Home » Netgear Manuals » Wireless » Netgear DG834GT » Manual Viewer

Netgear DG834GT DG834GT Reference Manual - Page 168

Is WPA Perfect?, Product Support for WPA - firmware update

Add to My Manuals
Save this manual to your list of manuals

Page 168 highlights

Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router Is WPA Perfect? WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the message integrity code (MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, the access point employs counter measures, which include disassociating each station using the access point. This prevents an attacker from gleaning information about the encryption key and alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More than anything else, this may just prove that no single security tactic is completely invulnerable. WPA is a definite step forward in WLAN security over WEP and has to be thought of as a single part of an end-to-end network security strategy. Product Support for WPA Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification. WPA requires software changes to the following: • Wireless access points • Wireless network adapters • Wireless client programs Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can support both WEP and WPA clients at the same time. During the association, the wireless AP determines which clients use WEP and which clients use WPA. The disadvantage to supporting a mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are maintained. However, a mixed mode supporting WPA and non-WPA clients would offer network security that is no better than that obtained with a non-WPA network, and thus this mode of operation is discouraged. Changes to Wireless Access Points Wireless access points must have their firmware updated to support the following: D-16 August 2004 Wireless Networking Basics

Section	Page
Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router	1
Contents	5
Chapter 1 About This Guide	13
Audience, Conventions, Scope	13
How to Use this Manual	14
How to Print this Manual	15
Chapter 2 Introduction	17
About the Router	17
Key Features	18
802.11g Wireless Networking	18
A Powerful, True Firewall	19
Easy Installation and Management	19
Protocol Support	20
Content Filtering	21
Auto Sensing and Auto Uplink™ LAN Ethernet Connections	21
What’s in the Box?	22
The Router’s Front Panel	22
The Router’s Rear Panel	24
Chapter 3 Connecting the Router to the Internet	27
What You Need Before You Begin	27
ADSL Microfilter Requirements	27
ADSL Microfilter	27
ADSL Microfilter with Built-In Splitter	28
Ethernet Cabling Requirements	28
Computer Hardware Requirements	28
LAN Configuration Requirements	28
Internet Configuration Requirements	29
Where Do I Get the Internet Configuration Parameters?	29
Record Your Internet Connection Information	29
Connecting the DG834GT to Your LAN	31
How to Connect the Router	31
Auto-Detecting Your Internet Connection Type	36
Wizard-Detected PPPoE Login Account Setup	37
Wizard-Detected PPPoA Login Account Setup	38
Wizard-Detected Dynamic IP Account Setup	38
Wizard-Detected IP Over ATM Account Setup	39
Wizard-Detected Fixed IP (Static) Account Setup	40
Testing Your Internet Connection	41
Manually Configuring Your Internet Connection	41
How to Perform Manual Configuration	42
Internet Connection Requires Login and Uses PPPoE	43
Internet Connection Requires Login and Uses PPPoA	44
Internet Connection Does Note Require A Login	45
ADSL Settings	46
Chapter 4 Wireless Configuration	47
Considerations for a Wireless Network	47
Observe Performance, Placement, and Range Guidelines	47
Implement Appropriate Wireless Security	48
Understanding Wireless Settings	49
How to Set Up and Test Basic Wireless Connectivity	53
How to Restricting Wireless Access to Your Network	54
Restricting Access to Your Network by Turning Off Wireless Connectivity	55
Restricting Wireless Access Based on the Wireless Network Name (SSID)	55
Restricting Wireless Access Based on the Wireless Station Access List	55
Choosing WEP Authentication and Security Encryption Methods	57
Authentication Type Selection	57
Encryption Choices	58
How to Configure WEP	59
How to Configure WPA-PSK	60
Chapter 5 Protecting Your Network	61
Protecting Access to Your DG834GT 108 Mbps Super Wireless ADSL Router	61
How to Change the Built-In Password	61
Changing the Administrator Login Timeout	62
Configuring Basic Firewall Services	62
Blocking Keywords, Sites, and Services	63
How to Block Keywords and Sites	63
Firewall Rules	65
Inbound Rules (Port Forwarding)	66
Inbound Rule Example: A Local Public Web Server	66
Inbound Rule Example: Allowing Videoconferencing	68
Considerations for Inbound Rules	69
Outbound Rules (Service Blocking)	69
Outbound Rule Example: Blocking Instant Messenger	70
Order of Precedence for Rules	71
Services	72
How to Define Services	73
Setting Times and Scheduling Firewall Services	74
How to Set Your Time Zone	74
How to Schedule Firewall Services	75
Chapter 6 Managing Your Network	77
Backing Up, Restoring, or Erasing Your Settings	77
How to Back Up the Configuration to a File	77
How to Restore the Configuration from a File	78
How to Erase the Configuration	78
Upgrading the Router’s Firmware	78
How to Upgrade the Router Firmware	79
Network Management Information	80
Viewing Router Status and Usage Statistics	80
Viewing Attached Devices	85
Viewing, Selecting, and Saving Logged Information	85
Selecting What Information to Log	87
Saving Log Files on a Server	88
Examples of Log Messages	88
Activation and Administration	88
Dropped Packets	88
Enabling Security Event E-mail Notification	89
Running Diagnostic Utilities and Rebooting the Router	90
Enabling Remote Management	91
Configuring Remote Management	91
Chapter 7 Advanced Configuration	93
Configuring Advanced Security	93
Setting Up A Default DMZ Server	93
How to Configure a Default DMZ Server	94
Connect Automatically, as Required	95
Disable Port Scan and DOS Protection	95
Respond to Ping on Internet WAN Port	95
MTU Size	95
Configuring LAN IP Settings	95
DHCP	97
Use Router as DHCP server	97
Reserved IP addresses	98
How to Configure LAN TCP/IP Settings	99
Configuring Dynamic DNS	99
How to Configure Dynamic DNS	100
Using Static Routes	101
Static Route Example	101
How to Configure Static Routes	102
Chapter 8 Troubleshooting	105
Basic Functioning	105
Power LED Not On	106
Test LED Never Turns On or Test LED Stays On	106
LAN or WAN Port LEDs Not On	106
Troubleshooting the Web Configuration Interface	107
Troubleshooting the ISP Connection	108
ADSL link	108
WAN LED Blinking Yellow	108
WAN LED Off	108
Obtaining a WAN IP Address	109
Troubleshooting PPPoE or PPPoA	110
Troubleshooting Internet Browsing	110
Troubleshooting a TCP/IP Network Using the Ping Utility	111
Testing the LAN Path to Your Router	111
Testing the Path from Your Computer to a Remote Device	112
Restoring the Default Configuration and Password	113
Using the Reset button	113
Problems with Date and Time	113
Appendix A Technical Specifications	115
Appendix B Network and Routing Basics	117
Related Publications	117
Basic Router Concepts	117
What is a Router?	117
Routing Information Protocol	118
IP Addresses and the Internet	118
Netmask	120
Subnet Addressing	120
Private IP Addresses	123
Single IP Address Operation Using NAT	123
MAC Addresses and Address Resolution Protocol	124
Related Documents	125
Domain Name Server	125
IP Configuration by DHCP	125
Internet Security and Firewalls	126
What is a Firewall?	126
Stateful Packet Inspection	126
Denial of Service Attack	127
Ethernet Cabling	127
Category 5 Cable Quality	127
Inside Twisted Pair Cables	128
Uplink Switches, Crossover Cables, and MDI/MDIX Switching	129
Appendix C Preparing Your Network	131
Preparing Your Computers for TCP/IP Networking	131
Configuring Windows 95, 98, and Me for TCP/IP Networking	132
Installing or Verifying Windows Networking Components	132
Enabling DHCP to Automatically Configure TCP/IP Settings in Windows 95B, 98, and Me	134
Selecting the Windows’ Internet Access Method	136
Verifying TCP/IP Properties	136
Configuring Windows NT4, 2000 or XP for IP Networking	137
Installing or Verifying Windows Networking Components	137
DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4	138
DHCP Configuration of TCP/IP in Windows XP	138
DHCP Configuration of TCP/IP in Windows 2000	140
DHCP Configuration of TCP/IP in Windows NT4	143
Verifying TCP/IP Properties for Windows XP, 2000, and NT4	145
Configuring the Macintosh for TCP/IP Networking	146
MacOS 8.6 or 9.x	146
MacOS X	146
Verifying TCP/IP Properties for Macintosh Computers	147
Verifying the Readiness of Your Internet Account	148
Are Login Protocols Used?	148
What Is Your Configuration Information?	148
Obtaining ISP Configuration Information for Windows Computers	149
Obtaining ISP Configuration Information for Macintosh Computers	150
Restarting the Network	151
Appendix D Wireless Networking Basics	153
Wireless Networking Overview	153
Infrastructure Mode	153
Ad Hoc Mode (Peer-to-Peer Workgroup)	154
Network Name: Extended Service Set Identification (ESSID)	154
Authentication and WEP Data Encryption	154
802.11 Authentication	155
Open System Authentication	155
Shared Key Authentication	156
Overview of WEP Parameters	157
Key Size	158
WEP Configuration Options	159
Wireless Channels	159
WPA Wireless Security	160
How Does WPA Compare to WEP?	161
How Does WPA Compare to IEEE 802.11i?	162
What are the Key Features of WPA Security?	162
WPA Authentication: Enterprise-level User Authentication via 802.1x/EAP and RADIUS	164
WPA Data Encryption Key Management	166
Is WPA Perfect?	168
Product Support for WPA	168
Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged	168
Changes to Wireless Access Points	168
Changes to Wireless Network Adapters	169
Changes to Wireless Client Programs	170

