Home » Netgear Manuals » Wireless » Netgear DG834G » Manual Viewer

Netgear DG834G DG834G Original Reference Manual - Page 170

Is WPA Perfect?, Product Support for WPA - network security key

UPC - 606449029918

Add to My Manuals
Save this manual to your list of manuals

Page 170 highlights

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P Is WPA Perfect? WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the message integrity code (MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, the access point employs counter measures, which include disassociating each station using the access point. This prevents an attacker from gleaning information about the encryption key and alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More than anything else, this may just prove that no single security tactic is completely invulnerable. WPA is a definite step forward in WLAN security over WEP and has to be thought of as a single part of an end-to-end network security strategy. Product Support for WPA Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification. WPA requires software changes to the following: • Wireless access points • Wireless network adapters • Wireless client programs Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can support both WEP and WPA clients at the same time. During the association, the wireless AP determines which clients use WEP and which clients use WPA. The disadvantage to supporting a mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are maintained. However, a mixed mode supporting WPA and non-WPA clients would offer network security that is no better than that obtained with a non-WPA network, and thus this mode of operation is discouraged. D-16 Wireless Networking Basics

Section	Page
Reference Manual for the 54 Mbps Wireless ADSL Firewall Router DG834G	1
Contents	5
Chapter 1 About This Guide	13
Audience, Conventions, Scope	13
How to Use this Manual	14
How to Print this Manual	15
Chapter 2 Introduction	17
About the Router	17
Key Features	18
802.11 Standards-based Wireless Networking	18
A Powerful, True Firewall	18
Content Filtering	19
Auto Sensing and Auto Uplink™ LAN Ethernet Connections	19
Protocol Support	19
Easy Installation and Management	21
What’s in the Box?	21
The Router’s Front Panel	22
The Router’s Rear Panel	23
Chapter 3 Connecting the Router to the Internet	25
What You Need Before You Begin	25
ADSL Microfilter Requirements	25
ADSL Microfilter	25
ADSL Microfilter with Built-In Splitter	26
Ethernet Cabling Requirements	26
Computer Hardware Requirements	26
LAN Configuration Requirements	26
Internet Configuration Requirements	27
Where Do I Get the Internet Configuration Parameters?	27
Record Your Internet Connection Information	27
Connecting the DG834G to Your LAN	29
How to Connect the Router	29
Auto-Detecting Your Internet Connection Type	33
Wizard-Detected PPPoE Login Account Setup	35
Wizard-Detected PPPoA Login Account Setup	35
Wizard-Detected Dynamic IP Account Setup	36
Wizard-Detected IP Over ATM Account Setup	36
Wizard-Detected Fixed IP (Static) Account Setup	37
Testing Your Internet Connection	38
Manually Configuring Your Internet Connection	39
How to Perform Manual Configuration	40
Internet Connection Requires Login and Uses PPPoE	40
Internet Connection Requires Login and Uses PPPoA	41
Internet Connection Does Note Require A Login	42
ADSL Settings	43
Chapter 4 Wireless Configuration	45
Considerations for a Wireless Network	45
Observe Performance, Placement, and Range Guidelines	45
Implement Appropriate Wireless Security	46
Understanding Wireless Settings	48
How to Set Up and Test Basic Wireless Connectivity	51
How to Restricting Wireless Access to Your Network	52
Restricting Access to Your Network by Turning Off Wireless Connectivity	53
Restricting Wireless Access Based on the Wireless Network Name (SSID)	53
Restricting Wireless Access Based on the Wireless Station Access List	53
Choosing WEP Authentication and Security Encryption Methods	56
Authentication Type Selection	56
Encryption Choices	57
How to Configure WEP	57
How to Configure WPA-PSK	59
Chapter 5 Protecting Your Network	61
Protecting Access to Your DG834G 54 Mbps Wireless ADSL Firewall Router	61
How to Change the Built-In Password	61
Changing the Administrator Login Timeout	62
Configuring Basic Firewall Services	62
Blocking Keywords, Sites, and Services	63
How to Block Keywords and Sites	63
Firewall Rules	65
Inbound Rules (Port Forwarding)	66
Inbound Rule Example: A Local Public Web Server	66
Inbound Rule Example: Allowing Videoconferencing	68
Considerations for Inbound Rules	68
Outbound Rules (Service Blocking)	69
Outbound Rule Example: Blocking Instant Messenger	69
Order of Precedence for Rules	71
Services	71
How to Define Services	72
Setting Times and Scheduling Firewall Services	73
How to Set Your Time Zone	73
How to Schedule Firewall Services	75
Chapter 6 Managing Your Network	77
Backing Up, Restoring, or Erasing Your Settings	77
How to Back Up the Configuration to a File	77
How to Restore the Configuration from a File	78
How to Erase the Configuration	78
Upgrading the Router’s Firmware	78
How to Upgrade the Router Firmware	79
Network Management Information	80
Viewing Router Status and Usage Statistics	80
Viewing Attached Devices	85
Viewing, Selecting, and Saving Logged Information	86
Selecting What Information to Log	87
Saving Log Files on a Server	88
Examples of Log Messages	88
Activation and Administration	88
Dropped Packets	88
Enabling Security Event E-mail Notification	89
Running Diagnostic Utilities and Rebooting the Router	90
Enabling Remote Management	91
Configuring Remote Management	91
Chapter 7 Advanced Configuration	93
Configuring Advanced Security	93
Setting Up A Default DMZ Server	93
How to Configure a Default DMZ Server	94
