Appendix D Wireless LANs
P-661HNU-Fx User’s Guide
345
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK
depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
WEP is less secure than WPA or WPA2.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity
Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2
use Advanced Encryption Standard (AES) in the Counter mode with Cipher block
chaining Message authentication code Protocol (CCMP) to offer stronger
encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the
authentication server. AES (Advanced Encryption Standard) is a block cipher that
uses a 256-bit mathematical algorithm called Rijndael. They both include a per-
packet key mixing function, a Message Integrity Check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same
encryption key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that
then sets up a key hierarchy and management system, using the PMK to
dynamically generate unique data encryption keys to encrypt every data packet
that is wirelessly communicated between the AP and the wireless clients. This all
happens in the background automatically.
The Message Integrity Check (MIC) is designed to prevent an attacker from
capturing data packets, altering them and resending them. The MIC provides a
strong mathematical function in which the receiver and the transmitter each
compute and then compare the MIC. If they do not match, it is assumed that the
data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating
an integrity checking mechanism (MIC), with TKIP and AES it is more difficult to
decrypt data on a Wi-Fi network than WEP and difficult for an intruder to break
into the network.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The
only difference between the two is that WPA(2)-PSK uses a simple common
password, instead of user-specific credentials. The common-password approach
makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s
still an improvement over WEP as it employs a consistent, single, alphanumeric
password to derive a PMK which is used to generate unique temporal encryption
Содержание P-661H-61
Страница 2: ......
Страница 8: ...Safety Warnings P 661HNU Fx User s Guide 8...
Страница 10: ...Contents Overview P 661HNU Fx User s Guide 10...
Страница 18: ...Table of Contents P 661HNU Fx User s Guide 18 Appendix G Legal Information 393 Index 1...
Страница 19: ...19 PART I User s Guide...
Страница 20: ...20...
Страница 28: ...Chapter 1 Introduction P 661HNU Fx User s Guide 28...
Страница 36: ...Chapter 2 Introducing the Web Configurator P 661HNU Fx User s Guide 36...
Страница 79: ...79 PART II Technical Reference...
Страница 80: ...80...
Страница 86: ...Chapter 4 Connection Status and System Info Screens P 661HNU Fx User s Guide 86...
Страница 140: ...Chapter 6 Wireless P 661HNU Fx User s Guide 140...
Страница 172: ...Chapter 8 Routing P 661HNU Fx User s Guide 172...
Страница 176: ...Chapter 9 DNS Route P 661HNU Fx User s Guide 176...
Страница 260: ...Chapter 24 Backup Restore P 661HNU Fx User s Guide 260...
Страница 281: ...Chapter 27 Product Specifications P 661HNU Fx User s Guide 281...
Страница 282: ...Chapter 27 Product Specifications P 661HNU Fx User s Guide 282...
Страница 334: ...Appendix C Pop up Windows Java Script and Java Permissions P 661HNU Fx User s Guide 334...
Страница 358: ...Appendix D Wireless LANs P 661HNU Fx User s Guide 358...
Страница 392: ...Appendix F Open Software Announcements P 661HNU Fx User s Guide 392...
Страница 403: ...Index P 661HNU Fx User s Guide 403...
Страница 404: ...Index P 661HNU Fx User s Guide 404...