RF-Link Technology WRT55AG Appendix C Configuring Wireless Security, Background, WEP Encryption

Instant Wireless® Series

Appendix C: Configuring Wireless Security

Background

The Router offers two wireless security features. The basic feature is Wired Equivalent Privacy (WEP) encryption, an encryption method used to protect your wireless data communications. WEP uses 64-bit, 128-bit, or 152-bit keys to provide access control to your network and encryption security for every data transmission. To decode a data transmission, each point in a network must use an identical key. Higher encryption levels mean higher levels of security, but due to the complexity of the encryption, they may mean decreased network performance.

You may also have heard the term “40-bit” used in conjunction with WEP encryption. This is simply another term for 64-bit WEP encryption. This level of WEP encryption has been called 40-bit because it uses a 40-bit secret key along with a 24-bit Initialization Vector (40 + 24 = 64). Wireless vendors may use either name. Linksys uses the term “64-bit” when referring to this level of encryption.

Note: WEP encryption is an additional data security measure and not essential for router operation; however, Linksys recommends the use of WEP encryption.

The second wireless security feature is 802.1x. The IEEE 802.1x standard spec- ifies authentication methods for a wireless client, such as a PC, to access a net- work, so network security is enhanced. Based on the Extensible Authentication Protocol (EAP), 802.1x designates how a client accesses a network server, fre- quently a RADIUS server, with the Router acting as an authenticator. When a network uses 802.1x, the identity of the client is verified before the client is allowed network access.

For example, a wireless user may use one of the authentication methods to access a wireless network protected by an authentication server. The user’s PC sends a request to the Router (an access point can be used instead). The Router sends an identification request back to the PC. After the PC sends the Router the identification message, the Router forwards the identification message to the server. If the server accepts the identification message, then the PC is permitted access to the wireless network.

Dual-Band Wireless A+G Broadband Router

There are two types of WEP encryption for 802.1x, static and dynamic. Static WEP keys are more vulnerable and can only be changed manually on all devices, including the Router. If you are using MD5 authentication, then you can only use static WEP keys. Dynamic WEP keys are keys that are renewed automatically on a periodic basis. This makes the WEP key(s) more difficult to break, so network security is strengthened. To enable dynamic WEP keys, you must use 802.1x certificate-based authentication methods, such as TLS or TTLS.

WEP Encryption

Make sure your wireless network is functioning before attempting to configure WEP encryption.

On a wireless network, a 128-bit WEP encrypted device will NOT communi- cate with a 64-bit WEP encrypted device. Therefore, make sure that all of the wireless devices on each network are using the same encryption level.

In addition to enabling WEP, Linksys also recommends the following security implementations:

•Change the SSID from the default “linksys”

•Change the SSID on a regular basis

•Change the WEP key regularly

•Enable MAC address filtering (if your wireless products allow it)

For instructions on how to configure the Router’s WEP settings, go to the “Setup” section of “Chapter 7: The Router’s Web-Based Utility.” For instruc- tions on how to configure the WEP settings of your PC’s wireless adapter, refer to your wireless adapter’s documentation.