Home > Netgear > Router > Netgear Router WGT624 V3 User Manual

Netgear Router WGT624 V3 User Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Netgear Router WGT624 V3 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    Wireless Networking Basics D-15
    202-10090-01, April 2005
    Temporal Key Integrity Protocol (TKIP)
    WPA uses TKIP to provide important data encryption enhancements including a per-packet key 
    mixing function, a message integrity check (MIC) named Michael, an extended initialization 
    vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the 
    following: 
    • The verification of the security configuration after the encryption keys are determined. 
    • The synchronized changing of the unicast encryption key for each frame. 
    • The determination of a unique starting unicast encryption key for each preshared key 
    authentication.
    Michael
    With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is 
    appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can 
    use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without 
    being detected by the receiver.
    With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte 
    message integrity check (MIC) using the calculation facilities available on existing wireless 
    devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. 
    The MIC field is encrypted together with the frame data and the ICV.
    Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to 
    prevent replay attacks.
    AES Support for WPA2
    One of the encryption methods supported by WPA2 is the advanced encryption standard (AES), 
    although AES support will not be required initially for Wi-Fi certification. This is viewed as the 
    optimal choice for security conscience organizations, but the problem with AES is that it requires a 
    fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP is a 
    pragmatic compromise that allows organizations to deploy better security while AES capable 
    equipment is being designed, manufactured, and incrementally deployed. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    D-16 Wireless Networking Basics
    202-10090-01, April 2005
    Is WPA/WPA2 Perfect?
    WPA/WPA2 is not without its vulnerabilities. Specifically, it is susceptible to denial of service 
    (DoS) attacks. If the access point receives two data packets that fail the message integrity code 
    (MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, 
    the access point employs counter measures, which include disassociating each station using the 
    access point. This prevents an attacker from gleaning information about the encryption key and 
    alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More 
    than anything else, this may just prove that no single security tactic is completely invulnerable. 
    WPA/WPA2 is a definite step forward in WLAN security over WEP and has to be thought of as a 
    single part of an end-to-end network security strategy.
    Product Support for WPA/WPA2
    Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA 
    standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before 
    August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification.
    WPA/WPA2 requires software changes to the following: 
    • Wireless access points 
    • Wireless network adapters 
    • Wireless client programs
    Supporting a Mixture of WPA, WPA2, and WEP Wireless Clients is Discouraged
    To support the gradual transition of WEP-based wireless networks to WPA/WPA2, a wireless AP 
    can support both WEP and WPA/WPA2 clients at the same time. During the association, the 
    wireless AP determines which clients use WEP and which clients use WPA/WPA2. The 
    disadvantage to supporting a mixture of WEP and WPA/WPA2 clients is that the global encryption 
    key is not dynamic. This is because WEP-based clients cannot support it. All other benefits to the 
    WPA clients, such as integrity, are maintained.
    However, a mixed mode supporting WPA/WPA2 and non-WPA/WPA2 clients would offer 
    network security that is no better than that obtained with a non-WPA/WPA2 network, and thus this 
    mode of operation is discouraged. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    Wireless Networking Basics D-17
    202-10090-01, April 2005
    Changes to Wireless Access Points
    Wireless access points must have their firmware updated to support the following: 
    •The new WPA/WPA2 information element 
    To advertise their support of WPA/WPA2, wireless APs send the beacon frame with a new 
    802.11 WPA/WPA2 information element that contains the wireless APs security configuration 
    (encryption algorithms and wireless security configuration information). 
    •The WPA/WPA2 two-phase authentication 
    Open system, then 802.1x (EAP with RADIUS or preshared key). 
    •TKIP 
    •Michael 
    •AES (WPA2)
    To upgrade your wireless access points to support WPA/WPA2, obtain a WPA/WPA2 firmware 
    update from your wireless AP vendor and upload it to your wireless AP.
    Changes to Wireless Network Adapters
    Wireless networking software in the adapter, and possibly in the OS or client application, must be 
    updated to support the following: 
    •The new WPA/WPA2 information element 
    Wireless clients must be able to process the WPA/WPA2 information element and respond 
    with a specific security configuration. 
    •The WPA/WPA2 two-phase authentication  
    Open system, then 802.1x supplicant (EAP or preshared key). 
