NETGEAR 108 MBPS WIRELESS WGT624 V3 User Manual

Reference Manual for the 108 Mbps Wireless Firewall Router WGT624 v3

Glossary

-13

202-10090-02 v 1.4, July 2005

with the benefit of easier administration and use. This is similar to 802.1x support and requires a RADIUS
server in order to implement. The Wi-Fi Alliance will call this, 'WPA-Enterprise.'
One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short - this provides an
authentication alternative to an expensive RADIUS server. WPA-PSK is a simplified but still powerful form
of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or
"passphrase" as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time
interval, making it much more difficult for hackers to find and exploit them. The Wi-Fi Alliance will call
this, 'WPA-Personal.'

Wi-Fi Protected Access and IEEE 802.11i Comparison

Wi-Fi Protected Access will be forward-compatible with the IEEE 802.11i security specification currently
under development by the IEEE. Wi-Fi Protected Access is a subset of the current 802.11i draft, taking
certain pieces of the 802.11i draft that are ready to bring to market today, such as its implementation of
802.1x and TKIP. These features can also be enabled on most existing Wi-Fi CERTIFIED products as a
software upgrade. The main pieces of the 802.11i draft that are not included in Wi-Fi Protected Access are
secure IBSS, secure fast handoff, secure de-authentication and disassociation, as well as enhanced
encryption protocols such as AES-CCMP. These features are either not yet ready for market or will require
hardware upgrades to implement.

Wi-Fi Protected Access for the Enterprise

Wi-Fi Protected Access effectively addresses the WLAN security requirements for the enterprise and
provides a strong encryption and authentication solution prior to the ratification of the IEEE 802.11i
standard. In an enterprise with IT resources, Wi-Fi Protected Access should be used in conjunction with an
authentication server such as RADIUS to provide centralized access control and management. With this
implementation in place, the need for add-on solutions such as VPNs may be eliminated, at least for the
express purpose of securing the wireless link in a network.

Wi-Fi Protected Access for Home/SOHO

In a home or Small Office/ Home Office (SOHO) environment, where there are no central authentication
servers or EAP framework, Wi-Fi Protected Access runs in a special home mode. This mode, also called
Pre-Shared Key (PSK), allows the use of manually-entered keys or passwords and is designed to be easy to
set up for the home user. All the home user needs to do is enter a password (also called a master key) in their
access point or home wireless gateway and each PC that is on the Wi-Fi wireless network. Wi-Fi Protected
Access takes over automatically from that point. First, the password allows only devices with a matching
password to join the network, which keeps out eavesdroppers and other unauthorized users. Second, the
password automatically kicks off the TKIP encryption process, described above.

Wi-Fi Protected Access for Public Access

The intrinsic encryption and authentication schemes defined in Wi-Fi Protected Access may also prove
useful for Wireless Internet Service Providers (WISPs) offering Wi-Fi public access in "hot spots" where
secure transmission and authentication is particularly important to users unknown to each other. The
authentication capability defined in the specification enables a secure access control mechanism for the
service providers and for mobile users not utilizing VPN connections.