What are the key features of wpa security – NETGEAR WGPS606 User Manual

Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

B-10

Wireless Networking Basics

202-10083-01

What are the Key Features of WPA Security?

The following security features are included in the WPA standard:

•

WPA Authentication

•

WPA Encryption Key Management

–

Temporal Key Integrity Protocol (TKIP)

–

Michael

message integrity code (MIC)

–

AES Support

•

Support for a Mixture of WPA and WEP Wireless Clients

These features are discussed below.

WPA addresses most of the known WEP vulnerabilities and is primarily intended for wireless
infrastructure networks as found in the enterprise. This infrastructure includes stations, access
points, and authentication servers (typically RADIUS servers). The RADIUS server holds (or has
access to) user credentials (e.g., user names and passwords) and authenticates wireless users
before they gain access to the network.

The strength WPA comes from an integrated sequence of operations that encompass 802.1X/EAP
authentication and sophisticated key management and encryption techniques. Its major operations
include:

•

Network security capability determination. This occurs at the 802.11 level and is
communicated through WPA information elements in Beacon, Probe Response, and (Re)
Association Requests. Information in these elements includes the authentication method
(802.1X or Pre-shared key) and the preferred cipher suite (WEP, TKIP, or AES).

The primary information conveyed in the Beacon frames is the authentication method and the
cipher suite. Possible authentication methods include 802.1X and Pre-shared key. Pre-shared
key is an authentication method that uses a statically configured pass phrase on both the
stations and the access point. This obviates the need for an authentication server, which in
many home and small office environments will not be available nor desirable. Possible cipher
suites include: WEP, TKIP, and AES (Advanced Encryption Standard). We’ll talk more TKIP
and AES when addressing data privacy below.

•

Authentication. EAP over 802.1X is used for authentication. Mutual authentication is gained
by choosing an EAP type supporting this feature and is required by WPA. 802.1X port access
control prevents full access to the network until authentication completes. 802.1X
EAPOL-Key packets are used by WPA to distribute per-session keys to those stations
successfully authenticated.