router Statistics ItemsRouter Statistics Items continued Configuration File ManagementViewing a List of Attached Devices Figure 5-4 Attached Devices menuRestoring and Backing Up the Configuration Erasing the Configuration Upgrading the Router SoftwareChanging the Administrator Password Figure 5-7 Set Password menu 5-10 54 Mbps Wireless Router WGR614v7 Reference ManualMaintenance AprilChapter 6 Advanced Configuration of the Router Configuring Port TriggeringPort Triggering Timeout Configuring Port Forwarding to Local Servers 3. Click the Add button Adding a Custom Service Editing or Deleting a Port Forwarding EntryLocal Web and FTP Server Example Multiple Computers for Half Life, KALI or Quake III ExampleConfiguring the WAN Setup Options Connect Automatically, as RequiredSetting Up a Default DMZ Server Disabling the SPI FirewallResponding to Ping on Internet WAN Port Using the LAN IP Setup Options Setting the MTU SizeConfiguring LAN TCP/IP Setup Parameters Using the Router as a DHCP server Using Address Reservation Figure 6-7 Address Reservation menuUsing a Dynamic DNS Service Configuring Static Routes To add or edit a Static Route Enabling Remote Management Access To configure your router for Remote Management Using Universal Plug and Play UPnP Figure 6-12. UPnP MenuNote If you use applications such as multi-player gaming, peer-to-peer connections, real time communications such as instant messaging, or remote assistance a feature in Windows XP, you should enable UPnP 6-20 54 Mbps Wireless Router WGR614v7 Reference ManualAdvanced Configuration of the Router AprilChapter Troubleshooting Power Light Not OnBasic Functioning Lights Never Turn Off LAN or WAN Port Lights Not OnTroubleshooting the Web Configuration Interface Troubleshooting the ISP Connection Troubleshooting a TCP/IP Network Using a Ping Utility Testing the LAN Path to Your RouterTesting the Path from Your Computer to a Remote Device Restoring the Default Configuration and Password Problems with Date and TimePage Physical Specifications Appendix A Technical SpecificationsPower Adapter Environmental Specifications54 Mbps Wireless Router WGR614v7 Reference Manual WirelessApril Related Publications What is a Router?Appendix B Network, Routing, Firewall, and Basics Basic Router ConceptsIP Addresses and the Internet Routing Information ProtocolThe five address classes are Class A Netmask Subnet AddressingFigure B-2 Example of Subnetting a Class B Address Number of Bits Dotted-Decimal Value Table 7-1. Netmask Notation Translation Table for One OctetTable 7-2. Netmask Formats Dotted-Decimal MasklengthSingle IP Address Operation Using NAT Private IP AddressesMAC Addresses and Address Resolution Protocol Related Documents Domain Name ServerIP Configuration by DHCP What is a Firewall?Internet Security and Firewalls Ethernet Cabling Denial of Service AttackStateful Packet Inspection Category 5 Cable Quality Inside Twisted Pair CablesFigure B-4 Straight-Through Twisted-Pair Cable 54 Mbps Wireless Router WGR614v7 Reference ManualFigure B-5 illustrates crossover twisted pair cable Figure B-5 Crossover Twisted-Pair CableUplink Switches, Crossover Cables, and MDI/MDIX Switching Figure B-6 Category 5 UTP Cable with Male RJ-45 Plug at Each EndThe wireless router incorporates Auto UplinkTM technology also called MDI/MDIX. Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection e.g. connecting to a computer or an uplink connection e.g. connecting to a router, switch, or hub. That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto UplinkTM will accommodate either type of cable to make the right connection Network, Routing, Firewall, and Basics 54 Mbps Wireless Router WGR614v7 Reference ManualB-16 AprilWhat You Need To Use a Router with a Broadband Modem Computer Network Configuration RequirementsAppendix C Preparing Your Network Cabling and Computer HardwareInternet Configuration Requirements Where Do I Get the Internet Configuration Parameters?Preparing Your Computers for TCP/IP Networking Record Your Internet Connection InformationConfiguring Windows 95, 98, and Me for TCP/IP Networking Install or Verify Windows Networking ComponentsIf you need to install a new adapter, follow these steps Choose Settings, and then Control Panel Locate your Network Neighborhood iconClient for Microsoft Network exists Ethernet adapter is present Verify the following settings as shown54 Mbps Wireless Router WGR614v7 Reference Manual TCP/IP is presentSelecting Windows’ Internet Access Method Verifying TCP/IP PropertiesConfiguring Windows NT4, 2000 or XP for IP Networking Install or Verify Windows