Connect Automatically, as Required	95
Disable Port Scan and DOS Protection	95
Respond to Ping on Internet WAN Port	95
MTU Size	95
Configuring LAN IP Settings	95
DHCP	97
Use Router as DHCP server	97
Reserved IP addresses	98
How to Configure LAN TCP/IP Settings	99
Configuring Dynamic DNS	99
How to Configure Dynamic DNS	100
Using Static Routes	101
Static Route Example	101
How to Configure Static Routes	102
Chapter 8 Troubleshooting	105
Basic Functioning	105
Power LED Not On	106
Test LED Never Turns On or Test LED Stays On	106
LAN or WAN Port LEDs Not On	106
Troubleshooting the Web Configuration Interface	107
Troubleshooting the ISP Connection	108
ADSL link	108
WAN LED Blinking Yellow	108
WAN LED Off	108
Obtaining a WAN IP Address	109
Troubleshooting PPPoE or PPPoA	110
Troubleshooting Internet Browsing	110
Troubleshooting a TCP/IP Network Using the Ping Utility	111
Testing the LAN Path to Your Router	111
Testing the Path from Your Computer to a Remote Device	112
Restoring the Default Configuration and Password	113
Using the Reset button	113
Problems with Date and Time	113
Appendix A Technical Specifications	115
Appendix B Network and Routing Basics	117
Related Publications	117
Basic Router Concepts	117
What is a Router?	118
Routing Information Protocol	118
IP Addresses and the Internet	118
Netmask	120
Subnet Addressing	121
Private IP Addresses	123
Single IP Address Operation Using NAT	124
MAC Addresses and Address Resolution Protocol	125
Related Documents	125
Domain Name Server	126
IP Configuration by DHCP	126
Internet Security and Firewalls	126
What is a Firewall?	127
Stateful Packet Inspection	127
Denial of Service Attack	127
Ethernet Cabling	127
Category 5 Cable Quality	128
Inside Twisted Pair Cables	129
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	130
Appendix C Preparing Your Network	133
Preparing Your Computers for TCP/IP Networking	133
Configuring Windows 95, 98, and Me for TCP/IP Networking	134
Install or Verify Windows Networking Components	134
Enabling DHCP to Automatically Configure TCP/IP Settings in Windows 95B, 98, and Me	136
Selecting Windows’ Internet Access Method	138
Verifying TCP/IP Properties	138
Configuring Windows NT4, 2000 or XP for IP Networking	139
Install or Verify Windows Networking Components	139
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	140
DHCP Configuration of TCP/IP in Windows XP	140
DHCP Configuration of TCP/IP in Windows 2000	142
DHCP Configuration of TCP/IP in Windows NT4	145
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	147
Configuring the Macintosh for TCP/IP Networking	148
MacOS 8.6 or 9.x	148
MacOS X	148
Verifying TCP/IP Properties for Macintosh Computers	149
Verifying the Readiness of Your Internet Account	150
Are Login Protocols Used?	150
What Is Your Configuration Information?	150
Obtaining ISP Configuration Information for Windows Computers	151
Obtaining ISP Configuration Information for Macintosh Computers	152
Restarting the Network	153
Appendix D Wireless Networking Basics	155
Wireless Networking Overview	155
Infrastructure Mode	155
Ad Hoc Mode (Peer-to-Peer Workgroup)	156
Network Name: Extended Service Set Identification (ESSID)	156
Authentication and WEP Data Encryption	156
802.11 Authentication	157
Open System Authentication	157
Shared Key Authentication	158
Overview of WEP Parameters	159
Key Size	160
WEP Configuration Options	161
Wireless Channels	161
WPA Wireless Security	162
How Does WPA Compare to WEP?	163
How Does WPA Compare to IEEE 802.11i?	164
What are the Key Features of WPA Security?	164
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	166
WPA Data Encryption Key Management	168
Is WPA Perfect?	170
Product Support for WPA	170
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged	170
Changes to Wireless Access Points	171
Changes to Wireless Network Adapters	171
Changes to Wireless Client Programs	172

Match case Limit results 1 per page

Reference Manual for the ProSafe Wireless 802.11g

Firewall/Print Server Model FWG114P

D-16

Wireless Networking Basics

Is WPA Perfect?

WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS)

attacks. If the access point receives two data packets that fail the message integrity code (MIC)

within 60 seconds of each other, then the network is under an active attack, and as a result, the

access point employs counter measures, which include disassociating each station using the access

point. This prevents an attacker from gleaning information about the encryption key and alerts

administrators, but it also causes users to lose network connectivity for 60 seconds. More than

anything else, this may just prove that no single security tactic is completely invulnerable. WPA is

a definite step forward in WLAN security over WEP and has to be thought of as a single part of an

end-to-end network security strategy.

Product Support for WPA

Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA

standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before

August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.

WPA requires software changes to the following:

•

Wireless access points

•

Wireless network adapters

•

Wireless client programs

Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged

To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can

support both WEP and WPA clients at the same time. During the association, the wireless AP

determines which clients use WEP and which clients use WPA. The disadvantage to supporting a

mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because

WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are

maintained.

However, a mixed mode supporting WPA and non-WPA clients would offer network security that

is no better than that obtained with a non-WPA network, and thus this mode of operation is

discouraged.