Netgear Router WGT624 V3 User Manual
Have a look at the manual Netgear Router WGT624 V3 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 137 Netgear manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Wireless Networking Basics D-15 202-10090-01, April 2005 Temporal Key Integrity Protocol (TKIP) WPA uses TKIP to provide important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the following: • The verification of the security configuration after the encryption keys are determined. • The synchronized changing of the unicast encryption key for each frame. • The determination of a unique starting unicast encryption key for each preshared key authentication. Michael With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver. With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity check (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV. The MIC field is encrypted together with the frame data and the ICV. Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to prevent replay attacks. AES Support for WPA2 One of the encryption methods supported by WPA2 is the advanced encryption standard (AES), although AES support will not be required initially for Wi-Fi certification. This is viewed as the optimal choice for security conscience organizations, but the problem with AES is that it requires a fundamental redesign of the NIC’s hardware in both the station and the access point. TKIP is a pragmatic compromise that allows organizations to deploy better security while AES capable equipment is being designed, manufactured, and incrementally deployed.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 D-16 Wireless Networking Basics 202-10090-01, April 2005 Is WPA/WPA2 Perfect? WPA/WPA2 is not without its vulnerabilities. Specifically, it is susceptible to denial of service (DoS) attacks. If the access point receives two data packets that fail the message integrity code (MIC) within 60 seconds of each other, then the network is under an active attack, and as a result, the access point employs counter measures, which include disassociating each station using the access point. This prevents an attacker from gleaning information about the encryption key and alerts administrators, but it also causes users to lose network connectivity for 60 seconds. More than anything else, this may just prove that no single security tactic is completely invulnerable. WPA/WPA2 is a definite step forward in WLAN security over WEP and has to be thought of as a single part of an end-to-end network security strategy. Product Support for WPA/WPA2 Starting in August, 2003, NETGEAR, Inc. wireless Wi-Fi certified products will support the WPA standard. NETGEAR, Inc. wireless products that had their Wi-Fi certification approved before August, 2003 will have one year to add WPA so as to maintain their Wi-Fi certification. WPA/WPA2 requires software changes to the following: • Wireless access points • Wireless network adapters • Wireless client programs Supporting a Mixture of WPA, WPA2, and WEP Wireless Clients is Discouraged To support the gradual transition of WEP-based wireless networks to WPA/WPA2, a wireless AP can support both WEP and WPA/WPA2 clients at the same time. During the association, the wireless AP determines which clients use WEP and which clients use WPA/WPA2. The disadvantage to supporting a mixture of WEP and WPA/WPA2 clients is that the global encryption key is not dynamic. This is because WEP-based clients cannot support it. All other benefits to the WPA clients, such as integrity, are maintained. However, a mixed mode supporting WPA/WPA2 and non-WPA/WPA2 clients would offer network security that is no better than that obtained with a non-WPA/WPA2 network, and thus this mode of operation is discouraged.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Wireless Networking Basics D-17 202-10090-01, April 2005 Changes to Wireless Access Points Wireless access points must have their firmware updated to support the following: •The new WPA/WPA2 information element To advertise their support of WPA/WPA2, wireless APs send the beacon frame with a new 802.11 WPA/WPA2 information element that contains the wireless APs security configuration (encryption algorithms and wireless security configuration information). •The WPA/WPA2 two-phase authentication Open system, then 802.1x (EAP with RADIUS or preshared key). •TKIP •Michael •AES (WPA2) To upgrade your wireless access points to support WPA/WPA2, obtain a WPA/WPA2 firmware update from your wireless AP vendor and upload it to your wireless AP. Changes to Wireless Network Adapters Wireless networking software in the adapter, and possibly in the OS or client application, must be updated to support the following: •The new WPA/WPA2 information element Wireless clients must be able to process the WPA/WPA2 information element and respond with a specific security configuration. •The WPA/WPA2 two-phase authentication Open system, then 802.1x supplicant (EAP or preshared key). •TKIP •Michael •AES (WPA2) To upgrade your wireless network adapters to support WPA/WPA2, obtain a WPA/WPA2 update from your wireless network adapter vendor and update the wireless network adapter driver. For Windows wireless clients, you must obtain an updated network adapter driver that supports WPA. For wireless network adapter drivers that are compatible with Windows XP (Service Pack 1) and Windows Server 2003, the updated network adapter driver must be able to pass the adapters WPA capabilities and security configuration to the Wireless Zero Configuration service.