    •TKIP 
    •Michael 
    •AES (WPA2)
    To upgrade your wireless network adapters to support WPA/WPA2, obtain a WPA/WPA2 update 
    from your wireless network adapter vendor and update the wireless network adapter driver.
    For Windows wireless clients, you must obtain an updated network adapter driver that supports 
    WPA. For wireless network adapter drivers that are compatible with Windows XP (Service Pack 1) 
    and Windows Server 2003, the updated network adapter driver must be able to pass the adapters 
    WPA capabilities and security configuration to the Wireless Zero Configuration service.  
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    D-18 Wireless Networking Basics
    202-10090-01, April 2005
    Microsoft has worked with many wireless vendors to embed the WPA driver update in the wireless 
    adapter driver. So, to update your Microsoft Windows wireless client, all you have to do is obtain 
    the new WPA/WPA2-compatible driver and install the driver. 
    Changes to Wireless Client Programs
    Wireless client programs must be updated to permit the configuration of WPA/WPA2 
    authentication (and preshared key) and the new WPA/WPA2 encryption algorithms (TKIP and 
    AES).
    To obtain the Microsoft WPA client program, visit the Microsoft Web site.
    Note: The Microsoft WPA2 client is still in beta. 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    Glossary-1
    202-10090-01, April 2005
    Glossary
    Use the list below to find definitions for technical terms used in this manual.
    802.11 Standard 
    802.11, or IEEE 802.11, is a type of radio technology used for wireless local area networks (WLANs). It is a 
    standard that has been developed by the IEEE (Institute of Electrical and Electronic Engineers), 
     
    http://standards.ieee.org
    . The IEEE is an international organization that develops standards for hundreds of 
    electronic and electrical technologies. The organization uses a series of numbers, like the Dewey Decimal 
    system in libraries, to differentiate between the various technology families. 
    The 802 subgroup (of the IEEE) develops standards for local and wide area networks with the 802.11 section 
    reviewing and creating standards for wireless local area networks. 
    Wi-Fi , 802.11, is composed of several standards operating in different radio frequencies: 802.11b is a 
    standard for wireless LANs operating in the 2.4 GHz spectrum with a bandwidth of 11 Mbps; 802.11a is a 
    different standard for wireless LANs, and pertains to systems operating in the 5 GHz frequency range with a 
    bandwidth of 54 Mbps. Another standard, 802.11g, is for WLANS operating in the 2.4 GHz frequency but 
    with a bandwidth of 54 Mbps. 
    802.11a Standard 
    An IEEE specification for wireless networking that operates in the 5 GHz frequency range (5.15 GHz to 
    5.85 GHz) with a maximum 54 Mbps data transfer rate. The 5 GHz frequency band is not as crowded as the 
    2.4 GHz frequency, because the 802.11a specification offers more radio channels than the 802.11b. These 
    additional channels can help avoid radio and microwave interference. 
    802.11b Standard 
    International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 
    2.4835 GHz) and provides a throughput of up to 11 Mbps. This is a very commonly used frequency. 
    Microwave ovens, cordless phones, medical and scientific equipment, as well as Bluetooth devices, all work 
    within the 2.4 GHz frequency band. 
    802.11d Standard 
    802.11d is an IEEE standard supplementary to the Media Access Control (MAC) layer in 802.11 to promote 
    worldwide use of 802.11 WLANs. It will allow access points to communicate information on the 
    permissible radio channels with acceptable power levels for client devices. The devices will automatically 
    adjust based on geographic requirements. 
    The purpose of 11d is to add features and restrictions to allow WLANs to operate within the rules of these 
    countries. Equipment manufacturers do not want to produce a wide variety of country-specific products and 
    users that travel do not want a bag full of country-specific WLAN PC cards. The outcome will be 
    country-specific firmware solutions.  
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    -2Glossary
    202-10090-01, April 2005
    802.11e Standard 
    802.11e is a proposed IEEE standard to define quality of service (QoS) mechanisms for wireless gear that 
    gives support to bandwidth-sensitive applications such as voice and video.
    802.11g Standard 
    Similar to 802.11b, this physical layer standard provides a throughput of up to 54 Mbps. It also operates in 
    the 2.4 GHz frequency band but uses a different radio technology in order to boost overall bandwidth. 
