WPA2, 249, Encryption | ZyXEL Communications NBG-417N guide

Appendix D Wireless LANs

If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with dynamic WEP key exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.

Table 81 Comparison of EAP Authentication Types

	EAP-MD5	EAP-TLS	EAP-TTLS	PEAP	LEAP
Mutual Authentication	No	Yes	Yes	Yes	Yes

Certificate – Client	No	Yes	Optional	Optional	No

Certificate – Server	No	Yes	Yes	Yes	No

Dynamic Key Exchange	No	Yes	Yes	Yes	Yes

Credential Integrity	None	Strong	Strong	Strong	Moderate

Deployment Difficulty	Easy	Hard	Moderate	Moderate	Moderate

Client Identity	No	No	Yes	Yes	No
Protection

WPA(2)

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA.

Key differences between WPA(2) and WEP are improved data encryption and user authentication.

Encryption

Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption.

Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.

NBG-417N User’s Guide

249

Image 249

ZyXEL Communications NBG-417N manual WPA2, 249, Encryption, Comparison of EAP Authentication Types

Contents

NBG-417N Page Intended Audience About This Users GuideTips for Reading User’s Guides On-Screen Related Documentation Need More Help? Documentation Feedback Customer Support Syntax Conventions Document Conventions Icons Used in Figures Safety Warnings Contents Overview Contents Overview NBG-417N User’s Guide Table of Contents Part II Network 111 Part III Security 143 Part V Maintenance and Troubleshooting 169 Part VI Appendices and Index Table of Contents NBG-417N User’s Guide Part Page Getting to Know Your NBG-417N OverviewApplications Ways to Manage the NBG-417N Good Habits for Managing the NBG-417NLEDs Front Panel LEDs and WPS Button PowerLED Color Status Description Wlan / WPS Getting to Know Your NBG-417N NBG-417N User’s Guide Overview WPS Button WPS Button NBG-417N User’s Guide Accessing the Web Configurator Introducing the Web Configurator Change Password Screen Resetting the NBG-417N Navigating the Web ConfiguratorProcedure to Use the Reset Button Status Screen Router Mode Status Screen Icon KeyIcon Description Label Description Web Configurator Status Screen Router ModeDhcp WPS Link TAB Function Navigation Panel LAN Screens SummaryWDS NAT Summary Dhcp Table WWWMgmt Summary Packet Statistics Summary Packet Statistics Summary Wlan Station Status Summary Wireless Association List This is the index number of an associated wireless station Introducing the Web Configurator NBG-417N User’s Guide Connection Wizard Wizard Setup System Name Connection Wizard System Information Wizard System Information Domain Name Ssid Connection Wizard Wireless LAN Extend WPA-PSK or WPA2-PSK Security Connection Wizard Internet Configuration PPPoE Connection Ethernet ConnectionConnection Description Type Pptp Wizard PPPoE Connection Wizard Pptp Connection Pptp Connection Wizard Your IP Address Your IP Address WAN IP Address Assignment IP Address and Subnet MaskPrivate IP Address Ranges DNS Server Address Assignment Wizard WAN IP and DNS Server Addresses WAN IP and DNS Server Address Assignment Wizard WAN MAC Address WAN MAC Address Connection Wizard Complete Connection Wizard Complete Setting your NBG-417N to AP Mode AP Mode Maintenance Sys OP Mode General Status Screen AP Mode Wlan Label Menu AP Mode Configuring Your Settings LAN Settings Wlan and Maintenance SettingsLAN IP Logging in to the Web Configurator in AP Mode AP Mode NBG-417N User’s Guide Tutorials How to Connect to the Internet from an AP Push Button Configuration PBC NBG-417N Example WPS Process PIN Method WPA-PSK Tutorial Network Wireless LAN General