NetComm NB9 User Giude page 36

WPA
WPA also requires a RADIUS server to provide client authentication. 802.1X also requires
specification of the 'WPA Group Rekey Interval' which is the rate that the RADIUS server sends
a new Group Key out to all clients. The Re-Keying process is part of WPA's enhanced security.
This method also requires specification of the IP address of a RADIUS server, the port on which to
connect to the RADIUS server, and the shared key used to authenticate with the RADIUS server.
WPA-PSK
WPA-PSK is a special mode of WPA providing strong encryption without access to a RADIUS
server.
In this mode encryption keys are automatically changed (rekeyed) and authentication re-established
between devices after a specified period referred to as the 'WPA Group Rekey Interval'.
WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for
two reasons: first, the process used to generate the encryption key is very rigorous and second, the
rekeying (or key changing) is done very quickly. This stops even the most determined hacker from
gathering enough data to identify the key and so break the encryption.
WEP is confusing because of the various types of 'network keys' vendors use (HEX, ASCII, or
passphrase) and because home users mix and match equipment from multiple vendors, all using
different types of keys. But WPA-PSK employs a consistent, easy to use method to secure your
network. This method uses a passphrase (also called a shared secret) that must be entered in both
the NB9W and the wireless clients. This shared secret can be between 8 and 63 characters and can
include special characters and spaces. The 'WPA Pre-Shared Key' should be a random sequence
of either keyboard characters (upper and lowercase letters, numbers, and punctuation) at least 20
characters long, or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits
long.
Note: The less obvious, longer and more 'random' your 'WPA Pre-Shared Key',
the more secure your network.
Note the following 'WPA Encryption' options:
TKIP:
AES:
TKIP+AES:
36
YML790 Rev1
The Temporal Key Integrity Protocol (TKIP) takes
over after the initial shared secret is entered in your
wireless devices and handles the encryption and
automatic rekeying.
WPA defines the use of Advanced Encryption
Standard (AES) as an additional replacement for
WEP encryption. Because you may not be able to
add AES support through a firmware update to your
existing wireless clients / equipment, support for
AES is optional and is dependent on vendor driver
support.
This will allow either TKIP or AES wireless clients
to connect to your NB9W.
NB9/NB9W ADSL2+ VoIP Router