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 D-18 Wireless Networking Basics 202-10090-01, April 2005 Microsoft has worked with many wireless vendors to embed the WPA driver update in the wireless adapter driver. So, to update your Microsoft Windows wireless client, all you have to do is obtain the new WPA/WPA2-compatible driver and install the driver. Changes to Wireless Client Programs Wireless client programs must be updated to permit the configuration of WPA/WPA2 authentication (and preshared key) and the new WPA/WPA2 encryption algorithms (TKIP and AES). To obtain the Microsoft WPA client program, visit the Microsoft Web site. Note: The Microsoft WPA2 client is still in beta.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Glossary-1 202-10090-01, April 2005 Glossary Use the list below to find definitions for technical terms used in this manual. 802.11 Standard 802.11, or IEEE 802.11, is a type of radio technology used for wireless local area networks (WLANs). It is a standard that has been developed by the IEEE (Institute of Electrical and Electronic Engineers), http://standards.ieee.org . The IEEE is an international organization that develops standards for hundreds of electronic and electrical technologies. The organization uses a series of numbers, like the Dewey Decimal system in libraries, to differentiate between the various technology families. The 802 subgroup (of the IEEE) develops standards for local and wide area networks with the 802.11 section reviewing and creating standards for wireless local area networks. Wi-Fi , 802.11, is composed of several standards operating in different radio frequencies: 802.11b is a standard for wireless LANs operating in the 2.4 GHz spectrum with a bandwidth of 11 Mbps; 802.11a is a different standard for wireless LANs, and pertains to systems operating in the 5 GHz frequency range with a bandwidth of 54 Mbps. Another standard, 802.11g, is for WLANS operating in the 2.4 GHz frequency but with a bandwidth of 54 Mbps. 802.11a Standard An IEEE specification for wireless networking that operates in the 5 GHz frequency range (5.15 GHz to 5.85 GHz) with a maximum 54 Mbps data transfer rate. The 5 GHz frequency band is not as crowded as the 2.4 GHz frequency, because the 802.11a specification offers more radio channels than the 802.11b. These additional channels can help avoid radio and microwave interference. 802.11b Standard International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 2.4835 GHz) and provides a throughput of up to 11 Mbps. This is a very commonly used frequency. Microwave ovens, cordless phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band. 802.11d Standard 802.11d is an IEEE standard supplementary to the Media Access Control (MAC) layer in 802.11 to promote worldwide use of 802.11 WLANs. It will allow access points to communicate information on the permissible radio channels with acceptable power levels for client devices. The devices will automatically adjust based on geographic requirements. The purpose of 11d is to add features and restrictions to allow WLANs to operate within the rules of these countries. Equipment manufacturers do not want to produce a wide variety of country-specific products and users that travel do not want a bag full of country-specific WLAN PC cards. The outcome will be country-specific firmware solutions.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 -2Glossary 202-10090-01, April 2005 802.11e Standard 802.11e is a proposed IEEE standard to define quality of service (QoS) mechanisms for wireless gear that gives support to bandwidth-sensitive applications such as voice and video. 802.11g Standard Similar to 802.11b, this physical layer standard provides a throughput of up to 54 Mbps. It also operates in the 2.4 GHz frequency band but uses a different radio technology in order to boost overall bandwidth. 802.11i This is the name of the IEEE Task Group dedicated to standardizing WLAN security. The 802.11i Security has a frame work based on RSN (Robust Security Mechanism). RSN consists of two parts: 1) The Data Privacy Mechanism and 2) Security Association Management. The Data Privacy Mechanism supports two proposed schemes: TKIP and AES. TKIP (Temporal Key Integrity) is a short-term solution that defines software patches to WEP to provide a minimally adequate level of data privacy. AES or AES-OCB (Advanced Encryption Standard and Offset Codebook) is a robust data privacy scheme and is a longer-term solution. Security Association Management is addressed by a) RSN Negotiation Procedures, b) IEEE 802.1x Authentication and c) IEEE 802.1x Key management. The standards are being defined to naturally co-exist with pre-RSN networks that are currently deployed. 802.11n Standard A recently formed (Oct 2003) IEEE official task group referred to as: 802.11n or TGn for the 100 Mbps wireless physical layer standard protocol. Current published ratification date is December 2005. As of February 2004, no draft specification has been written - It is expected to use both the 2.4 and 5GHz frequencies. AES (Advanced Encryption Standard) A symmetric 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. The U.S government adopted the algorithm as its encryption technique in October 2000, replacing the DES encryption it used. AES works at multiple network layers simultaneously. The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce selected the algorithm, called Rijndael (pronounced Rhine Dahl or Rain Doll), out of a group of five algorithms under consideration, including one called MARS from a large research team at IBM. AES is expected to replace WEP as a WLAN encryption method in 2003. Access Point (AP) A wireless LAN transceiver or base station that can connect a wired LAN to one or many wireless devices. Access points can also bridge to each other. There are various types of access points, also referred to as base stations, used in both wireless and wired networks. These include bridges, hubs, switches, routers and gateways. The differences between them are not always precise, because certain capabilities associated with one can also be added to another. For example, a router can do bridging, and a hub may also be a switch. But they are all involved in making sure data is transferred from one location to another.