|
What's New in Security: WPA (Wi-Fi
Protected Access)
WPA is wireless security with greater protection than WEP. Most
wireless networks should use either WEP or WPA. WPA-PSK is not much more
difficult to configure than the older WEP, but is not available on some
older products. All computers, access points, and wireless adapters must
use the same type of security. See your user manuals for configuration
instructions.
WPA operates in either WPA-PSK mode (aka Pre-Shared Key or
WPA-Personal) or WPA-802.1x mode (aka RADIUS or WPA-Enterprise). In the
Personal mode, a pre-shared key or passphrase is used for authentication.
In the Enterprise mode, which is more difficult to configure, the 802.1 x
RADIUS servers and an Extensible Authentication Protocol (EAP) are used
for authentication. The enhanced WPA2 uses Advanced Encryption Standard
(AES) instead of Temporal Key Integrity Protocol (TKIP) to provide
stronger encryption mechanism.
Advantages of WPA
- Provides extremely strong wireless security for the 2003 computing
environment.
- Adds authentication to WEP's basic encryption.
- Has backward compatible WEP support for devices that are not
upgraded.
- Integrates with RADIUS servers to allow administration, auditing,
and logging.
Disadvantages of WPA
- Except when using with the preshared key (WPA-PSK),
complicated setup is required, unsuitable for typical home users.
- Older firmware usually will not be upgraded to support it.
- Incompatible with older operating systems such as Windows 95.
- Greater performance overhead than WEP.
- Remains vulnerable to Denial of Service attacks.
Facts About WPA
- To use WPA, all computers, access points, and wireless adapters must
have WPA software.
- WPA was introduced in 2003. To run WPA between two computers both
must have WPA software, and all access points and wireless adapters
between them, as well. Equipment older than 2003 will often not be
upgradable.
- WPA has two significant advantages over WEP:
- An encryption key differing in every packet. The TKIP (Temporal
Key Integrity Protocol) mechanism shares a starting key between
devices. Each device then changes their encryption key for every
packet. It is extremely difficult for hackers to read messages — even
if they've intercepted the data.
- Certificate Authentication (CA) can be used, blocking a hacker's
access posing as a valid user.
- WPA computers will communicate with WEP encryption, if they cannot
use WPA with a particular device.
- A Certificate Authority Server is part of the recommended
configuration, to allow WPA computers assurance that the computers with
whom they share keys are who they claim.
- Since WPA adds to packet size, transmission takes longer. The
encryption and decryption are slower for devices using software, rather
than dedicated WPA hardware.
- The EAP types supported by WPA-Enterprise are
o EAP-TLS
o EAP-TTLS/MSCHAPv2
o PEAPv0/EAP-MSCHAPv2
o
PEAPv1/EAP-GTC (Cisco-based implementation)
o
EAP-SIM
NETGEAR Products Supporting WPA
| Home
Adapters |
WPA "Lite" |
WPA Funk |
WPA Integrated |
| Applies to WLAN clients only, WPA-PSK or WPA-1x (TLS and PEAP),
only supports Windows XP using Microsoft supplicant, no NETGEAR
GUI. |
Supports Funk supplicants (WPA-PSK and WPA-1x using TLS and
PEAP) in Windows XP, 2000, Me and 98SE. |
NETGEAR GUI supporting WPA-PSK in Windows XP, 2000, Me and
98SE. |
| WG511 |
Version 2.1.14.0 |
Version 2.1.14.0 |
TBD |
| WG511T |
Version 3.1.0 |
Version 3.1.0 |
Version 3.30 |
| WG311 |
Version 1.3 |
Version 1.3 |
Version 1.3 |
| WG311T |
TBD |
TBD |
TBD |
| WG121 |
Version 2.0 |
Version 2.0 |
|
| Business Access Points and
Routers |
WPA |
Wi-Fi Certifications |
Comments |
| ME103 |
No |
11b |
|
| WG602v2 |
WPA-Personal |
11b, 11g and WPA-PSK |
v 3.2 |
| WG302 |
WPA-Enterprise |
11b, 11g and WPA-Enterprise |
v 2.0 |
| FWG114P |
WPA-Enterprise |
11b, 11g and WPA-Enterprise |
v 2003 |
| FWAG114 |
WPA-Enterprise |
Not planned |
v 1.0.26RC
|
| FM114P |
No |
|
|
| FVM318 |
No |
|
|
- WPA-Personal includes WPA-PSK (pre-shared key). This is a simpler
version that does not support 802.1x and requires a separate RADIUS
server for mutual authentication. This includes WEP enhancements noted
below.
- WPA-Enterprise includes all of the features of WPA-PSK plus support
for 802.1x RADIUS authentication and is appropriate in those cases where
a RADIUS server is deployed.
| Business Adapters |
WPA |
Wi-Fi Certifications |
Comments |
| WAG511 |
WPA-Enterprise |
11a, 11b, 11g and WPA |
v. 3.0.0.143 |
| WAG311 |
WPA-Enterprise |
11a and 11g certified now — 11b, 11g and WPA future update |
Version 1.3 Beta 2 |
| Home Routers and Access Points
|
WPA-PSK Only |
| MR814v3 |
Version 5.4_06 |
| WGR614v1 |
Version 1400 Beta |
| WGR614v2 |
Version 2.05 |
| WGR614v3 |
Version 2.10 |
| WGR614v4 |
Version 4.04 |
| WGT624 |
Version 1.1.1 |
NETGEAR Products That Do Not and Will Not Support WPA
- Older products will not be in the "Product Finder" on the
left of the NETGEAR Marketing Site.
- ME101
- WGE101
- WG602 (WG602v2, however, does have WPA)
Read Instructions on how to Configure Wireless Security (WEP/WPA/Access
list). Instructions are also included on the User Manuals and
Reference Manuals for wireless products (available on the Product page on
this site as downloads).
Doc: N101190.asp Oct. 25,
2004 |
|
|
