TRENDnet TEW-633GR: 802.11n Draft 2.0 to the Rescue
by Kris Boughton on October 26, 2007 12:00 PM EST- Posted in
- Networking
Protocols
As with most topics, a general knowledge of the basic underlying principles is required to understand what features are important and which are perhaps less critical. We wanted to start with a quick overview of terms that will be used in this and future networking articles, and how they relate to the big picture. The end goal is that after reviewing a few of these principles we'll all be more prepared to make an informed purchasing decision when it comes to selecting a router. With that being said, let's dig in.
Service Set Identifier
The service set identifier (SSID) is a code that identifies a group of wireless network devices that all communicate with each other. More plainly put, this is the name of your wireless network represented by a case-sensitive string of alphanumeric characters. Some consider the simple act of not broadcasting the SSID to be a type (albeit extremely weak) of network security. This is an amazingly bad idea and we don't recommend this be employed by anyone as a viable method of security under any circumstance. Most routers/access points come with their SSID set to pay homage to the manufacturer - TRENDnet's is no different. While you may choose to not broadcast your SSID, you should still change it from the default value and enable other, more effective, security features.
Wireless Protocol Support (802.11 mode)
TRENDnet's wireless N router supports the big three standard wireless protocols - 802.11b, 802.11g and, of course, 802.11n (draft 2.0). The router also gives the option of supporting any combination of these protocols, this being especially useful for those that want to take advantage of the performance increase of the new Draft-N protocol while still maintaining backward compatibility with legacy wireless B/G components. (For instance, many notebooks still come equipped with the Intel PRO/Wireless 2915ABG/3945ABG Network Connection while many of the newer Santa Rosa-based platforms make use of the latest Intel PRO/Wireless 4965AGN Network Connection.) Setting the router to operate in mixed mode with support for both wireless G and N means there's no reason to keep those older access points (AP) around anymore.
Some readers may already be expressing concern over the fact that the wireless N specification has yet to be approved - some sources suggest this may be delayed until as late as September 2008, though it could come as early as spring 2008. In essence, 802.11n is a proposed amendment to the pre-existing standard (IEEE 802.11) that adds a specific set of guidelines to implement multiple-in multiple-out (MIMO) technology.
This change makes use of multiple propagation paths through the use of more than one antenna. Instead of transferring data by way of a single serial pathway, MIMO technology in a sense simultaneously sends the data as a series of two or more parallel spatial transmissions in order to achieve a much higher total data throughput. Since the actual transmission of the wireless data is usually the limiting factor, this new method for sending data allows for increased network capacity and improved transfer efficiency. All commercial Draft-N routers to date use two receivers and two transmitters (2x2). Because the specification allows for up to 4x4, it is possible that future wireless base stations may have as many as five antennae (one being used for legacy wireless B/G operations).
Wireless Security Mode
There are two major security schemes that are utilized in the consumer market (assuming we don't count running unsecured as an option): Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) and Wi-Fi Protected Access (WPA and WPA2). We're going to go though a brief overview and try to explain why it always better to employ WPA or better whenever possible.
WEP makes use of a user-supplied 40-bit or 104-bit encryption key (usually supplied as a random combination of either 10 or 26 hexadecimal characters, each character representing exactly 4 bits) which is then joined with a system-supplied 24-bit initialization vector (IV) to create what's called an RC4 hash key with a total cipher strength of 64 or 128 bits. This key is then used to encrypt all outgoing and decrypt all incoming traffic from the access point to and from the endpoint. Only by knowing and entering the correct key code are communications established with the access point for the purposes of sending and receiving wireless data.
The flaw in this system is that modern practices and publicly available tools have made capturing and manipulating encrypted frames rather trivial, and as a result any system secured by WEP isn't really secure at all. Additionally, two authentication methods are used with WEP security - Open and Shared - neither of which is exceptionally robust. For this very reason we recommend that all wireless network operators make use of stronger, more complex security modes whenever possible.
The second newer and more potent security method, WPA (and version 2 of this protocol, WPA2) provide a much more capable solution to safeguarding your wireless data transmissions. WPA/WPA2 encryption, in its most unaltered form, makes use of an external RADIUS (Remote Authentication Dial In User Service) server to generate and distribute dynamic passphrase keys to each connected client. Since the prospect of owning and maintaining a server for the sole purpose of handing out connection passphrases is rather cost prohibitive, a second more management security scheme is also defined - one in which a single 'pre-shared key' (PSK, sometimes referred to as Personal mode) is typically used. Better known as WPA-PSK or WPA2-PSK, this protocol allows the use of a single password/passphrase for all clients.