Configure Your Notebook Connecting a Wireless Client to a Wireless Network t Bandwidth Management for your Network Configuring Bandwidth Management by Application Tutorial Priority Queue Configuring Bandwidth Management by Custom Application Rtsp Configuring Bandwidth Allocation by IP or IP RangeVDO Live FTP Services and Values Fields Services Real Audio Rtsp VDO Live FTPWAN LAN IP Tutorials NBG-417N User’s Guide Network Page Example of a Wireless Network Wireless LAN Wireless Security Overview What You Can DoWhat You Should Know Ssid No Authentication Radius Server Types of Encryption for Each Type of AuthenticationWPA WPA-PSK WPA2-PSK Network Wireless LAN General General Wireless LAN Screen WPA2-PSK are available in this field No Security WEP Encryption Network Wireless LAN General No Security Ascii WEP WPA-PSK/WPA2-PSK MAC Filter Security Mode field MAC Network Wireless LAN MAC Filter Wireless LAN Advanced Screen RTS/CTSDtim CTS Quality of Service QoS Screen Network Wireless LAN QoS Network Wireless LAN QoS Application Priority Configuration Application Priority Configuration FTP WPS Screen Network Wireless LAN WPS Scheduling Screen WPS Station Screen Whole day Network Wireless LAN Scheduling WDS Screen Network Wireless LAN WDS Between the NBG-417N and any wireless clients Security Mode Static WEP ASCII/HEX Method Shared Key Network Wireless LAN WDS WPA-PSK/WPA2-PSK Security Mode WPA-PSK/WPA2-PSK Wireless LAN NBG-417N User’s Guide WAN Configuring Your Internet Connection What You Need To Know100 Multicast 101WAN MAC Address NetBIOS over TCP/IP Auto-Bridge102 Internet Connection Ethernet Encapsulation103 PPPoE Encapsulation 104WAN MAC Network WAN Internet Connection PPPoE Encapsulation 105 106 Pptp Encapsulation Network WAN Internet Connection Pptp Encapsulation 107 WAN MAC Address 108 109 Advanced WAN Screen 110 111 LAN IP Pool Setup LAN TCP/IP112 113 LAN IP Screen 114 115 Dhcp Server General Screen Advanced Screen116 Network Dhcp Server Advanced 117 118 Client List Screen Network Dhcp Server Client List 119 120 121 Network Address Translation NAT 122 General NAT Screen 123 NAT Application Screen Network NAT Application 124 125 126 NAT Advanced Screen 127 Trigger Port Forwarding Example 128 Two Points To Remember About Trigger Ports Dynamic DNS DynDNS Wildcard129 Dynamic DNS Screen 130DNS 131 132 133 Part 134 135 Firewall 136 About the NBG-417N Firewall Services Screen General Firewall Screen137 Icmp 138 Content Filtering Profiles Content FilteringRestrict Web Features 139 Filter Screen 140Keyword Blocking URL Checking Customizing Keyword Blocking URL Checking Technical Reference141 Domain Name or IP Address URL Checking 142 Full Path URL CheckingFile Name URL Checking 143 Management 144 145 Static Route 146 IP Static Route Screen 147 Static Route Setup Screen 148 149 Bandwidth Management 150 General Configuration 151 Advanced Configuration Management Bandwidth Mgmt Advanced 152 153 You can either leave the second port field blank or enterSame port number again User Defined Service Rule Configuration Priority Levels154 Media Bandwidth Management Setup Services Predefined Bandwidth Management ServicesService Description 155 156 Services and Port Numbers 157 Remote Management Remote Management Limitations System TimeoutRemote Management and NAT 158 159 WWW Screen 160 Universal Plug-and-Play UPnP How do I know if Im using UPnP?161 NAT Traversal 162 UPnP Screen 163 Using UPnP in Windows XP Example Network Connections 164 165 Internet Connection Properties Advanced Settings 166 Web Configurator Easy Access Network Connections My Network Places 167 Network