Apple AirPort Networks manual Wi-Fi Protected Access WPA and WPA2, Radius Support

Page 11

RADIUS Support

The Remote Authentication Dial-In User Service (RADIUS) makes securing a large network easy. RADIUS is an access control protocol that allows a system administrator to create a central list of the user names and passwords of computers that can access the network. Placing this list on a centralized server allows many wireless devices to access the list and makes it easy to update. If the MAC address of a user’s computer (which is unique to each 802.11 wireless card) is not on your approved MAC address list, the user cannot join your network.

Wi-Fi Protected Access (WPA) and WPA2

There has been increasing concern about the vulnerabilities of WEP. In response, the Wi-Fi Alliance, in conjunction with the IEEE, has developed enhanced, interoperable security standards called Wi-Fi Protected Access (WPA) and WPA2.

WPA and WPA2 use specifications that bring together standards-based, interoperable security mechanisms that significantly increase the level of data protection and access control for wireless LANs. WPA and WPA2 provide wireless LAN users with a high-level assurance that their data remains protected and that only authorized network users can access the network. A wireless network that uses WPA or WPA2 requires all computers that access the wireless network to have WPA or WPA2 support. WPA provides a high level of data protection and (when used in Enterprise mode) requires user authentication.

The main standards-based technologies that constitute WPA include Temporal Key Integrity Protocol (TKIP), 802.1X, Message Integrity Check (MIC), and Extensible Authentication Protocol (EAP).

TKIP provides enhanced data encryption by addressing the WEP encryption vulnerabilities, including the frequency with which keys are used to encrypt the wireless connection. 802.1X and EAP provide the ability to authenticate a user on the wireless network.

802.1X is a port-based network access control method for wired as well as wireless networks. The IEEE adopted 802.1X as a standard in August 2001.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them, and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, the data is assumed to have been tampered with and the packet is dropped. If multiple MIC failures occur, the network may initiate countermeasures.

Chapter 2 AirPort Security

11

Page 10 Page 12
Image 11
Page 10 Page 12
Contents Apple AirPort Networks Contents Getting Started Getting Started Getting Started Sharing Your Computer’s Internet Connection Printing with an Apple Wireless DeviceExtending the Range of Your AirPort Network Getting Started To start Internet sharing on a computer using Windows Closed Network Security for AirPort Networks at HomeNAT Firewall Security for AirPort Networks in Businesses and Classrooms Password Protection and EncryptionTransmitter Power Control MAC Address Access ControlRadius Support Wi-Fi Protected Access WPA and WPA2WPA and WPA2 Personal WPA and WPA2 Enterprise Setting Advanced Options Setting Up the AirPort Extreme NetworkConfiguring and Sharing Internet Access To set AirPort preferences Using AirPort UtilitySetting AirPort preferences If you don’t see your wireless device in the list To set up your wireless device manuallyIf you can’t open the wireless device settings Setting Up the AirPort Extreme NetworkAirPort Network Designs Other Information Wireless Device SettingsChange the Device Password Give the Device a NameNaming the AirPort Extreme Network Wireless Network SettingsSetting the Wireless Mode Set Device OptionsChanging the Channel Choosing the Radio ModePassword-protect Your Network Setting Wireless Options Use the Wireless Options pane to set the following Setting Additional Wireless OptionsYou’re Using a DSL or Cable Modem Configuring and Sharing Internet AccessSetting up a Guest Network What You Need for a DSL or Cable Modem Connection What It Looks LikeHow It Works What to Do AirPort Network Designs AirPort Network Designs AirPort Network Designs AirPort Network Designs Setting Dhcp and NAT Options AirPort Network Designs To configure TCP/IP on client computers using Mac OS X Setting Dhcp Only OptionsSetting Up Client Computers Next, choose Dhcp from the Configure IPv4 pop-up menu To configure TCP/IP on client computers To configure TCP/IP on client computers using WindowsAirPort Network Designs What You Need for an Ethernet Connection You’re Using an Existing Ethernet NetworkWhat to Do AirPort Network Designs AirPort Extreme Ethernet WAN port Time Capsule Setting Advanced Options To set up roaming Setting Up RoamingTo extend the range of an 802.11n network Extending the Range of an 802.11n NetworkTo shorten the range of your AirPort network Controlling the Range of Your AirPort NetworkKeeping Your Network Secure To help protect your network and wireless deviceUsing Wi-Fi Protected Access To set up a WPA or WPA2 Personal network To set up a WPA or WPA2 Enterprise networkTo set up the access control list Setting Up Access ControlTo set up authentication using a Radius server Using a Radius ServerAirPort Network Designs To set up inbound port mapping Logging To set up a default hostTo set up logging To set the time automatically Using Back to My Mac on your Wireless NetworkTo set up Back to My Mac on your wireless device To manually set IPv6 options Setting up IPv6To adjust IPv6 firewall settings Customizing the IPv6 firewallTo share a hard disk on your network Sharing and Securing USB Hard Disks on Your NetworkTo use a printer on your network Using a Time Capsule in Your NetworkConnecting a USB Printer to an Apple Wireless Device To change the name of your USB printer Adding a Wireless Client to Your 802.11n NetworkTo allow client access to your network On a computer using Windows Solving ProblemsOn a computer using Mac OS World Wide Web More Information About AirPortAirPort Utility Help IP Addresses How Information Reaches Its DestinationPackets and Traffic Hardware AddressesBase Station Interfaces Using the AirPort Extreme Base StationRules for Sending Information Protocols AirPort Express Interfaces Using the Time CapsuleUsing the AirPort Express Time Capsule InterfacesApple Wireless Device Functions Items That Can Cause Interference with AirPort Glossary Glossary Glossary Glossary Glossary Glossary Glossary Glossary
Top Page Image Contents