Netgear Router WGR614v7 User Manual

54 Mbps Wireless Router WGR614v7 Reference Manual
Wireless Networking Basics D-9
April 2006
WPA and WPA2 offer the following benefits: 
• Enhanced data privacy
• Robust key management
• Data origin authentication
• Data integrity protection 
The Wi-Fi Alliance is now performing interoperability certification testing on Wi-Fi Protected 
Access products. Starting August of 2003, all new Wi-Fi certified products have to support WPA. 
NETGEAR is implementing WPA and WPA2 on client and access point products....

54 Mbps Wireless Router WGR614v7 Reference Manual
D-10 Wireless Networking Basics
April 2006
How Does WPA Compare to WPA2 (IEEE 802.11i)?
WPA is forward compatible with the WPA2 security specification. WPA is a subset of WPA2 and 
used certain pieces of the early 802.11i draft, such as 802.1x and TKIP. The main pieces of WPA2 
that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 
802.11 VoIP phones), as well as enhanced encryption protocols, such as AES-CCMP....

54 Mbps Wireless Router WGR614v7 Reference Manual
Wireless Networking Basics D-11
April 2006
The primary information conveyed in the Beacon frames is the authentication method and the 
cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared 
key is an authentication method that uses a statically configured pass phrase on both the 
stations and the access point. This obviates the need for an authentication server, which in 
many home and small office environments will...

54 Mbps Wireless Router WGR614v7 Reference Manual
D-12 Wireless Networking Basics
April 2006
WPA/WPA2 Authentication: Enterprise-level User  
Authentication via 802.1x/EAP and RADIUS
Figure 4-3:  WPA/WPA2 Overview
IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a 
protected network, as well as providing a vehicle for dynamically varying data encryption keys via 
EAP from a RADIUS server, for example. This framework enables using a central authentication...

54 Mbps Wireless Router WGR614v7 Reference Manual
Wireless Networking Basics D-13
April 2006 Figure 4-4:  802.1x Authentication Sequence
The AP sends Beacon Frames with WPA/WPA2 information element to the stations in the service 
set. Information elements include the required authentication method (802.1x or Pre-shared key) 
and the preferred cipher suite (WEP, TKIP, or AES). Probe Responses (AP to station) and 
Association Requests (station to AP) also contain WPA information elements.
1.Initial 802.1x...

54 Mbps Wireless Router WGR614v7 Reference Manual
D-14 Wireless Networking Basics
April 2006 3.
The client sends an EAP-response packet containing the identity to the authentication server. 
The access point responds by enabling a port for passing only EAP packets from the client to 
an authentication server located on the wired side of the access point. The access point blocks 
all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the 
clients identity using an...

54 Mbps Wireless Router WGR614v7 Reference Manual
Wireless Networking Basics D-15
April 2006
Temporal Key Integrity Protocol (TKIP)
WPA uses TKIP to provide important data encryption enhancements including a per-packet key 
mixing function, a message integrity check (MIC) named Michael, an extended initialization 
vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the 
following: 
• The verification of the security configuration after the encryption keys are determined....

54 Mbps Wireless Router WGR614v7 Reference Manual
D-16 Wireless Networking Basics
April 2006
Is WPA/WPA2 Perfect?
WPA/WPA2 is not without its vulnerabilities. Specifically, it is susceptible to denial of service 
(DoS) attacks. If the access point receives two data packets that fail the message integrity code 
(MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, 
the access point employs counter measures, which include disassociating each station using the...

54 Mbps Wireless Router WGR614v7 Reference Manual
Wireless Networking Basics D-17
April 2006
Changes to Wireless Access Points
Wireless access points must have their firmware updated to support the following: 
•The new WPA/WPA2 information element 
To advertise their support of WPA/WPA2, wireless APs send the beacon frame with a new 
802.11 WPA/WPA2 information element that contains the wireless APs security configuration 
(encryption algorithms and wireless security configuration information). 
•The...

54 Mbps Wireless Router WGR614v7 Reference Manual
D-18 Wireless Networking Basics
April 2006
Microsoft has worked with many wireless vendors to embed the WPA driver update in the wireless 
adapter driver. So, to update your Microsoft Windows wireless client, all you have to do is obtain 
the new WPA/WPA2-compatible driver and install the driver. 
Changes to Wireless Client Programs
Wireless client programs must be updated to permit the configuration of WPA/WPA2 
authentication (and preshared key) and the...