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Glossary-3 202-10090-01, April 2005 A bridge connects devices that all use the same kind of protocol. A router can connect networks that use differing protocols. It also reads the addresses included in the packets and routes them to the appropriate computer station, working with any other routers in the network to choose the best path to send the packets on. A wireless hub or access point adds a few capabilities such as roaming and provides a network connection to a variety of clients, but it does not allocate bandwidth. A switch is a hub that has extra intelligence: It can read the address of a packet and send it to the appropriate computer station. A wireless gateway is an access point that provides additional capabilities such as NAT routing, DHCP, firewalls, security, etc. Ad-Hoc mode A client setting that provides independent peer-to-peer connectivity in a wireless LAN. An alternative set-up is one where PCs communicate with each other through an AP. See access point and Infrastructure mode. Bandwidth The amount of transmission capacity that is available on a network at any point in time. Available bandwidth depends on several variables such as the rate of data transmission speed between networked devices, network overhead, number of users, and the type of device used to connect PCs to a network. It is similar to a pipeline in that capacity is determined by size: the wider the pipe, the more water can flow through it; the more bandwidth a network provides, the more data can flow through it. Standard 802.11b provides a bandwidth of 11 Mbps; 802.11a and 802.11g provide a bandwidth of 54 Mbps. Bits per second (bps) A measure of data transmission speed over communication lines based on the number of bits that can be sent or received per second. Bits per second—bps—is often confused with bytes per second—Bps. While bits is a measure of transmission speed, bytes is a measure of storage capability. 8 bits make a byte, so if a wireless network is operating at a bandwidth of 11 megabits per second (11 Mbps or 11 Mbits/sec), it is sending data at 1.375 megabytes per second (1.375 Mbps). Bluetooth Wireless Technology A technology specification for linking portable computers, personal digital assistants (PDAs) and mobile phones for short-range transmission of voice and data across a global radio frequency band without the need for cables or wires. Bluetooth is a frequency-hopping technology in the 2.4 GHz frequency spectrum, with a range of 30 feet and up to 11Mbps raw data throughput. Bridge A product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, wireless, Ethernet or token ring). Wireless bridges are commonly used to link buildings in campuses. Client or Client devices Any computer connected to a network that requests services (files, print capability) from another member of the network. Clients are end users. Wi-Fi client devices include PC Cards that slide into laptop computers, mini-PCI modules embedded in laptop computers and mobile computing devices, as well as USB and PCI/
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 -4Glossary 202-10090-01, April 2005 ISA bus Wi-Fi radios. Client devices usually communicate with hub devices like access points and gateways. Collision avoidance A network node characteristic for proactively detecting that it can transmit a signal without risking a collision, thereby ensuring a more reliable connection. Crossover cable A special cable used for networking two computers without the use of a hub. Crossover cables may also be required for connecting a cable or DSL modem to a wireless gateway or access point. Instead of the signals transferring in parallel paths from one set of plugs to another, the signals crossover. If an eight-wire cable was being used, for instance, the signal would start on pin one at one end of the cable and end up on pin eight at the other end. They cross-over from one side to the other. CSMA-CA (Carrier Sense Multiple Action) CSMA/CA is the principle medium access method employed by IEEE 802.11 WLANs. It is a listen before talk: method of minimizing (but not eliminating) collisions caused by simultaneous transmission by multiple radios. IEEE 802.11 states collision avoidance method rather than collision detection must be used, because the standard employs half duplex radios—radios capable of transmission or reception—but not both simultaneously. Unlike conventional wired Ethernet nodes, a WLAN station cannot detect a collision while transmitting. If a collision occurs, the transmitting station will not receive an ACKnowledge packet from the intended receive station. For this reason, ACK packets have a higher priority than all other network traffic. After completion of a data transmission, the receive station will begin transmission of the ACK packet before any other node can begin transmitting a new data packet. All other stations must wait a longer pseudo randomized period of time before transmitting. If an ACK packet is not received, the transmitting station will wait for a subsequent opportunity to retry transmission CSMA-CD (Carrier Sense Multiple Action/Collision Detection) A method of managing traffic and reducing noise on an Ethernet network. A network device transmits data after detecting that a channel is available. However, if two devices transmit data simultaneously, the sending devices detect a collision and retransmit after a random time delay. DHCP (Dynamic Host Configuration Protocol) A utility that enables a server to dynamically assign IP addresses from a predefined list and limit their time of use so that they can be reassigned. Without DHCP, an IT Manager would have to manually enter in all the IP addresses of all the computers on the network. When DHCP is used, whenever a computer logs onto the network, it automatically gets an IP address assigned to it. Diversity: antenna A type of antenna system that uses two antennas to maximize reception and transmission quality and reduce interference