Match case Limit results 1 per page

Reference Manual for the Model DG834GT 108 Mbps Super Wireless ADSL Router

D-16

Wireless Networking Basics

August 2004

Is WPA Perfect?

WPA is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS)

attacks. If the access point receives two data packets that fail the message integrity code (MIC)

within 60 seconds of each other, then the network is under an active attack, and as a result, the

access point employs counter measures, which include disassociating each station using the access

point. This prevents an attacker from gleaning information about the encryption key and alerts

administrators, but it also causes users to lose network connectivity for 60 seconds. More than

anything else, this may just prove that no single security tactic is completely invulnerable. WPA is

a definite step forward in WLAN security over WEP and has to be thought of as a single part of an

end-to-end network security strategy.

Product Support for WPA

Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA

standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before

August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.

WPA requires software changes to the following:

•

Wireless access points

•

Wireless network adapters

•

Wireless client programs

Supporting a Mixture of WPA and WEP Wireless Clients is Discouraged

To support the gradual transition of WEP-based wireless networks to WPA, a wireless AP can

support both WEP and WPA clients at the same time. During the association, the wireless AP

determines which clients use WEP and which clients use WPA. The disadvantage to supporting a

mixture of WEP and WPA clients is that the global encryption key is not dynamic. This is because

WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are

maintained.

However, a mixed mode supporting WPA and non-WPA clients would offer network security that

is no better than that obtained with a non-WPA network, and thus this mode of operation is

discouraged.

Changes to Wireless Access Points

Wireless access points must have their firmware updated to support the following: