TRENDnet TEW-633GR: 802.11n Draft 2.0 to the Rescue
by Kris Boughton on October 26, 2007 12:00 PM EST- Posted in
- Networking
Protocols
As with most topics, a general knowledge of the basic underlying principles is required to understand what features are important and which are perhaps less critical. We wanted to start with a quick overview of terms that will be used in this and future networking articles, and how they relate to the big picture. The end goal is that after reviewing a few of these principles we'll all be more prepared to make an informed purchasing decision when it comes to selecting a router. With that being said, let's dig in.
Service Set Identifier
The service set identifier (SSID) is a code that identifies a group of wireless network devices that all communicate with each other. More plainly put, this is the name of your wireless network represented by a case-sensitive string of alphanumeric characters. Some consider the simple act of not broadcasting the SSID to be a type (albeit extremely weak) of network security. This is an amazingly bad idea and we don't recommend this be employed by anyone as a viable method of security under any circumstance. Most routers/access points come with their SSID set to pay homage to the manufacturer - TRENDnet's is no different. While you may choose to not broadcast your SSID, you should still change it from the default value and enable other, more effective, security features.
Wireless Protocol Support (802.11 mode)
TRENDnet's wireless N router supports the big three standard wireless protocols - 802.11b, 802.11g and, of course, 802.11n (draft 2.0). The router also gives the option of supporting any combination of these protocols, this being especially useful for those that want to take advantage of the performance increase of the new Draft-N protocol while still maintaining backward compatibility with legacy wireless B/G components. (For instance, many notebooks still come equipped with the Intel PRO/Wireless 2915ABG/3945ABG Network Connection while many of the newer Santa Rosa-based platforms make use of the latest Intel PRO/Wireless 4965AGN Network Connection.) Setting the router to operate in mixed mode with support for both wireless G and N means there's no reason to keep those older access points (AP) around anymore.
Some readers may already be expressing concern over the fact that the wireless N specification has yet to be approved - some sources suggest this may be delayed until as late as September 2008, though it could come as early as spring 2008. In essence, 802.11n is a proposed amendment to the pre-existing standard (IEEE 802.11) that adds a specific set of guidelines to implement multiple-in multiple-out (MIMO) technology.
This change makes use of multiple propagation paths through the use of more than one antenna. Instead of transferring data by way of a single serial pathway, MIMO technology in a sense simultaneously sends the data as a series of two or more parallel spatial transmissions in order to achieve a much higher total data throughput. Since the actual transmission of the wireless data is usually the limiting factor, this new method for sending data allows for increased network capacity and improved transfer efficiency. All commercial Draft-N routers to date use two receivers and two transmitters (2x2). Because the specification allows for up to 4x4, it is possible that future wireless base stations may have as many as five antennae (one being used for legacy wireless B/G operations).
Wireless Security Mode
There are two major security schemes that are utilized in the consumer market (assuming we don't count running unsecured as an option): Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) and Wi-Fi Protected Access (WPA and WPA2). We're going to go though a brief overview and try to explain why it always better to employ WPA or better whenever possible.
WEP makes use of a user-supplied 40-bit or 104-bit encryption key (usually supplied as a random combination of either 10 or 26 hexadecimal characters, each character representing exactly 4 bits) which is then joined with a system-supplied 24-bit initialization vector (IV) to create what's called an RC4 hash key with a total cipher strength of 64 or 128 bits. This key is then used to encrypt all outgoing and decrypt all incoming traffic from the access point to and from the endpoint. Only by knowing and entering the correct key code are communications established with the access point for the purposes of sending and receiving wireless data.
The flaw in this system is that modern practices and publicly available tools have made capturing and manipulating encrypted frames rather trivial, and as a result any system secured by WEP isn't really secure at all. Additionally, two authentication methods are used with WEP security - Open and Shared - neither of which is exceptionally robust. For this very reason we recommend that all wireless network operators make use of stronger, more complex security modes whenever possible.
