B a s i c S e c u r i t y C o n f i g u r a t i o n s

There are two main decisions to be made when choosing wireless security: encryption method and authentication protocol. The encryption method determines the algorithm used to encrypt the message. The authentication type specifies how users are identified and verified on a network. Is the device seeking connection what (and who) it claims to be?

Select an Encryption Method from the following table:

 

 

 

Encryption Method

Type

Algorithm

Size (bits)

Description

WEP

RC4

64/128

This is the 64 or 128 bit WEP Key that must match other nodes’

 

 

 

encryption keys in order to communicate. The user can only

 

 

 

define 10 hex characters (40 bits) for 64 bit WEP or 26

 

 

 

characters (104 bits) for 128 bit WEP.

WPA

RC4

64/128

Improves on WEP by using TKIP* (Temporal Key Integrity

 

 

 

Protocol), which dynamically changes the encryption key and

 

 

 

MIC (Message Integrity Code), which replaces CRC.

WPA2

AES

128

Improves on WPA by replacing RC4 with AES (Advanced

 

 

 

Encryption Standard) for encryption. The user can only define

 

 

 

26 characters (104 bits) for 128 bit

 

 

 

WPA2.

*Dynamic WEP cannot be selected directly, so select 128 for the encryption mode and select an authentication mode from one of the following: LEAP, PEAP, EAP-FAST, TLS, or TTLS.

Authentication Protocol

Type

RADIUS Server

User ID &

Certificate

Private Key Info File

 

 

Protocol

Password

 

 

 

 

 

 

 

 

Enterprise

LEAP

 

 

No

N/A

 

PEAP*

PAP or

 

 

N/A

 

 

Required

Optional*

 

 

TLS

Required*

 

MSCHAPv2

 

TTLS

 

 

 

N/A

 

EAP-FAST

 

 

PAC*

N/A

 

 

 

 

 

 

Personal

PSK

N/A

 

 

 

*PEAP

*Optional

This is only for server-side certificates.

Leaving the Certificate Root Key and the Certificate CN (common) names blank, no validation of the host certificate is performed. The values are set to “null” and all host certificates are accepted.

*Required

The Print Server comes with a default Private Key Information File. You can

 

either download that file from the print server and add it to the TLS

 

authentication server, or overwrite a new one on the print server.

*PAC

EAP-FAST does not use certificates to authenticate, but a PAC (Protected

 

Access Credential), which is managed dynamically by the server. The PAC is

 

distributed one at a time to the client manually or automatically.

 

EAP-FAST has an optional feature called "auto-provisioning", which allows a

 

client to receive the original PAC file wirelessly from the authentication server.

 

However, this method is less secure and is not supported by Monarchportable

 

printers.

4-16System Administrator’s Guide