    802.11i 
    This is the name of the IEEE Task Group dedicated to standardizing WLAN security. The 802.11i Security 
    has a frame work based on RSN (Robust Security Mechanism). RSN consists of two parts: 1) The Data 
    Privacy Mechanism and 2) Security Association Management. 
    The Data Privacy Mechanism supports two proposed schemes: TKIP and AES. TKIP (Temporal Key 
    Integrity) is a short-term solution that defines software patches to WEP to provide a minimally adequate 
    level of data privacy. AES or AES-OCB (Advanced Encryption Standard and Offset Codebook) is a robust 
    data privacy scheme and is a longer-term solution. 
    Security Association Management is addressed by a) RSN Negotiation Procedures, b) IEEE 802.1x 
    Authentication and c) IEEE 802.1x Key management. 
    The standards are being defined to naturally co-exist with pre-RSN networks that are currently deployed. 
    802.11n Standard 
    A recently formed (Oct 2003) IEEE official task group referred to as: 802.11n or TGn for the 100 Mbps 
    wireless physical layer standard protocol. Current published ratification date is December 2005. As of 
    February 2004, no draft specification has been written - It is expected to use both the 2.4 and 5GHz 
    frequencies. 
    AES (Advanced Encryption Standard) 
    A symmetric 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen 
    and Vincent Rijmen. The U.S government adopted the algorithm as its encryption technique in October 
    2000, replacing the DES encryption it used. AES works at multiple network layers simultaneously. The 
    National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce selected the 
    algorithm, called Rijndael (pronounced Rhine Dahl or Rain Doll), out of a group of five algorithms under 
    consideration, including one called MARS from a large research team at IBM. AES is expected to replace 
    WEP as a WLAN encryption method in 2003. 
    Access Point (AP) 
    A wireless LAN transceiver or base station that can connect a wired LAN to one or many wireless devices. 
    Access points can also bridge to each other. 
    There are various types of access points, also referred to as base stations, used in both wireless and wired 
    networks. These include bridges, hubs, switches, routers and gateways. The differences between them are 
    not always precise, because certain capabilities associated with one can also be added to another. For 
    example, a router can do bridging, and a hub may also be a switch. But they are all involved in making sure 
    data is transferred from one location to another.  
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    Glossary-3
    202-10090-01, April 2005
    A bridge connects devices that all use the same kind of protocol. A router can connect networks that use 
    differing protocols. It also reads the addresses included in the packets and routes them to the appropriate 
    computer station, working with any other routers in the network to choose the best path to send the packets 
    on. A wireless hub or access point adds a few capabilities such as roaming and provides a network 
    connection to a variety of clients, but it does not allocate bandwidth. A switch is a hub that has extra 
    intelligence: It can read the address of a packet and send it to the appropriate computer station. A wireless 
    gateway is an access point that provides additional capabilities such as NAT routing, DHCP, firewalls, 
    security, etc. 
    Ad-Hoc mode 
    A client setting that provides independent peer-to-peer connectivity in a wireless LAN. An alternative set-up 
    is one where PCs communicate with each other through an AP. See access point and Infrastructure mode. 
    Bandwidth 
    The amount of transmission capacity that is available on a network at any point in time. Available bandwidth 
    depends on several variables such as the rate of data transmission speed between networked devices, 
    network overhead, number of users, and the type of device used to connect PCs to a network. It is similar to 
    a pipeline in that capacity is determined by size: the wider the pipe, the more water can flow through it; the 
    more bandwidth a network provides, the more data can flow through it. Standard 802.11b provides a 
    bandwidth of 11 Mbps; 802.11a and 802.11g provide a bandwidth of 54 Mbps. 
    Bits per second (bps) 
    A measure of data transmission speed over communication lines based on the number of bits that can be sent 
    or received per second. Bits per second—bps—is often confused with bytes per second—Bps. While bits 
    is a measure of transmission speed, bytes is a measure of storage capability. 8 bits make a byte, so if a 
    wireless network is operating at a bandwidth of 11 megabits per second (11 Mbps or 11 Mbits/sec), it is 
    sending data at 1.375 megabytes per second (1.375 Mbps). 