The second newer and more potent security method, WPA (and version 2 of this protocol, WPA2) provide a much more capable solution to safeguarding your wireless data transmissions. WPA/WPA2 encryption, in its most unaltered form, makes use of an external RADIUS (Remote Authentication Dial In User Service) server to generate and distribute dynamic passphrase keys to each connected client. Since the prospect of owning and maintaining a server for the sole purpose of handing out connection passphrases is rather cost prohibitive, a second more management security scheme is also defined - one in which a single 'pre-shared key' (PSK, sometimes referred to as Personal mode) is typically used. Better known as WPA-PSK or WPA2-PSK, this protocol allows the use of a single password/passphrase for all clients.
A passphrase can be either 64 hexadecimal digits (256 bits), or 8 to 63 ASCII characters in length (which is also reduced to a 256-bit key through the use of a hash function incorporating the associated SSID). This 256 bit key is then combined with a 128-bit key and system-defined 48-bit IV to create the RC4 stream cipher used for encryption and decryption of all network traffic. Generally speaking, a large portion of the increased security is derived from the key length increase from either 64 or 128 bits to a minimum of 256 bits.
One of the major improvements of WPA over WEP is the use of Temporal Key Integrity Protocol (TKIP) which automatically, dynamically refreshes the key in use over time. This security practice makes the infamous 'key-recovery' attack against WEP-enabled systems futile when combined with the stronger IV key-length of WPA. Alternatively, Advanced Encryption Standard (AES) may be selected - to date AES is the strong security standard in use and is generally recognized as the most secure method for encrypting data.
TRENDnet's router allows for use of either 64-bit or 128-bit WEP encryption as well as WPA/WPA2 and WPA-PSK/WPA2-PSK using either TPIK (with adjustable re-keying period) or AES encryption. Such a broad range of available security protocols means that you should have no trouble finding a common scheme shared by all the components on your network. Those that demand maximum security should find themselves employing WPA2-PSK with AES whenever possible.
As with most topics, a general knowledge of the basic underlying principles is required to understand what features are important and which are perhaps less critical. We wanted to start with a quick overview of terms that will be used in this and future networking articles, and how they relate to the big picture. The end goal is that after reviewing a few of these principles we'll all be more prepared to make an informed purchasing decision when it comes to selecting a router. With that being said, let's dig in.
Service Set Identifier
The service set identifier (SSID) is a code that identifies a group of wireless network devices that all communicate with each other. More plainly put, this is the name of your wireless network represented by a case-sensitive string of alphanumeric characters. Some consider the simple act of not broadcasting the SSID to be a type (albeit extremely weak) of network security. This is an amazingly bad idea and we don't recommend this be employed by anyone as a viable method of security under any circumstance. Most routers/access points come with their SSID set to pay homage to the manufacturer - TRENDnet's is no different. While you may choose to not broadcast your SSID, you should still change it from the default value and enable other, more effective, security features.
Wireless Protocol Support (802.11 mode)
TRENDnet's wireless N router supports the big three standard wireless protocols - 802.11b, 802.11g and, of course, 802.11n (draft 2.0). The router also gives the option of supporting any combination of these protocols, this being especially useful for those that want to take advantage of the performance increase of the new Draft-N protocol while still maintaining backward compatibility with legacy wireless B/G components. (For instance, many notebooks still come equipped with the Intel PRO/Wireless 2915ABG/3945ABG Network Connection while many of the newer Santa Rosa-based platforms make use of the latest Intel PRO/Wireless 4965AGN Network Connection.) Setting the router to operate in mixed mode with support for both wireless G and N means there's no reason to keep those older access points (AP) around anymore.
Some readers may already be expressing concern over the fact that the wireless N specification has yet to be approved - some sources suggest this may be delayed until as late as September 2008, though it could come as early as spring 2008. In essence, 802.11n is a proposed amendment to the pre-existing standard (IEEE 802.11) that adds a specific set of guidelines to implement multiple-in multiple-out (MIMO) technology.
This change makes use of multiple propagation paths through the use of more than one antenna. Instead of transferring data by way of a single serial pathway, MIMO technology in a sense simultaneously sends the data as a series of two or more parallel spatial transmissions in order to achieve a much higher total data throughput. Since the actual transmission of the wireless data is usually the limiting factor, this new method for sending data allows for increased network capacity and improved transfer efficiency. All commercial Draft-N routers to date use two receivers and two transmitters (2x2). Because the specification allows for up to 4x4, it is possible that future wireless base stations may have as many as five antennae (one being used for legacy wireless B/G operations).
