Netgear WPN802 User Manual download pdf (Page 86)

Reference Manual for the NETGEAR RangeMax™ Wireless Access Point WPN802

14 Glossary

202-10101-01, May 2005

does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP,

with the benefit of easier administration and use. This is similar to 802.1x support and requires a RADIUS

server in order to implement. The Wi-Fi Alliance will call this, 'WPA-Enterprise.'

One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short - this provides an

authentication alternative to an expensive RADIUS server. WPA-PSK is a simplified but still powerful form

of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or

"passphrase" as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time

interval, making it much more difficult for hackers to find and exploit them. The Wi-Fi Alliance will call

this, 'WPA-Personal.'

Wi-Fi Protected Access and IEEE 802.11i Comparison

Wi-Fi Protected Access will be forward-compatible with the IEEE 802.11i security specification currently

under development by the IEEE. Wi-Fi Protected Access is a subset of the current 802.11i draft, taking

certain pieces of the 802.11i draft that are ready to bring to market today, such as its implementation of

802.1x and TKIP. These features can also be enabled on most existing Wi-Fi CERTIFIED products as a

software upgrade. The main pieces of the 802.11i draft that are not included in Wi-Fi Protected Access are

secure IBSS, secure fast handoff, secure de-authentication and disassociation, as well as enhanced

encryption protocols such as AES-CCMP. These features are either not yet ready for market or will require

hardware upgrades to implement.

Wi-Fi Protected Access for the Enterprise

Wi-Fi Protected Access effectively addresses the WLAN security requirements for the enterprise and

provides a strong encryption and authentication solution prior to the ratification of the IEEE 802.11i

standard. In an enterprise with IT resources, Wi-Fi Protected Access should be used in conjunction with an

authentication server such as RADIUS to provide centralized access control and management. With this

implementation in place, the need for add-on solutions such as VPNs may be eliminated, at least for the

express purpose of securing the wireless link in a network.

Wi-Fi Protected Access for Home/SOHO

In a home or Small Office/ Home Office (SOHO) environment, where there are no central authentication

servers or EAP framework, Wi-Fi Protected Access runs in a special home mode. This mode, also called

Pre-Shared Key (PSK), allows the use of manually-entered keys or passwords and is designed to be easy to

set up for the home user. All the home user needs to do is enter a password (also called a master key) in their

access point or home wireless gateway and each PC that is on the Wi-Fi wireless network. Wi-Fi Protected

Access takes over automatically from that point. First, the password allows only devices with a matching

password to join the network, which keeps out eavesdroppers and other unauthorized users. Second, the

password automatically kicks off the TKIP encryption process, described above.

Wi-Fi Protected Access for Public Access

The intrinsic encryption and authentication schemes defined in Wi-Fi Protected Access may also prove

useful for Wireless Internet Service Providers (WISPs) offering Wi-Fi public access in "hot spots" where

1 2 ... 81 82 83 84 85 86 87 88

No comments

Netgear WPN802 User Manual Page 86