A passphrase can be either 64 hexadecimal digits (256 bits), or 8 to 63 ASCII characters in length (which is also reduced to a 256-bit key through the use of a hash function incorporating the associated SSID). This 256 bit key is then combined with a 128-bit key and system-defined 48-bit IV to create the RC4 stream cipher used for encryption and decryption of all network traffic. Generally speaking, a large portion of the increased security is derived from the key length increase from either 64 or 128 bits to a minimum of 256 bits.
One of the major improvements of WPA over WEP is the use of Temporal Key Integrity Protocol (TKIP) which automatically, dynamically refreshes the key in use over time. This security practice makes the infamous 'key-recovery' attack against WEP-enabled systems futile when combined with the stronger IV key-length of WPA. Alternatively, Advanced Encryption Standard (AES) may be selected - to date AES is the strong security standard in use and is generally recognized as the most secure method for encrypting data.
TRENDnet's router allows for use of either 64-bit or 128-bit WEP encryption as well as WPA/WPA2 and WPA-PSK/WPA2-PSK using either TPIK (with adjustable re-keying period) or AES encryption. Such a broad range of available security protocols means that you should have no trouble finding a common scheme shared by all the components on your network. Those that demand maximum security should find themselves employing WPA2-PSK with AES whenever possible.
As with most topics, a general knowledge of the basic underlying principles is required to understand what features are important and which are perhaps less critical. We wanted to start with a quick overview of terms that will be used in this and future networking articles, and how they relate to the big picture. The end goal is that after reviewing a few of these principles we'll all be more prepared to make an informed purchasing decision when it comes to selecting a router. With that being said, let's dig in.
Service Set Identifier
The service set identifier (SSID) is a code that identifies a group of wireless network devices that all communicate with each other. More plainly put, this is the name of your wireless network represented by a case-sensitive string of alphanumeric characters. Some consider the simple act of not broadcasting the SSID to be a type (albeit extremely weak) of network security. This is an amazingly bad idea and we don't recommend this be employed by anyone as a viable method of security under any circumstance. Most routers/access points come with their SSID set to pay homage to the manufacturer - TRENDnet's is no different. While you may choose to not broadcast your SSID, you should still change it from the default value and enable other, more effective, security features.
Wireless Protocol Support (802.11 mode)
TRENDnet's wireless N router supports the big three standard wireless protocols - 802.11b, 802.11g and, of course, 802.11n (draft 2.0). The router also gives the option of supporting any combination of these protocols, this being especially useful for those that want to take advantage of the performance increase of the new Draft-N protocol while still maintaining backward compatibility with legacy wireless B/G components. (For instance, many notebooks still come equipped with the Intel PRO/Wireless 2915ABG/3945ABG Network Connection while many of the newer Santa Rosa-based platforms make use of the latest Intel PRO/Wireless 4965AGN Network Connection.) Setting the router to operate in mixed mode with support for both wireless G and N means there's no reason to keep those older access points (AP) around anymore.
Some readers may already be expressing concern over the fact that the wireless N specification has yet to be approved - some sources suggest this may be delayed until as late as September 2008, though it could come as early as spring 2008. In essence, 802.11n is a proposed amendment to the pre-existing standard (IEEE 802.11) that adds a specific set of guidelines to implement multiple-in multiple-out (MIMO) technology.
This change makes use of multiple propagation paths through the use of more than one antenna. Instead of transferring data by way of a single serial pathway, MIMO technology in a sense simultaneously sends the data as a series of two or more parallel spatial transmissions in order to achieve a much higher total data throughput. Since the actual transmission of the wireless data is usually the limiting factor, this new method for sending data allows for increased network capacity and improved transfer efficiency. All commercial Draft-N routers to date use two receivers and two transmitters (2x2). Because the specification allows for up to 4x4, it is possible that future wireless base stations may have as many as five antennae (one being used for legacy wireless B/G operations).
Wireless Security Mode
There are two major security schemes that are utilized in the consumer market (assuming we don't count running unsecured as an option): Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) and Wi-Fi Protected Access (WPA and WPA2). We're going to go though a brief overview and try to explain why it always better to employ WPA or better whenever possible.
