Apple AirPort Networks manual WPA and WPA2 Personal

Page 12

12

The EAP protocol known as TLS (Transport Layer Security) presents a user’s information in the form of digital certificates. A user’s digital certificates can comprise user names and passwords, smart cards, secure IDs, or any other identity credentials that the IT administrator is comfortable using. WPA uses a wide variety of standards-based EAP implementations, including EAP-Transport Layer Security (EAP-TLS), EAP-Tunnel Transport Layer Security (EAP-TTLS), and Protected Extensible Authentication Protocol (PEAP). AirPort Extreme also supports the Lightweight Extensible Authentication Protocol (LEAP), a security protocol used by Cisco access points to dynamically assign a different WEP key to each user. AirPort Extreme is compatible with Cisco’s LEAP security protocol, enabling AirPort users to join Cisco-hosted wireless networks using LEAP.

In addition to TKIP, WPA2 supports the AES-CCMP encryption protocol. Based on the very secure AES national standard cipher, combined with sophisticated cryptographic techniques, AES-CCMP was specifically designed for wireless networks. Migrating from WEP to WPA2 requires new firmware for the AirPort Extreme Base Station (version 5.6 or later), and for AirPort Express (version 6.2 or later). Devices using WPA2 mode are not backward compatible with WEP.

WPA and WPA2 have two modes:

ÂPersonal mode, which relies on the capabilities of TKIP or AES-CCMP without requiring an authentication server

ÂEnterprise mode, which uses a separate server, such as a RADIUS server, for user authentication

WPA and WPA2 Personal

ÂFor home or Small Office/Home Office (SOHO) networks, WPA and WPA2 operates in Personal mode, taking into account that the typical household or small office does not have an authentication server. Instead of authenticating with a RADIUS server, users manually enter a password to log in to the wireless network. When a user enters the password correctly, the wireless device starts the encryption process using TKIP or AES-CCMP. TKIP or AES-CCMP takes the original password and derives encryption keys mathematically from the network password. The encryption key is regularly changed and rotated so that the same encryption key is never used twice. Other than entering the network password, the user isn’t required to do anything to make WPA or WPA2 Personal work in the home.

Chapter 2 AirPort Security

Page 11 Page 13
Image 12
Page 11 Page 13
Contents Apple AirPort Networks Contents Getting Started Getting Started Getting Started Printing with an Apple Wireless Device Extending the Range of Your AirPort NetworkSharing Your Computer’s Internet Connection Getting Started To start Internet sharing on a computer using Windows Security for AirPort Networks at Home NAT FirewallClosed Network Password Protection and Encryption Transmitter Power ControlMAC Address Access Control Security for AirPort Networks in Businesses and ClassroomsWi-Fi Protected Access WPA and WPA2 Radius SupportWPA and WPA2 Personal WPA and WPA2 Enterprise Setting Up the AirPort Extreme Network Configuring and Sharing Internet AccessSetting Advanced Options Using AirPort Utility Setting AirPort preferencesTo set AirPort preferences To set up your wireless device manually If you don’t see your wireless device in the listSetting Up the AirPort Extreme Network If you can’t open the wireless device settingsAirPort Network Designs Wireless Device Settings Change the Device PasswordGive the Device a Name Other InformationWireless Network Settings Setting the Wireless ModeSet Device Options Naming the AirPort Extreme NetworkChoosing the Radio Mode Password-protect Your NetworkChanging the Channel Setting Wireless Options Setting Additional Wireless Options Use the Wireless Options pane to set the followingConfiguring and Sharing Internet Access Setting up a Guest NetworkYou’re Using a DSL or Cable Modem What It Looks Like How It WorksWhat You Need for a DSL or Cable Modem Connection What to Do AirPort Network Designs AirPort Network Designs AirPort Network Designs AirPort Network Designs Setting Dhcp and NAT Options AirPort Network Designs Setting Dhcp Only Options Setting Up Client ComputersTo configure TCP/IP on client computers using Mac OS X Next, choose Dhcp from the Configure IPv4 pop-up menu To configure TCP/IP on client computers using Windows To configure TCP/IP on client computersAirPort Network Designs You’re Using an Existing Ethernet Network What You Need for an Ethernet ConnectionWhat to Do AirPort Network Designs AirPort Extreme Ethernet WAN port Time Capsule Setting Advanced Options Setting Up Roaming To set up roamingExtending the Range of an 802.11n Network To extend the range of an 802.11n networkControlling the Range of Your AirPort Network To shorten the range of your AirPort networkTo help protect your network and wireless device Using Wi-Fi Protected AccessKeeping Your Network Secure To set up a WPA or WPA2 Enterprise network To set up a WPA or WPA2 Personal networkSetting Up Access Control To set up the access control listUsing a Radius Server To set up authentication using a Radius serverAirPort Network Designs To set up inbound port mapping To set up a default host To set up loggingLogging Using Back to My Mac on your Wireless Network To set up Back to My Mac on your wireless deviceTo set the time automatically Setting up IPv6 To adjust IPv6 firewall settingsCustomizing the IPv6 firewall To manually set IPv6 optionsSharing and Securing USB Hard Disks on Your Network To share a hard disk on your networkUsing a Time Capsule in Your Network Connecting a USB Printer to an Apple Wireless DeviceTo use a printer on your network Adding a Wireless Client to Your 802.11n Network To allow client access to your networkTo change the name of your USB printer Solving Problems On a computer using Mac OSOn a computer using Windows More Information About AirPort AirPort Utility HelpWorld Wide Web How Information Reaches Its Destination Packets and TrafficHardware Addresses IP AddressesUsing the AirPort Extreme Base Station Rules for Sending Information ProtocolsBase Station Interfaces Using the Time Capsule Using the AirPort ExpressTime Capsule Interfaces AirPort Express InterfacesApple Wireless Device Functions Items That Can Cause Interference with AirPort Glossary Glossary Glossary Glossary Glossary Glossary Glossary Glossary
Top Page Image Contents