Key Management

Encryption Algorithm

User Authentication

Static WEP uses a fixed key that is provided by the administrator. WEP keys are indexed in different slots (up to four on the Gateway 7001 Series self-managed AP).

The client stations must have the same key indexed in the same slot to access data on the access point.

An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.

If you set the Authentication Algorithm to Shared Key, this protocol provides a rudimentary form of user authentication.

However, if the Authentication Algorithm is set to “Open System”, no authentication is performed.

If the algorithm is set to “Both”, only WEP clients are authenticated.

Recommendations

Static WEP was designed to provide security equivalent of sending unencrypted data through an Ethernet connection, however it has major flaws and it does not provide even this intended level of security.

Therefore, Static WEP is not recommended as a secure mode. The only time to use Static WEP is when interoperability issues make it the only option available to you and you are not concerned with the potential of exposing the data on your network.

For information on how to configure Static WEP security mode, see “Static WEP” on page 89.

When to use IEEE 802.1x

IEEE 802.1x is the standard for passing the Extensible Authentication Protocol (EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.

While parts of 802.1x are indeed standard, it uses port control with dynamically varying encryption keys that can be automatically updated over the network with the Extensible Authentication Protocol (EAP) to enable user, not machine, authentication. To make all this happen, 802.1x uses RADIUS servers.

82

www.gateway.com