WEP makes use of a user-supplied 40-bit or 104-bit encryption key (usually supplied as a random combination of either 10 or 26 hexadecimal characters, each character representing exactly 4 bits) which is then joined with a system-supplied 24-bit initialization vector (IV) to create what's called an RC4 hash key with a total cipher strength of 64 or 128 bits. This key is then used to encrypt all outgoing and decrypt all incoming traffic from the access point to and from the endpoint. Only by knowing and entering the correct key code are communications established with the access point for the purposes of sending and receiving wireless data.
The flaw in this system is that modern practices and publicly available tools have made capturing and manipulating encrypted frames rather trivial, and as a result any system secured by WEP isn't really secure at all. Additionally, two authentication methods are used with WEP security - Open and Shared - neither of which is exceptionally robust. For this very reason we recommend that all wireless network operators make use of stronger, more complex security modes whenever possible.
The second newer and more potent security method, WPA (and version 2 of this protocol, WPA2) provide a much more capable solution to safeguarding your wireless data transmissions. WPA/WPA2 encryption, in its most unaltered form, makes use of an external RADIUS (Remote Authentication Dial In User Service) server to generate and distribute dynamic passphrase keys to each connected client. Since the prospect of owning and maintaining a server for the sole purpose of handing out connection passphrases is rather cost prohibitive, a second more management security scheme is also defined - one in which a single 'pre-shared key' (PSK, sometimes referred to as Personal mode) is typically used. Better known as WPA-PSK or WPA2-PSK, this protocol allows the use of a single password/passphrase for all clients.
A passphrase can be either 64 hexadecimal digits (256 bits), or 8 to 63 ASCII characters in length (which is also reduced to a 256-bit key through the use of a hash function incorporating the associated SSID). This 256 bit key is then combined with a 128-bit key and system-defined 48-bit IV to create the RC4 stream cipher used for encryption and decryption of all network traffic. Generally speaking, a large portion of the increased security is derived from the key length increase from either 64 or 128 bits to a minimum of 256 bits.
One of the major improvements of WPA over WEP is the use of Temporal Key Integrity Protocol (TKIP) which automatically, dynamically refreshes the key in use over time. This security practice makes the infamous 'key-recovery' attack against WEP-enabled systems futile when combined with the stronger IV key-length of WPA. Alternatively, Advanced Encryption Standard (AES) may be selected - to date AES is the strong security standard in use and is generally recognized as the most secure method for encrypting data.
TRENDnet's router allows for use of either 64-bit or 128-bit WEP encryption as well as WPA/WPA2 and WPA-PSK/WPA2-PSK using either TPIK (with adjustable re-keying period) or AES encryption. Such a broad range of available security protocols means that you should have no trouble finding a common scheme shared by all the components on your network. Those that demand maximum security should find themselves employing WPA2-PSK with AES whenever possible.
Facebook
Twitter
RSS
13 Comments
View All Comments
smn198 - Monday, October 29, 2007 - link
With the backlash against HDD manufacturers quoting a GB as 1,000,000,000 bytes instead of 1,073,741,824 bytes or maybe more relevantly, broadband speeds not being up to their advertised rates, how long will it be before we see suits against WiFi equipment manufacturers (unless it has already happened and I missed it)?