    Bluetooth Wireless Technology 
    A technology specification for linking portable computers, personal digital assistants (PDAs) and mobile 
    phones for short-range transmission of voice and data across a global radio frequency band without the need 
    for cables or wires. Bluetooth is a frequency-hopping technology in the 2.4 GHz frequency spectrum, with a 
    range of 30 feet and up to 11Mbps raw data throughput. 
    Bridge 
    A product that connects a local area network (LAN) to another local area network that uses the same 
    protocol (for example, wireless, Ethernet or token ring). Wireless bridges are commonly used to link 
    buildings in campuses. 
    Client or Client devices 
    Any computer connected to a network that requests services (files, print capability) from another member of 
    the network. Clients are end users. Wi-Fi client devices include PC Cards that slide into laptop computers, 
    mini-PCI modules embedded in laptop computers and mobile computing devices, as well as USB and PCI/ 
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    -4Glossary
    202-10090-01, April 2005
    ISA bus Wi-Fi radios. Client devices usually communicate with hub devices like access points and 
    gateways. 
    Collision avoidance 
    A network node characteristic for proactively detecting that it can transmit a signal without risking a 
    collision, thereby ensuring a more reliable connection. 
    Crossover cable 
    A special cable used for networking two computers without the use of a hub. Crossover cables may also be 
    required for connecting a cable or DSL modem to a wireless gateway or access point. Instead of the signals 
    transferring in parallel paths from one set of plugs to another, the signals crossover. If an eight-wire cable 
    was being used, for instance, the signal would start on pin one at one end of the cable and end up on pin 
    eight at the other end. They cross-over from one side to the other. 
    CSMA-CA (Carrier Sense Multiple Action) 
    CSMA/CA is the principle medium access method employed by IEEE 802.11 WLANs. It is a listen before 
    talk: method of minimizing (but not eliminating) collisions caused by simultaneous transmission by 
    multiple radios. IEEE 802.11 states collision avoidance method rather than collision detection must be used, 
    because the standard employs half duplex radios—radios capable of transmission or reception—but not both 
    simultaneously. 
    Unlike conventional wired Ethernet nodes, a WLAN station cannot detect a collision while transmitting. If a 
    collision occurs, the transmitting station will not receive an ACKnowledge packet from the intended receive 
    station. For this reason, ACK packets have a higher priority than all other network traffic. After completion 
    of a data transmission, the receive station will begin transmission of the ACK packet before any other node 
    can begin transmitting a new data packet. All other stations must wait a longer pseudo randomized period of 
    time before transmitting. If an ACK packet is not received, the transmitting station will wait for a subsequent 
    opportunity to retry transmission 
    CSMA-CD (Carrier Sense Multiple Action/Collision Detection) 
    A method of managing traffic and reducing noise on an Ethernet network. A network device transmits data 
    after detecting that a channel is available. However, if two devices transmit data simultaneously, the sending 
    devices detect a collision and retransmit after a random time delay. 
    DHCP (Dynamic Host Configuration Protocol) 
    A utility that enables a server to dynamically assign IP addresses from a predefined list and limit their time 
    of use so that they can be reassigned. Without DHCP, an IT Manager would have to manually enter in all the 
    IP addresses of all the computers on the network. When DHCP is used, whenever a computer logs onto the 
    network, it automatically gets an IP address assigned to it. 
    Diversity: antenna 
    A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce 
    interference  
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    Glossary-5
    202-10090-01, April 2005
    DNS (Domain Name System) 
    A program that translates URLs to IP addresses by accessing a database maintained on a collection of 
    Internet servers. The program works behind the scenes to facilitate surfing the Web with alpha versus 
    numeric addresses. A DNS server converts a name like mywebsite.com to a series of numbers like 
    107.22.55.26. Every website has its own specific IP address on the Internet. 
    Encryption Key 
    An alphanumeric (letters and/or numbers) series that enables data to be encrypted and then decrypted so it 
    can be safely shared among members of a network. WEP uses an encryption key that automatically encrypts 
    outgoing wireless data. On the receiving side, the same encryption key enables the computer to 
    automatically decrypt the information so it can be read. 
    Enhanced Data Encryption through TKIP 
    To improve data encryption, Wi-Fi Protected Access utilizes its Temporal Key Integrity Protocol (TKIP). 
    TKIP provides important data encryption enhancements including a per-packet key mixing function, a 
    message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, 
    and a re-keying mechanism. Through these enhancements, TKIP addresses all WEP known vulnerabilities. 
