C
HAPTER
7
| Wireless Configuration
WLAN Security
– 85 –
◆
WPA-PSK
— Clients using WPA with a Pre-shared Key are accepted for
authentication. The default data encryption type for WPA is TKIP.
◆
WPA2-PSK
— Clients using WPA2 with a Pre-shared Key are accepted
for authentication. The default data encryption type for WPA is AES.
◆
WPA-PSK_WPA2-PSK
— Clients using WPA or WPA2 with a Pre-
shared Key are accepted for authentication. The default data encryption
type is TKIP/AES.
◆
WPA Algorithms
— Selects the data encryption type to use. (Default
is determined by the Security Mode selected.)
■
TKIP
— Uses Temporal Key Integrity Protocol (TKIP) keys for
encryption. WPA specifies TKIP as the data encryption method to
replace WEP. TKIP avoids the problems of WEP static keys by
dynamically changing data encryption keys.
■
AES
— Uses Advanced Encryption Standard (AES) keys for
encryption. WPA2 uses AES Counter-Mode encryption with Cipher
Block Chaining Message Authentication Code (CBC-MAC) for
message integrity. The AES Counter-Mode/CBCMAC Protocol (AES-
CCMP) provides extremely robust data confidentiality using a 128-
bit key. Use of AES-CCMP encryption is specified as a standard
requirement for WPA2. Before implementing WPA2 in the network,
be sure client devices are upgraded to WPA2-compliant hardware.
■
TKIP/AES
— Uses either TKIP or AES keys for encryption. WPA and
WPA2 mixed modes allow both WPA and WPA2 clients to associate
to a common SSID. In mixed mode, the unicast encryption type
(TKIP or AES) is negotiated for each client.
◆
Pass Phrase
— The WPA Preshared Key can be input as an ASCII
string (an easy-to-remember form of letters and numbers that can
include spaces) or Hexadecimal format. (Range: 8~63 ASCII
characters, or exactly 64 Hexadecimal digits)
◆
Key Renewal Interval
— Sets the time period for automatically
changing data encryption keys and redistributing them to all connected
clients. (Default: 3600 seconds)
WPA E
NTERPRISE
M
ODE
Wi-Fi Protected Access (WPA) was introduced as an interim solution for the
vulnerability of WEP pending the adoption of a more robust wireless
security standard. WPA2 includes the complete wireless security standard,
but also offers backward compatibility with WPA. Both WPA and WPA2
provide an “enterprise” and “personal” mode of operation.
For enterprise deployment, WPA and WPA2 use IEEE 802.1X for user
authentication and require a RADIUS authentication server to be
configured on the wired network. Data encryption keys are automatically
generated and distributed to all clients connected to the network.