Allied Telesis AT-TQ2403 58

58	AT-TQ2403 - Management Software - User's Guide

and also may be the right convenience trade-off for other scenarios where the priority is making it as easy as possible for clients to connect. (See “Does Prohibiting the Broadcast SSID Enhance Security?”)

Following is a brief discussion of what factors make one mode more secure than another, a description of each mode offered, and when to use each mode.

Comparison of Security Modes for Key Management,

Authentication and Encryption Algorithms

Three major factors that determine the effectiveness of a security protocol are:

∙How the protocol manages keys

∙Presence or absence of integrated user authentication in the protocol

∙Encryption algorithm or formula the protocol uses to encode/decode the data

Following is a list of the security modes available on the AT-TQ2403 Management Software along with a description of the key management, authentication, and encryption algorithms used in each mode. We include some suggestions as to when one mode might be more appropriate than another.

∙When to Use Unencrypted (No Security)

∙When to Use Static WEP

∙When to Use IEEE 802.1x

∙When to Use WPA Personal

∙When to Use WPA Enterprise

When to Use Unencrypted (No Security)

Setting the security mode to None (Plain-text)by definition provides no security. In this mode, the data is not encrypted but rather sent as "plain-text" across the network. No key management, data encryption or user authentication is used.

Recommendations

Unencrypted mode, i.e. None (Plain-text), is not recommended for regular use on the Internal network because it is not secure. This is the only mode in which you can run the Guest network, which is by definition an insecure LAN, always virtually separated from any sensitive information on the Internal LAN.

Therefore, only set the security mode to None (Plain-text)on the Guest network, and on the Internal network for initial setup, testing, or problem solving only.