    Enterprise-level User Authentication via 802.1x and EAP 
    WEP has almost no user authentication mechanism. To strengthen user authentication, Wi-Fi Protected 
    Access implements 802.1x and the Extensible Authentication Protocol (EAP). Together, these 
    implementations provide a framework for strong user authentication. This framework utilizes a central 
    authentication server, such as RADIUS, to authenticate each user on the network before they join it, and also 
    employs mutual authentication so that the wireless user doesn’t accidentally join a rogue network that 
    might steal its network credentials. 
    ESSID (more commonly referred to as SSID – Short Set Identifier) 
    The identifying name of an 802.11 wireless network. When you specify your correct ESSID in your client 
    setup you ensure that you connect to your wireless network rather than another network in range. (See 
    SSID.) The ESSID can be called by different terms, such as Network Name, Preferred Network, SSID or 
    Wireless LAN Service Area. 
    Ethernet 
    International standard networking technology for wired implementations. Basic 10BaseT networks offer a 
    bandwidth of about 10 Mbps. Fast Ethernet (100 Mbps) and Gigabit Ethernet (1000 Mbps) are becoming 
    popular. 
    Firewall 
    A system that secures a network and prevents access by unauthorized users. Firewalls can be software, 
    hardware or a combination of both. Firewalls can prevent unrestricted access into a network, as well as 
    restrict data from flowing out of a network.  
    						
    							Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3
    -6Glossary
    202-10090-01, April 2005
    Gateway 
    In the wireless world, a gateway is an access point with additional software capabilities such as providing 
    NAT and DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, 
    etc. 
    Hot Spot (also referred to as Public Access Location) 
    A place where you can access Wi-Fi service. This can be for free or for a fee. HotSpots can be inside a coffee 
    shop, airport lounge, train station, convention center, hotel or any other public meeting area. Corporations 
    and campuses are also implementing HotSpots to provide wireless Internet access to their visitors and 
    guests. In some parts of the world, HotSpots are known as CoolSpots. 
    Hub 
    A multiport device used to connect PCs to a network via Ethernet cabling or via Wi-Fi. Wired hubs can have 
    numerous ports and can transmit data at speeds ranging from 10 Mbps to multigigabyte speeds per second. 
    A hub transmits packets it receives to all the connected ports. A small wired hub may only connect 4 
    computers; a large hub can connect 48 or more. Wireless hubs can connect hundreds. 
    HZ (‘hertz”) 
    The international unit for measuring frequency, equivalent to the older unit of cycles per second. One 
    megahertz (MHz) is one million hertz. One gigahertz (GHz) is one billion hertz. The standard US electrical 
    power frequency is 60 Hz, the AM broadcast radio frequency band is 535—1605 kHz, the FM broadcast 
    radio frequency band is 88—108 MHz, and wireless 802.11b LANs operate at 2.4 GHz. 
    IEEE (Institute of Electrical and Electronics Engineers) 
    A membership organization (www.ieee.org) that includes engineers, scientists and students in electronics 
    and allied fields. It has more than 300,000 members and is involved with setting standards for computers and 
    communications. 
    IEEE 802.11 
    A set of specifications for LANs from The Institute of Electrical and Electronics Engineers (IEEE). Most 
    wired networks conform to 802.3, the specification for CSMA/CD based Ethernet networks or 802.5, the 
    specification for token ring networks. 802.11 defines the standard for wireless LANs encompassing three 
    incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum (FHSS), Direct 
    Sequence Spread Spectrum (DSSS) and Infrared. WECA’s (Wireless Ethernet Compatibility Alliance – now 
    Wi-Fi Alliance) focus is on 802.11b, an 11 Mbps high-rate DSSS standard for wireless networks. 
    Infrastructure mode 
    A client setting providing connectivity to an access point (AP). As compared to Ad-Hoc mode, whereby PCs 
    communicate directly with each other, clients set in Infrastructure Mode all pass data through a central AP. 
    The AP not only mediates wireless network traffic in the immediate neighborhood, but also provides 
    communication with the wired network. See Ad-Hoc and AP.  
    						
    All Netgear manuals Comments (0)

    Related Manuals for Netgear Router WGT624 V3 User Manual