Home » Netgear Manuals » Wireless » Netgear DG834GT » Manual Viewer

Netgear DG834GT DG834GT Reference Manual - Page 162

How Does WPA Compare to IEEE 802.11i?, What are the Key Features of WPA Security?, For 802.11

Add to My Manuals
Save this manual to your list of manuals

Page 162 highlights

Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices to perform encryption operations. TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all of known WEP vulnerabilities. How Does WPA Compare to IEEE 802.11i? WPA will be forward compatible with the IEEE 802.11i security specification currently under development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the 802.11i draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 802.11 VoIP phones), as well as enhanced encryption protocols, such as AES-CCMP. These features are either not yet ready for market or will require hardware upgrades to implement. What are the Key Features of WPA Security? The following security features are included in the WPA standard: • WPA Authentication • WPA Encryption Key Management - Temporal Key Integrity Protocol (TKIP) - Michael message integrity code (MIC) - AES Support (to be phased in) • Support for a Mixture of WPA and WEP Wireless Clients, but mixing WEP and WPA is discouraged These features are discussed below. WPA addresses most of the known WEP vulnerabilities and is primarily intended for wireless infrastructure networks as found in the enterprise. This infrastructure includes stations, access points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has access to) user credentials (for example, user names and passwords) and authenticates wireless users before they gain access to the network. D-10 August 2004 Wireless Networking Basics

