LANCOM Wireless DSL – LANCOM Wireless ADSL
Chapter 8: Security settings
70
EN
8.1.2
Access control via MAC address
Each network device has an special identification number. This identification
number is the so-called MAC address (
M
edia
A
ccess
C
ontrol), which is world-
wide unique per device.
The MAC address is programmed into the hardware and cannot be changed.
Wireless LAN devices by LANCOM have got a MAC address label on the cas-
ing.
The access to an infrastructure network can be restricted to known MAC
addresses for certain Wireless LAN devices solely. To do so, Access Control lists
are available within the LANCOM base stations, in which the granted MAC
addresses can be deposited.
This method of access control is not available for ad-hoc networks.
8.1.3
LANCOM Enhanced Passphrase Security
With LEPS (
L
ANCOM
E
nhanced
P
assphrase
S
ecurity) LANCOM Systems has
developed an efficient method which uses the simple configuration of IEEE
802.11i with passphrase and yet which avoids the potential error sources of
passphrase sharing. LEPS uses an additional column in the ACL to assign an
individual passphrase consisting of any 4 to 64 ASCII characters to each MAC
address. The connection to the access point and the subsequent encryption
with IEEE 802.11i or WPA is only possible with the right combination of pass-
phrase and MAC address.
LEPS can be used locally in the device and can also be centrally managed with
the help of a RADIUS server, and it works with all WLAN client adapters cur-
rently available on the market without modification. Full compatibility to
third-party products is assured as LEPS only involves configuration in the
access point.
An additional security aspect: LEPS can also be used to secure single point-
to-point connections (P2P) with an individual passphrase. Even if an access
point in a P2P installation is stolen and the passphrase and MAC address
become known, all other WLAN connections secured by LEPS remain pro-
tected, particularly when the ACL is stored on a RADIUS server.
8.1.4
Encryption of the data transfer
A special role comes up to the encryption of data transfer for Wireless LANs.
For IEEE 802.11 radio transfer the supplementing encryption standards are