Appendix E Wireless LANs
ZyXEL NWA-1100 User’s Guide
167
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK
depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
WEP is less secure than WPA or WPA2.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity
Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2
use Advanced Encryption Standard (AES) in the Counter mode with Cipher block
chaining Message authentication code Protocol (CCMP) to offer stronger
encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the
authentication server. AES (Advanced Encryption Standard) is a block cipher that
uses a 256-bit mathematical algorithm called Rijndael. They both include a per-
packet key mixing function, a Message Integrity Check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same
encryption key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that
then sets up a key hierarchy and management system, using the PMK to
dynamically generate unique data encryption keys to encrypt every data packet
that is wirelessly communicated between the AP and the wireless clients. This all
happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from
capturing data packets, altering them and resending them. The MIC provides a
strong mathematical function in which the receiver and the transmitter each
compute and then compare the MIC. If they do not match, it is assumed that the
data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating
an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to
decrypt data on a Wi-Fi network than WEP and difficult for an intruder to break
into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The
only difference between the two is that WPA(2)-PSK uses a simple common
password, instead of user-specific credentials. The common-password approach
makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s
still an improvement over WEP as it employs a consistent, single, alphanumeric
password to derive a PMK which is used to generate unique temporal encryption
Содержание NWA-1100
Страница 2: ......
Страница 8: ...Safety Warnings ZyXEL NWA 1100 User s Guide 8 ...
Страница 10: ...Contents Overview ZyXEL NWA 1100 User s Guide 10 ...
Страница 16: ...Table of Contents ZyXEL NWA 1100 User s Guide 16 ...
Страница 18: ...18 ...
Страница 32: ...Chapter 2 Introducing the Web Configurator ZyXEL NWA 1100 User s Guide 32 ...
Страница 46: ...46 ...
Страница 54: ...Chapter 5 System Screens ZyXEL NWA 1100 User s Guide 54 ...
Страница 72: ...Chapter 6 Wireless Settings Screen ZyXEL NWA 1100 User s Guide 72 ...
Страница 92: ...Chapter 8 RADIUS Screen ZyXEL NWA 1100 User s Guide 92 ...
Страница 96: ...Chapter 9 MAC Filter Screen ZyXEL NWA 1100 User s Guide 96 ...
Страница 100: ...Chapter 10 IP Screen ZyXEL NWA 1100 User s Guide 100 ...
Страница 136: ...Chapter 15 Troubleshooting ZyXEL NWA 1100 User s Guide 136 ...
Страница 138: ...138 ...
Страница 142: ...Appendix B Power over Ethernet PoE Specifications ZyXEL NWA 1100 User s Guide 142 ...
Страница 144: ...Appendix C Power Adaptor Specifications ZyXEL NWA 1100 User s Guide 144 ...
Страница 198: ...Appendix H Text File Based Auto Configuration ZyXEL NWA 1100 User s Guide 198 ...
Страница 214: ...Appendix J Open Software Announcements ZyWALL USG 300 User s Guide 214 ...
Страница 225: ...Index ZyXEL NWA 1100 User s Guide 225 ...