Netgear WGPS606 사용자 설명서
Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch
Wireless Networking Basics
B-9
Draft 1, 01 Feb 05
•
Enhanced data privacy
•
Robust key management
•
Data origin authentication
•
Data integrity protection
Starting August of 2003, all new Wi-Fi certified products had to support WPA. NETGEAR
implemented WPA on client and access point products and made this available in the second half
of 2003.
implemented WPA on client and access point products and made this available in the second half
of 2003.
How Does WPA Compare to WEP?
WEP is a data encryption method and is not intended as a user authentication mechanism. WPA
user authentication is implemented using 802.1x and the Extensible Authentication Protocol
(EAP). Support for 802.1x authentication is required in WPA. In the 802.11 standard, 802.1x
authentication was optional. For details on EAP specifically, refer to IETF's RFC 2284.
user authentication is implemented using 802.1x and the Extensible Authentication Protocol
(EAP). Support for 802.1x authentication is required in WPA. In the 802.11 standard, 802.1x
authentication was optional. For details on EAP specifically, refer to IETF's RFC 2284.
With 802.11 WEP, all access points and client wireless adapters on a particular wireless LAN must
use the same encryption key. A major problem with the 802.11 standard is that the keys are
cumbersome to change. If you don't update the WEP keys often, an unauthorized person with a
sniffing tool can monitor your network for less than a day and decode the encrypted messages.
Products based on the 802.11 standard alone offer system administrators no effective method to
update the keys.
use the same encryption key. A major problem with the 802.11 standard is that the keys are
cumbersome to change. If you don't update the WEP keys often, an unauthorized person with a
sniffing tool can monitor your network for less than a day and decode the encrypted messages.
Products based on the 802.11 standard alone offer system administrators no effective method to
update the keys.
For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity
Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger
than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices
to perform encryption operations. TKIP provides important data encryption enhancements
including a per-packet key mixing function, a message integrity check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through
these enhancements, TKIP addresses all of known WEP vulnerabilities.
Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger
than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices
to perform encryption operations. TKIP provides important data encryption enhancements
including a per-packet key mixing function, a message integrity check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through
these enhancements, TKIP addresses all of known WEP vulnerabilities.
How Does WPA Compare to IEEE 802.11i?
WPA is forward compatible with the IEEE 802.11i security specification. WPA is a subset of
802.11i and uses certain pieces of the 802.11i were ready to bring to market, such as 802.1x and
TKIP. The main pieces of 802.11i that are not included in WPA are secure IBSS (Ad-Hoc mode),
secure fast handoff (for specialized 802.11 VoIP phones), as well as enhanced encryption protocols
such as AES-CCMP. These features require hardware upgrades and as of January 2005 are now
becoming widely available.
802.11i and uses certain pieces of the 802.11i were ready to bring to market, such as 802.1x and
TKIP. The main pieces of 802.11i that are not included in WPA are secure IBSS (Ad-Hoc mode),
secure fast handoff (for specialized 802.11 VoIP phones), as well as enhanced encryption protocols
such as AES-CCMP. These features require hardware upgrades and as of January 2005 are now
becoming widely available.