Radio Interface
The security mechanisms that may be employed depend on the level of security required, the network and management resources available, and the software support provided on wireless clients. A summary of wireless security considerations is listed in the following table.
Security | Client | Implementation Considerations | |
Mechanism | Support |
|
|
|
|
|
|
WEP | • | Provides only weak security | |
| 802.11a, 802.11b and | • Requires manual key management | |
| 802.11g devices |
|
|
WEP over | Requires 802.1x client | • | Provides dynamic key rotation for |
802.1x | support in system or by |
| improved WEP security |
| • | Requires configured RADIUS server | |
| (native support provided | • | 802.1x EAP type may require |
| in Windows XP) |
| management of digital certificates for |
|
|
| clients and server |
|
|
| |
MAC Address | Uses the MAC address | • Provides only weak user | |
Filtering | of client network card |
| authentication |
|
| • Management of authorized MAC | |
|
|
| addresses |
|
| • Can be combined with other methods | |
|
|
| for improved security |
|
| • | Optionally configured RADIUS server |
|
|
| |
WPA over | Requires | • Provides robust security in | |
802.1x mode | system and network |
| mode (i.e., WPA clients only) |
| card driver | • Offers support for legacy WEP clients, | |
| (native support provided |
| but with increased security risk (i.e., |
| in Windows XP) |
| WEP authentication keys disabled) |
|
| • Requires configured RADIUS server | |
|
| • 802.1x EAP type may require | |
|
|
| management of digital certificates for |
|
|
| clients and server |
|
|
| |
WPA PSK | Requires | • Provides good security in small | |
mode | system and network |
| networks |
| card driver | • Requires manual management of | |
| (native support provided |
| |
| in Windows XP) |
|
|
|
|
|
|
Note: Although a WEP static key is not needed for WEP over 802.1x, WPA over 802.1x, and WPA PSK modes, you must enable WEP encryption through the web or CLI in order to enable all types of encryption in the access point.