Netcom NB9 User Manual



NB9/NB9W ADSL+ VoIP Router

YML790 Rev8

WPA

WPA requires a RADIUS server to provide client authentication. WPA also requires specification of the ‘WPA
Group Rekey Interval’ which is the rate that the RADIUS server sends a new Group Key out to all clients.
The Re-Keying process is part of WPA’s enhanced security. This method also requires specification of the IP
address of a RADIUS server, the port on which to connect to the RADIUS server, and the shared key used to
authenticate with the RADIUS server.

WPA-PSK

WPA-PSK is a special mode of WPA providing strong encryption without access to a RADIUS server.

In this mode encryption keys are automatically changed (rekeyed) and authentication re-established between
devices after a specified period referred to as the ‘WPA Group Rekey Interval’.

WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for two reasons:
first, the process used to generate the encryption key is very rigorous and second, the rekeying (or key
changing) is done very quickly. This stops even the most determined hacker from gathering enough data to
identify the key and so break the encryption.

WEP is confusing because of the various types of ‘network keys’ vendors use (HEX, ASCII, or passphrase) and
because home users mix and match equipment from multiple vendors, all using different types of keys. But
WPA-PSK employs a consistent, easy to use method to secure your network. This method uses a passphrase
(also called a shared secret) that must be entered in both the NB9W and the wireless clients. This shared
secret can be between 8 and 63 characters and can include special characters and spaces. For maximum
security, the “WPA Pre-Shared Key” should be a random sequence of either keyboard characters (upper and
lowercase letters, numbers, and punctuation) at least 20 characters long, or hexadecimal digits (numbers 0-9
and letters A-F) at least 24 hexadecimal digits long.

Note:

The less obvious, longer and more ‘random’ your ‘WPA Pre-Shared Key’, the more secure your network.

Note the following ‘WPA Encryption’ options:

TKIP:

The Temporal Key Integrity Protocol (TKIP) takes over after the initial shared secret is entered
in your wireless devices and handles the encryption and automatic rekeying.

AES:

WPA defines the use of Advanced Encryption Standard (AES) as an additional replacement
for WEP encryption. Because you may not be able to add AES support through a firmware
update to your existing wireless clients / equipment, support for AES is optional and is
dependent on vendor driver support.

TKIP+AES:

This will allow either TKIP or AES wireless clients to connect to your NB9W.