Jedi2155 - Sunday, October 28, 2007 - link
Did someone from the D-link Gaming Router (DGL-4x00) design team get hired by Trendnet? The interface looks extremely similiar as well as the options.rslayer - Saturday, October 27, 2007 - link
It's great to have throughput numbers, however it would be nice to also get latency information. When using chatty protocols such as SMB/CIFS, the latency of a network has a huge impact on the actual bandwidth. This also brings up the fact that while you describe the direction the files were transferred, you didn't describe what protocol was used to make that transfer. If you are using SMB/CIFS, then you might want to try using HTTP to get real bandwidth numbers.legoman666 - Saturday, October 27, 2007 - link
While I agree that latency is important over wireless, why would you want to use HTTP to transfer large files over the network? When you want to copy 4gb from 1 computer to another computer on the network, do you fire up Apache and HTTP it over or do you use windows file sharing (Samba?). Or maybe you'd use FTP, but either way, why on earth would you use HTTP?eek2121 - Saturday, October 27, 2007 - link
SMB is not an efficient protocol. It was designed for 10 Mbps networks. SMB 2.0 is out now with vista, but you have to be transferring to other SMB 2.0 computers. Therefore copying files over LAN is not a good way to measure throughput, hence why they should use HTTP or FTP.siberus - Friday, October 26, 2007 - link
I wonder how much abuse this router can handle. I go through routers so fast. My general outlook on routers is terribly pessimistic. I'm on a 3 person network. I don't do anything too fancy just surf,game and BT the other two users just surf. I've tried multiple Brands and even bought some expensive models hoping I would "get what I paid for" but they've all been disappointing. My current linksys is already starting to bite the bullet but it's lasted almost a year which is better then the previous 4 routers. I really don't care about performance anymore reliability is way more important. My experience with wireless is even worse. Each new wireless router I get seems to be getting less and less range. I thought the Belkin N1 would be able to get at least some acceptable speed all the way up in my room but I couldn't even get a connection so I switched back to the linksys that im using now. Best range I've had so far was with D-Links Gamerlounge and after a few months that router just stopped being able to hold a connection. (the msn reconnecting sound drove me insane >.>)I've disabled wireless all together and opted to just use an Asoka plug to get stable connection in my room.notposting - Saturday, October 27, 2007 - link
The best solution is to roll your own router, I use a P3-450 with 128MB booting off CF card (CF->IDE adapter). A friend uses a headless P3 laptop. Even a Pentium 100 w/16 MB would be sufficient though, honestly.Then you just use the wireless device as an AP, which they should be able to handle--no NAT translation or firewall duties at that point. I have a crappy Motorola router--range sucks but I live in an apartment and it's stable now that it's just in AP mode.
Check out http://www.brazilfw.com.br">http://www.brazilfw.com.br -- it's basically a descendant of Coyote firewall. 2.30.1 is the last version that you can cram onto a floppy and boot.
bob4432 - Saturday, October 27, 2007 - link
i am still using a linksys wrt54g ver 2 running v4.30.1, HyperWRT 2.1b1 +tofu13c firmware. i have had this router nearly 2yrs and its longest uptime was ~450days (current uptime is 49days - i had to change my computer room set up and it was on the battery too long as i forgot about it), it is on a ups and runs 4-5 computers w/ 1 being on 24/7 w/ ftp, http w/ never a hiccup. w/ the 3rd party firmware you can up the power on this particular unit allowing for good coverage of our condo, both inside and outside w/ decent speeds (for a 'g' router).atm if this one died i would grab another one and see how it worked out, that sucks you are having such issues w/ your equipment :(
Foxy1 - Friday, October 26, 2007 - link
Anandtech has an exciting opportunity for a Proofreader to join our dynamic team.Key Responsibilities:
* Read copy for grammar, spelling, and style
* Edit copy as needed
* Ensure accuracy (spelling, grammar, punctuation, tone, and style)
* Improve readability of all copy
Requirements:
* Extremely detail-oriented
* Strong organizational, communication, and interpersonal skills
* Ability to work accurately in a fast-paced environment
* BA in English or related field of study
* 3+ years experience as Proofreader/Copy Editor
Anandtech has a comprehensive, competitive benefits package that includes Medical, Dental, and Vision insurance, 401K, Employee Stock Purchase Plan, a state-of-the-art Fitness Center, and much more! Forward resume to Anand Shimpi: anand@anandtech.com
JarredWalton - Saturday, October 27, 2007 - link
Sorry - "Karen" (that's me now, I guess) was out of town attending some meetings for a few days. I don't know that the article was any less valid, but I did make a few grammar/typo/whatever changes. I can state that personally, running one of the earlier Draft-N products, I will be very interested to hear which WiFi 802.11.n routers are best.Right now, all I can say for sure is that I would *not* recommend the NETGEAR RangeMax Next WNR834M. When it works, it's quite decent. However, I get periodic crashes, sometimes the WiFi network "disappears" (requiring a router reboot), and other oddities. I have a lot of (too many!) wireless devices (using different chipsets) and the drop-outs are irritating to say the least. Running a high-traffic BitTorrent client usually crashes the NETGEAR within a couple hours. And it doesn't have Gigabit Ethernet either, so I have to have a separate switch. At least the wired network doesn't crash.