Section	Page
Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router	1
Contents	5
Chapter 1 About This Guide	13
Audience, Conventions, Scope	13
How to Use this Manual	14
How to Print this Manual	15
Chapter 2 Introduction	17
About the Router	17
Key Features	18
802.11g Wireless Networking	18
A Powerful, True Firewall	19
Easy Installation and Management	19
Protocol Support	20
Content Filtering	21
Auto Sensing and Auto Uplink™ LAN Ethernet Connections	21
What’s in the Box?	22
The Router’s Front Panel	22
The Router’s Rear Panel	24
Chapter 3 Connecting the Router to the Internet	27
What You Need Before You Begin	27
ADSL Microfilter Requirements	27
ADSL Microfilter	27
ADSL Microfilter with Built-In Splitter	28
Ethernet Cabling Requirements	28
Computer Hardware Requirements	28
LAN Configuration Requirements	28
Internet Configuration Requirements	29
Where Do I Get the Internet Configuration Parameters?	29
Record Your Internet Connection Information	29
Connecting the DG834GT to Your LAN	31
How to Connect the Router	31
Auto-Detecting Your Internet Connection Type	36
Wizard-Detected PPPoE Login Account Setup	37
Wizard-Detected PPPoA Login Account Setup	38
Wizard-Detected Dynamic IP Account Setup	38
Wizard-Detected IP Over ATM Account Setup	39
Wizard-Detected Fixed IP (Static) Account Setup	40
Testing Your Internet Connection	41
Manually Configuring Your Internet Connection	41
How to Perform Manual Configuration	42
Internet Connection Requires Login and Uses PPPoE	43
Internet Connection Requires Login and Uses PPPoA	44
Internet Connection Does Note Require A Login	45
ADSL Settings	46
Chapter 4 Wireless Configuration	47
Considerations for a Wireless Network	47
Observe Performance, Placement, and Range Guidelines	47
Implement Appropriate Wireless Security	48
Understanding Wireless Settings	49
How to Set Up and Test Basic Wireless Connectivity	53
How to Restricting Wireless Access to Your Network	54
Restricting Access to Your Network by Turning Off Wireless Connectivity	55
Restricting Wireless Access Based on the Wireless Network Name (SSID)	55
Restricting Wireless Access Based on the Wireless Station Access List	55
Choosing WEP Authentication and Security Encryption Methods	57
Authentication Type Selection	57
Encryption Choices	58
How to Configure WEP	59
How to Configure WPA-PSK	60
Chapter 5 Protecting Your Network	61
Protecting Access to Your DG834GT 108 Mbps Super Wireless ADSL Router	61
How to Change the Built-In Password	61
Changing the Administrator Login Timeout	62
Configuring Basic Firewall Services	62
Blocking Keywords, Sites, and Services	63
How to Block Keywords and Sites	63
Firewall Rules	65
Inbound Rules (Port Forwarding)	66
Inbound Rule Example: A Local Public Web Server	66
Inbound Rule Example: Allowing Videoconferencing	68
Considerations for Inbound Rules	69
Outbound Rules (Service Blocking)	69
Outbound Rule Example: Blocking Instant Messenger	70
Order of Precedence for Rules	71
Services	72
How to Define Services	73
Setting Times and Scheduling Firewall Services	74
How to Set Your Time Zone	74
How to Schedule Firewall Services	75
Chapter 6 Managing Your Network	77
Backing Up, Restoring, or Erasing Your Settings	77
How to Back Up the Configuration to a File	77
How to Restore the Configuration from a File	78
How to Erase the Configuration	78
Upgrading the Router’s Firmware	78
How to Upgrade the Router Firmware	79
Network Management Information	80
Viewing Router Status and Usage Statistics	80
Viewing Attached Devices	85
Viewing, Selecting, and Saving Logged Information	85
Selecting What Information to Log	87
Saving Log Files on a Server	88
Examples of Log Messages	88
Activation and Administration	88
Dropped Packets	88
Enabling Security Event E-mail Notification	89
Running Diagnostic Utilities and Rebooting the Router	90
Enabling Remote Management	91
Configuring Remote Management	91
Chapter 7 Advanced Configuration	93
Configuring Advanced Security	93
Setting Up A Default DMZ Server	93
How to Configure a Default DMZ Server	94
Connect Automatically, as Required	95
Disable Port Scan and DOS Protection	95
Respond to Ping on Internet WAN Port	95
MTU Size	95
Configuring LAN IP Settings	95
DHCP	97
Use Router as DHCP server	97
Reserved IP addresses	98
How to Configure LAN TCP/IP Settings	99
Configuring Dynamic DNS	99
How to Configure Dynamic DNS	100
Using Static Routes	101
Static Route Example	101
How to Configure Static Routes	102
Chapter 8 Troubleshooting	105
Basic Functioning	105
Power LED Not On	106
Test LED Never Turns On or Test LED Stays On	106
LAN or WAN Port LEDs Not On	106
Troubleshooting the Web Configuration Interface	107
Troubleshooting the ISP Connection	108
ADSL link	108
WAN LED Blinking Yellow	108
WAN LED Off	108
Obtaining a WAN IP Address	109
Troubleshooting PPPoE or PPPoA	110
Troubleshooting Internet Browsing	110
Troubleshooting a TCP/IP Network Using the Ping Utility	111
Testing the LAN Path to Your Router	111
Testing the Path from Your Computer to a Remote Device	112
Restoring the Default Configuration and Password	113
Using the Reset button	113
Problems with Date and Time	113
Appendix A Technical Specifications	115
Appendix B Network and Routing Basics	117
Related Publications	117
Basic Router Concepts	117
What is a Router?	117
Routing Information Protocol	118
IP Addresses and the Internet	118
Netmask	120
Subnet Addressing	120
Private IP Addresses	123
Single IP Address Operation Using NAT	123
MAC Addresses and Address Resolution Protocol	124
Related Documents	125
Domain Name Server	125
IP Configuration by DHCP	125
Internet Security and Firewalls	126
What is a Firewall?	126
Stateful Packet Inspection	126
Denial of Service Attack	127
Ethernet Cabling	127
Category 5 Cable Quality	127
Inside Twisted Pair Cables	128
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	129
Appendix C Preparing Your Network	131
Preparing Your Computers for TCP/IP Networking	131
Configuring Windows 95, 98, and Me for TCP/IP Networking	132
Installing or Verifying Windows Networking Components	132
Enabling DHCP to Automatically Configure TCP/IP Settings in Windows 95B, 98, and Me	134
Selecting the Windows’ Internet Access Method	136
Verifying TCP/IP Properties	136
Configuring Windows NT4, 2000 or XP for IP Networking	137
Installing or Verifying Windows Networking Components	137
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	138
DHCP Configuration of TCP/IP in Windows XP	138
DHCP Configuration of TCP/IP in Windows 2000	140
DHCP Configuration of TCP/IP in Windows NT4	143
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	145
Configuring the Macintosh for TCP/IP Networking	146
MacOS 8.6 or 9.x	146
MacOS X	146
Verifying TCP/IP Properties for Macintosh Computers	147
Verifying the Readiness of Your Internet Account	148
Are Login Protocols Used?	148
What Is Your Configuration Information?	148
Obtaining ISP Configuration Information for Windows Computers	149
Obtaining ISP Configuration Information for Macintosh Computers	150
Restarting the Network	151
Appendix D Wireless Networking Basics	153
Wireless Networking Overview	153
Infrastructure Mode	153
Ad Hoc Mode (Peer-to-Peer Workgroup)	154
Network Name: Extended Service Set Identification (ESSID)	154
Authentication and WEP Data Encryption	154
802.11 Authentication	155
Open System Authentication	155
Shared Key Authentication	156
Overview of WEP Parameters	157
Key Size	158
WEP Configuration Options	159
Wireless Channels	159
WPA Wireless Security	160
How Does WPA Compare to WEP?	161
How Does WPA Compare to IEEE 802.11i?	162
What are the Key Features of WPA Security?	162
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	164
WPA Data Encryption Key Management	166
Is WPA Perfect?	168
Product Support for WPA	168
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged	168
Changes to Wireless Access Points	168
Changes to Wireless Network Adapters	169
Changes to Wireless Client Programs	170

Match case Limit results 1 per page

Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router

D-10

Wireless Networking Basics

August 2004

For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity

Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger

than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices

to perform encryption operations. TKIP provides important data encryption enhancements

including a per-packet key mixing function, a message integrity check (MIC) named Michael, an

extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through

these enhancements, TKIP addresses all of known WEP vulnerabilities.

How Does WPA Compare to IEEE 802.11i?

WPA will be forward compatible with the IEEE 802.11i security specification currently under

development. WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i

draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the

802.11i draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff

(for specialized 802.11 VoIP phones), as well as enhanced encryption protocols, such as

AES-CCMP. These features are either not yet ready for market or will require hardware upgrades

to implement.

What are the Key Features of WPA Security?

The following security features are included in the WPA standard:

•

WPA Authentication

•

WPA Encryption Key Management

–

Temporal Key Integrity Protocol (TKIP)

–

Michael message integrity code (MIC)

–

AES Support (to be phased in)

•

Support for a Mixture of WPA and WEP Wireless Clients, but mixing WEP and WPA is

discouraged

These features are discussed below.

WPA addresses most of the known WEP vulnerabilities and is primarily intended for wireless

infrastructure networks as found in the enterprise. This infrastructure includes stations, access

points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has

access to) user credentials (for example, user names and passwords) and authenticates wireless

users before they gain access to the network.