Connections My Network Places Properties Example 168 169 Maintenance Troubleshooting 170 System System General Screen171 172 173 Time Setting Screen Select User Defined Time Server Address and enter the IP 174 175 176 177 Logs 178 View Log Screen Tools Firmware Upload Screen179 180 Maintenance Tools Firmware Network Temporarily Disconnected Upload Error Message Configuration Screen Backup Configuration182 Restore Configuration Maintenance Restore Configuration183 Back to Factory Defaults Restart Screen184 Sys OP Mode 185Router 186 IP Address in AP Mode 187 Maintenance Sys Op Mode General AP 188 Language Language Screen189 190 Troubleshooting Power, Hardware Connections, and LEDs191 192 NBG-417N Access and Login Advanced Suggestions 193 194 Internet Access 195 Resetting the NBG-417N to Its Factory Defaults 196 Wireless Router/AP Troubleshooting 197 Can access the Web Configurator after I switched to AP mode 198 Hardware Features Product Specifications199 PWR, LAN1-4, WAN, WLAN/WPS Such as microwave ovens, wireless phones Firmware FeaturesBluetooth enabled devices, and other wireless LANs 200 201 202 203 Appendices Index 204 Introduction to IP Addresses Structure205 206 Subnet MasksSubnet Mask Identifying Network Number 1ST 2ND 3RD 4TH Octet Network Size 207Subnet Masks Binary 1ST 2ND 3RD 4TH Decimal Octet 208 NotationMaximum Host Numbers Alternative Subnet Mask Notation 209 Subnetting 210 Example Four Subnets IP/SUBNET Mask Network Number Last Octet BIT Value 211 Example Eight Subnets Subnet Planning212 213 Configuring IP Addresses16-bit Network Number Subnet Planning NO. Borrowed Subnet Mask NO. Hosts PER Host Bits Subnets Private IP Addresses 214 Disable pop-up Blockers Internet Explorer Pop-up Blockers215 216 Enable pop-up Blockers with Exceptions 217 Select Settings…to open the Pop-up Blocker Settings screen 218 JavaScripts Internet Options Security 219 220 Java Permissions Java Sun 221 Java Sun 222 223 Setting up Your Computer’s IP Address Installing Components Windows 95/98/Me224 225 Configuring 226 Verifying Settings 227 Windows 2000/NT/XP Windows XP Control Panel 228 Windows XP Local Area Connection Properties 229 Windows XP Internet Protocol TCP/IP Properties 230 Windows XP Advanced TCP/IP Properties 231 232 233 Macintosh OS 8/9 Macintosh OS 8/9 TCP/IP 234 235 Macintosh OS Using the K Desktop Environment KDE Linux236 Red Hat 9.0 KDE Ethernet Device General 237 238 Using Configuration Files Red Hat 9.0 DNS Settings in resolv.conf Red Hat 9.0 Static IP Address Setting in ifconfig-eth0 240 Verifying Settings Wireless LAN Topologies Ad-hoc Wireless LAN Configuration241 242 Basic Service Set 243 Channel RTS/CTS 244 Fragmentation Threshold Ieee 802.11g Wireless LANPreamble Type 245 246 IeeeIeee 802.11g Data Rate Modulation Mbps 247 Types of AuthenticationTypes of Radius Messages EAP-MD5 Message-Digest Algorithm 248 EAP-TTLS Tunneled Transport Layer ServiceEAP-TLS Transport Layer Security Peap Protected EAP WPA2 Comparison of EAP Authentication Types249 Encryption 250 User Authentication 25.0.2 WPA2-PSK Application Example 25.0.3 WPA2 with Radius Application Example251 Authentication Encryptio Enter METHOD/ KEY Wireless Security Relational MatrixSecurity Parameters Summary 252 Examples of Services 253Name Protocol Ports Description 254 255 256 Certifications Copyright257 Disclaimer 258 FCC Radiation Exposure StatementIndustry Canada Statement 259 IC Radiation Exposure StatementViewing Certifications ZyXEL Limited Warranty End-User License Agreement for NBG-417N 260Registration 261 262 263 264 265 Index Essid 266 Radius 267 Ssid 31, 55, 76 268 269 270