User manual NETGEAR WG602V1

[. . . ] You will find technical support information at: www. netgear. com/support/main. asp through the customer service area. If you want to contact technical support by telephone, see the support information card for the correct telephone number for your country. All rights reserved. Trademarks NETGEAR is a registered trademark of NETGEAR, INC. Other brand and product names are trademarks or registered trademarks of their respective holders. [. . . ] Some vendors allow passphrases to be entered instead of the cryptic hexadecimal characters to ease encryption key entry. 128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be available outside of the United States due to U. S. When configured for 40-bit encryption, 802. 11 products typically support up to four WEP Keys. Each 40-bit WEP Key is expressed as 5 sets of two hexadecimal digits (0-9 and A-F). When configured for 128-bit encryption, 802. 11 products typically support four WEP Keys but some manufacturers support only one 128-bit key. The 128-bit WEP Key is expressed as 13 sets of two hexadecimal digits (0-9 and A-F). For example, "12 34 56 78 90 AB CD EF 12 34 56 78 90" is a 128-bit WEP Key. Table B-1: 64-bit (24+40) 128-bit (24+104) Encryption Key Sizes # of Hexadecimal Digits 10 26 Encryption Key Size Example of Hexadecimal Key Content 4C72F08AE1 4C72F08AE19D57A3FF6B260037 Note: Typically, 802. 11 access points can store up to four 128-bit WEP Keys but some 802. 11 client adapters can only store one. Therefore, make sure that your 802. 11 access and client adapters' configurations match. B-6 202-10060-02, February 2005 Wireless Networking Basics Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602V1V1v3 WEP Configuration Options The WEP settings must match on all 802. 11 devices that are within the same wireless network as identified by the SSID. In general, if your mobile clients will roam between access points, then all of the 802. 11 access points and all of the 802. 11 client adapters on the network must have the same WEP settings. Note: Whatever keys you enter for an AP, you must also enter the same keys for the client adapter in the same order. In other words, WEP key 1 on the AP must match WEP key 1 on the client adapter, WEP key 2 on the AP must match WEP key 2 on the client adapter, and so on. For WPA, encryption using Temporal Key Integrity Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices to perform encryption operations. TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all of known WEP vulnerabilities. Wireless Networking Basics 202-10060-02, February 2005 B-9 Reference Manual for the NETGEAR 54 Mbps Wireless Access Point WG602V1V1v3 How Does WPA Compare to WPA2 (IEEE 802. 11i)? WPA is forward compatible with the WPA2 security specification. WPA is a subset of WPA2 and used certain pieces of the early 802. 11i draft, such as 802. 1x and TKIP. The main pieces of WPA2 that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized 802. 11 VoIP phones), as well as enhanced encryption protocols, such as AES-CCMP. These features were either not yet ready for market or required hardware upgrades to implement. What are the Key Features of WPA and WPA2 Security? The following security features are included in the WPA and WPA2 standard: · · WPA and WPA2 Authentication WPA and WPA2 Encryption Key Management ­ ­ ­ · Temporal Key Integrity Protocol (TKIP) Michael message integrity code (MIC) AES support (WPA2, requires hardware support) Support for a mixture of WPA, WPA2, and WEP wireless clients to allow a migration strategy, but mixing WEP and WPA/WPA2 is discouraged These features are discussed below. WPA/WPA2 addresses most of the known WEP vulnerabilities and is primarily intended for wireless infrastructure networks as found in the enterprise. This infrastructure includes stations, access points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has access to) user credentials (for example, user names and passwords) and authenticates wireless users before they gain access to the network. The strength of WPA/WPA2 comes from an integrated sequence of operations that encompass 802. 1X/EAP authentication and sophisticated key management and encryption techniques. [. . . ] This is similar to 802. 1x support and requires a RADIUS server in order to implement. The Wi-Fi Alliance will call this, 'WPA-Enterprise. ' One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short - this provides an authentication alternative to an expensive RADIUS server. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or "passphrase" as with WEP. [. . . ]