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 Glossary-5 202-10090-01, April 2005 DNS (Domain Name System) A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers. The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses. A DNS server converts a name like mywebsite.com to a series of numbers like 107.22.55.26. Every website has its own specific IP address on the Internet. Encryption Key An alphanumeric (letters and/or numbers) series that enables data to be encrypted and then decrypted so it can be safely shared among members of a network. WEP uses an encryption key that automatically encrypts outgoing wireless data. On the receiving side, the same encryption key enables the computer to automatically decrypt the information so it can be read. Enhanced Data Encryption through TKIP To improve data encryption, Wi-Fi Protected Access utilizes its Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all WEP known vulnerabilities. Enterprise-level User Authentication via 802.1x and EAP WEP has almost no user authentication mechanism. To strengthen user authentication, Wi-Fi Protected Access implements 802.1x and the Extensible Authentication Protocol (EAP). Together, these implementations provide a framework for strong user authentication. This framework utilizes a central authentication server, such as RADIUS, to authenticate each user on the network before they join it, and also employs mutual authentication so that the wireless user doesn’t accidentally join a rogue network that might steal its network credentials. ESSID (more commonly referred to as SSID – Short Set Identifier) The identifying name of an 802.11 wireless network. When you specify your correct ESSID in your client setup you ensure that you connect to your wireless network rather than another network in range. (See SSID.) The ESSID can be called by different terms, such as Network Name, Preferred Network, SSID or Wireless LAN Service Area. Ethernet International standard networking technology for wired implementations. Basic 10BaseT networks offer a bandwidth of about 10 Mbps. Fast Ethernet (100 Mbps) and Gigabit Ethernet (1000 Mbps) are becoming popular. Firewall A system that secures a network and prevents access by unauthorized users. Firewalls can be software, hardware or a combination of both. Firewalls can prevent unrestricted access into a network, as well as restrict data from flowing out of a network.
Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3 -6Glossary 202-10090-01, April 2005 Gateway In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and DHCP. Gateways may also provide VPN support, roaming, firewalls, various levels of security, etc. Hot Spot (also referred to as Public Access Location) A place where you can access Wi-Fi service. This can be for free or for a fee. HotSpots can be inside a coffee shop, airport lounge, train station, convention center, hotel or any other public meeting area. Corporations and campuses are also implementing HotSpots to provide wireless Internet access to their visitors and guests. In some parts of the world, HotSpots are known as CoolSpots. Hub A multiport device used to connect PCs to a network via Ethernet cabling or via Wi-Fi. Wired hubs can have numerous ports and can transmit data at speeds ranging from 10 Mbps to multigigabyte speeds per second. A hub transmits packets it receives to all the connected ports. A small wired hub may only connect 4 computers; a large hub can connect 48 or more. Wireless hubs can connect hundreds. HZ (‘hertz”) The international unit for measuring frequency, equivalent to the older unit of cycles per second. One megahertz (MHz) is one million hertz. One gigahertz (GHz) is one billion hertz. The standard US electrical power frequency is 60 Hz, the AM broadcast radio frequency band is 535—1605 kHz, the FM broadcast radio frequency band is 88—108 MHz, and wireless 802.11b LANs operate at 2.4 GHz. IEEE (Institute of Electrical and Electronics Engineers) A membership organization (www.ieee.org) that includes engineers, scientists and students in electronics and allied fields. It has more than 300,000 members and is involved with setting standards for computers and communications. IEEE 802.11 A set of specifications for LANs from The Institute of Electrical and Electronics Engineers (IEEE). Most wired networks conform to 802.3, the specification for CSMA/CD based Ethernet networks or 802.5, the specification for token ring networks. 802.11 defines the standard for wireless LANs encompassing three incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS) and Infrared. WECA’s (Wireless Ethernet Compatibility Alliance – now Wi-Fi Alliance) focus is on 802.11b, an 11 Mbps high-rate DSSS standard for wireless networks. Infrastructure mode A client setting providing connectivity to an access point (AP). As compared to Ad-Hoc mode, whereby PCs communicate directly with each other, clients set in Infrastructure Mode all pass data through a central AP. The AP not only mediates wireless network traffic in the immediate neighborhood, but also provides communication with the wired network. See Ad-Hoc and AP.