Networking ComponentsDHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 DHCP Configuration of TCP/IP in Windows XPLocate your Network Neighborhood icon Administrator logon access rights are needed to use this window DHCP Configuration of TCP/IP in Windows Right click on Local Area Connection and select Properties The Local Area Connection Properties dialog box appearsObtain an IP address automatically is selected Obtain DNS server address automatically is selectedDHCP Configuration of TCP/IP in Windows NT4 Preparing Your Network 54 Mbps Wireless Router WGR614v7 Reference ManualC-16 AprilVerifying TCP/IP Properties for Windows XP, 2000, and NT4 The TCP/IP Properties dialog box now displaysConfiguring the Macintosh for TCP/IP Networking MacOS 8.6 orMacOS Verifying TCP/IP Properties for Macintosh Computers Are Login Protocols Used? What Is Your Configuration Information?Verifying the Readiness of Your Internet Account Obtaining ISP Configuration Information for Windows Computers mail.xxx.yyy.comObtaining ISP Configuration Information for Macintosh Computers Restarting the Network 54 Mbps Wireless Router WGR614v7 Reference ManualApril Preparing Your Network 54 Mbps Wireless Router WGR614v7 Reference ManualC-24 AprilAppendix D Wireless Networking Basics Wireless Networking OverviewInfrastructure Mode Authentication and WEP Data Encryption Ad Hoc Mode Peer-to-Peer WorkgroupNetwork Name Extended Service Set Identification ESSID 802.11 Authentication Open System Authentication802.11b Authentication Open System Steps 802.11b Authentication Shared Key Steps 1. Do Not Use WEP The network uses Open SystemTable D-1 Key SizeExample of Hexadecimal Key Content Encryption Key SizesWireless Channels WEP Configuration OptionsWPA and WPA2 Wireless Security How Does WPA Compare to WEP? What are the Key Features of WPA and WPA2 Security? How Does WPA Compare to WPA2 IEEE 802.11i?The primary information conveyed in the Beacon frames is the authentication method and the cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared key is an authentication method that uses a statically configured pass phrase on both the stations and the access point. This obviates the need for an authentication server, which in many home and small office environments will not be available nor desirable. Possible cipher suites include WEP, TKIP, and AES Advanced Encryption Standard. We talk more about TKIP and AES when addressing data privacy below Login Authentication Wireless LANWired Network with Optional 802.1x Port Based Network Access Control Figure 4-3 WPA/WPA2 Overview2. The access point replies with an EAP-request identity message WPA/WPA2 Data Encryption Key Management Temporal Key Integrity Protocol TKIP MichaelAES Support for WPA2 Is WPA/WPA2 Perfect? Product Support for WPA/WPA2Changes to Wireless Network Adapters Changes to Wireless Access PointsThe WPA/WPA2 two-phase authentication The WPA/WPA2 two-phase authenticationChanges to Wireless Client Programs Glossary 54 Mbps Wireless Router WGR614v7 Reference ManualGlossary AprilApril 54 Mbps Wireless Router WGR614v7 Reference ManualAccess Point AP 802.11e StandardBluetooth Wireless Technology 54 Mbps Wireless Router WGR614v7 Reference ManualAd-Hoc mode AprilCSMA-CD Carrier Sense Multiple Access/Collision Detection 54 Mbps Wireless Router WGR614v7 Reference ManualCSMA-CA Carrier Sense Multiple Access/Collision Avoidance DHCP Dynamic Host Configuration ProtocolEnterprise-level User Authentication via 802.1x and EAP 54 Mbps Wireless Router WGR614v7 Reference ManualDNS Domain Name Service AprilInfrastructure mode 54 Mbps Wireless Router WGR614v7 Reference ManualHot Spot also referred to as Public Access Location April54 Mbps Wireless Router WGR614v7 Reference Manual Physical Data Link Network Transport Session Presentation ApplicationApril Multiple Input Multiple Output MIMO 54 Mbps Wireless Router WGR614v7 Reference ManualApril NAT Network Address TranslationApril 54 Mbps Wireless Router WGR614v7 Reference ManualRogue Access Point Plug and PlayApril 54 Mbps Wireless Router WGR614v7 Reference ManualSwitch Satellite broadbandTCP/IP 54 Mbps Wireless Router WGR614v7 Reference ManualApril TKIPWi-Fi Wireless Fidelity 54 Mbps Wireless Router WGR614v7 Reference ManualWEP Wired Equivalent Privacy AprilWi-Fi Protected Access and IEEE 802.11i Comparison 54 Mbps Wireless Router WGR614v7 Reference ManualWi-Fi Protected Access WPA Wi-Fi Protected Access for the EnterpriseWi-Fi Protected Access in Mixed Mode Deployment 54 Mbps Wireless Router WGR614v7 Reference ManualWi-Fi Protected Access for Public Access Wireless Multimedia WMM