Wireless Security Mode
There are two major security schemes that are utilized in the consumer market (assuming we don't count running unsecured as an option): Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) and Wi-Fi Protected Access (WPA and WPA2). We're going to go though a brief overview and try to explain why it always better to employ WPA or better whenever possible.
WEP makes use of a user-supplied 40-bit or 104-bit encryption key (usually supplied as a random combination of either 10 or 26 hexadecimal characters, each character representing exactly 4 bits) which is then joined with a system-supplied 24-bit initialization vector (IV) to create what's called an RC4 hash key with a total cipher strength of 64 or 128 bits. This key is then used to encrypt all outgoing and decrypt all incoming traffic from the access point to and from the endpoint. Only by knowing and entering the correct key code are communications established with the access point for the purposes of sending and receiving wireless data.
The flaw in this system is that modern practices and publicly available tools have made capturing and manipulating encrypted frames rather trivial, and as a result any system secured by WEP isn't really secure at all. Additionally, two authentication methods are used with WEP security - Open and Shared - neither of which is exceptionally robust. For this very reason we recommend that all wireless network operators make use of stronger, more complex security modes whenever possible.
The second newer and more potent security method, WPA (and version 2 of this protocol, WPA2) provide a much more capable solution to safeguarding your wireless data transmissions. WPA/WPA2 encryption, in its most unaltered form, makes use of an external RADIUS (Remote Authentication Dial In User Service) server to generate and distribute dynamic passphrase keys to each connected client. Since the prospect of owning and maintaining a server for the sole purpose of handing out connection passphrases is rather cost prohibitive, a second more management security scheme is also defined - one in which a single 'pre-shared key' (PSK, sometimes referred to as Personal mode) is typically used. Better known as WPA-PSK or WPA2-PSK, this protocol allows the use of a single password/passphrase for all clients.
A passphrase can be either 64 hexadecimal digits (256 bits), or 8 to 63 ASCII characters in length (which is also reduced to a 256-bit key through the use of a hash function incorporating the associated SSID). This 256 bit key is then combined with a 128-bit key and system-defined 48-bit IV to create the RC4 stream cipher used for encryption and decryption of all network traffic. Generally speaking, a large portion of the increased security is derived from the key length increase from either 64 or 128 bits to a minimum of 256 bits.
One of the major improvements of WPA over WEP is the use of Temporal Key Integrity Protocol (TKIP) which automatically, dynamically refreshes the key in use over time. This security practice makes the infamous 'key-recovery' attack against WEP-enabled systems futile when combined with the stronger IV key-length of WPA. Alternatively, Advanced Encryption Standard (AES) may be selected - to date AES is the strong security standard in use and is generally recognized as the most secure method for encrypting data.
TRENDnet's router allows for use of either 64-bit or 128-bit WEP encryption as well as WPA/WPA2 and WPA-PSK/WPA2-PSK using either TPIK (with adjustable re-keying period) or AES encryption. Such a broad range of available security protocols means that you should have no trouble finding a common scheme shared by all the components on your network. Those that demand maximum security should find themselves employing WPA2-PSK with AES whenever possible.
Facebook
Twitter
RSS
13 Comments
View All Comments
InternetGeek - Friday, October 26, 2007 - link
One thing I've noticed about these home routers is that they advertise having a firewall as a feature, yet they clarify that it is a SPI. I understand these are limited firewalls (detect and filter malformed packages, and such). But when compared to a sofware firewall just how good are they? (Beyond being able to add unlimited number of rules on the software side ones).For my own network I use 2 routers with their SPI firewalls enabled and both having NAT enabled. In addition I'm using a software firewall (Trendmicro on Windows Vista) on all PCs. How 'secure' am I?
smn198 - Monday, October 29, 2007 - link
NAT will protect you from unsolicited traffic unless you have UPnP enabled. Your software firewall won't add much apart from outbound protection but by the point malware is phoning you are already in trouble but it can serve as a useful warning.Lawranc031 - Monday, March 14, 2022 - link
I read your post and I was Impressed by your post a lot. You keep posting like this. Thank you for Sharing. Click Here If You Know About <a href="https://thestudenthelpline.com/au/nursing-assignme... Assignment Help</a>