LANCOM Reference Manual LCOS 3.50 Chapter 11: Wireless LAN – WLAN
232
Wireless LAN – WLAN
steps like WPA, the IEEE committee has now presented the new WLAN security
standard 802.11i. The TKIP procedure used by WPA is based on the older RC4
algorithm, the foundation of WEP. AES is the first important and conclusive
step towards a truly secure encryption system. 802.11i/AES have confined the
practical and theoretical security loopholes in previous methods to history.
The AES procedure provides security on a level that satisfies the Federal
Information Standards (FIPS) 140-2 specifications that are required by many
public authorities.
LANCOM equips its 54Mbps products with the Atheros chip set featuring a
hardware AES accelerator. This guarantees the highest possible level of
encryption without performance loss.
The user-friendly pre-shared key procedure (entry of a passphrase of 8- 63
characters in length) makes 802.11i quick and easy for anybody to set up.
Professional infrastructures with a larger number of users can make use of
802.1x and RADIUS servers.
In combination with further options such as Multi-SSID and VLAN tagging, it
is possible to provide highly secure networks for multiple user groups and with
different levels of security.
LANCOM provides the PSK procedure with the LCOS version 3.50.
802.1x is foreseen for realisation in LCOS version 4.
Multi-SSID is available as of LCOS 3.42.
VLAN tagging is available as of LCOS version 3.32.
11.3 Protecting the wireless networkA wireless LAN does not, like conventional LAN, use cable as the transmitting
medium for data transfer, but the air instead. As this medium is openly
available to any eavesdropper, the screening of the data in a WLAN is an
important topic.
Depending on how critical WLAN security is for your data, you can take the
following steps to protect your wireless network:
햲Activate the "Closed network function". This excludes all WLAN clients
using "Any" as the SSID, and those that do not know your network SSID.
(’Network settings’ →page25 1)
햳Do not use your access point's default SSID. Only take a name for your
SSID that cannot be guessed easily. The name of your company, for