Access Control Concepts
Network Access Control Technologies
In terms of access control, dynamic WEP is quite secure. Dynamic WEP also provides better data protection: because each station has its own key, a hacker finds it much more difficult to collect enough keys to crack one.
WPA/WPA2 and 802.11i
802.11i was developed to amend the flaws of WEP; however, it was not fully adopted until 2004, several years after WEP was cracked. WPA, a
WPA meets the first part of the 802.11i standard, the specifications for the Temporal Key Identity Protocol (TKIP), which provides data privacy, and Michael, which provides data integrity. WPA2 meets the full standard, which calls for even more secure encryption via Counter Mode with
In addition to providing encryption, WPA/WPA2 requires users to authenticate before joining the wireless network. This function is, of course, the most crucial to your access control design.
Under normal (sometimes called Enterprise) operation, WPA/WPA2 uses 802.1X authentication to control which users can connect. In this mode, WPA/ WPA2 affords all of the benefits that are associated with 802.1X on Ethernet connections:
■Secure,
■Choice of EAP method that meets your network’s security policy
■
If, for whatever reason, you do not want to implement 802.1X, you can still take advantage of WPA/WPA2’s highly secure encryption. The WPA/WPA2 Preshared Key (PSK) option allows users to enter a shared key (password) to authenticate to a wireless network that implements TKIP or CCMP/AES encryption. You can then add another authentication method
