AT-TQ2403 Management Software User's Guide

59

 

 

+24-bit initialization vector (IV)) or 128-bit(104-bit secret key + 24-bit IV) Shared Key for data encryption.

 

Key Management

Encryption Algorithm

User Authentication

 

 

 

 

 

Static WEP uses a fixed key that

An RC4 stream cipher is used

If you set the Authentication

 

is provided by the administrator.

to encrypt the frame body

Algorithm to Shared Key, this

 

WEP keys are indexed in

and cyclic redundancy

protocol provides a rudimentary form

 

different slots (up to four on the

checking (CRC) of each

of user authentication.

 

AT-TQ2403 Management

802.11 frame.

 

 

Software).

 

However, if the Authentication

 

The client stations must have the

 

Algorithm is set to Open System,

 

 

no authentication is performed.

 

same key indexed in the same

 

 

 

slot to access data on the access

 

If the algorithm is set to Both, only

 

point.

 

WEP clients are authenticated.

 

 

 

 

Recommendations

Static WEP was designed to provide security equivalent of sending unencrypted data through an Ethernet connection, however it has major flaws and it does not provide even this intended level of security.

Therefore, Static WEP is not recommended as a secure mode. The only time to use Static WEP is when interoperability issues make it the only option available to you and you are not concerned with the potential of exposing the data on your network.

See Also

For information on how to configure Static WEP security mode, see “Static WEP” under “Configuring Security Settings”.

When to Use IEEE 802.1x

IEEE 802.1x is the standard for passing the Extensible Authentication Protocol (EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.

Key Management

Encryption Algorithm

User Authentication

 

 

 

IEEE 802.1x provides

An RC4 stream cipher is used to

IEEE 802.1x mode supports a

dynamically- generated keys

encrypt the frame body and cyclic

variety of authentication

that are periodically refreshed.

redundancy checking (CRC) of

methods, like certificates,

 

each 802.11 frame.

Kerberos, and public key

 

 

authentication with a RADIUS

 

 

server.

 

 

 

Recommendations

IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically generated and changed periodically. However, the encryption algorithm used is the same as that of Static WEP and is therefore not as reliable as the more advanced encryption methods such as TKIP and CCMP (AES) used in Wi-Fi Protected Access (WPA) or WPA2.