with minimal degradation in network performance. WPA offers standards-based, Wi-Fi CERTIFIED security. It assures users that the Wi-Fi CERTIFIED devices they buy will be cross-vendor compatible. When properly installed, WPA provides a high level of assurance to enterprises, small businesses and home users that data will remain protected and that only authorized users may access their networks. For enterprises that have already deployed IEEE 802.1X authentication, WPA offers the advantage of leveraging existing authentication databases and infrastructure.
•WPA2
oWPA2 is the second generation of WPA security; providing enterprise and consumer Wi-Fi® users with a high level of assurance that only authorized users can access their wireless networks. Launched in September 2004 by the Wi-Fi Alliance, WPA2 is the certified interoperable version of the full IEEE 802.11i specification which was ratified in June 2004. Like WPA, WPA2 supports IEEE 802.1X/EAP authentication or PSK technology. It also includes a new advanced encryption mechanism using the Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES). AES satisfies U.S. government security requirements. It has been adopted as an official government standard by the U.S. Department of Commerce and the National Institute of Standards and Technology (NIST). Organizations that require the AES encryption available in WPA2 should be aware that upgrading to it may require new hardware. Section II of this document offers a roadmap for organizations planning to upgrade to WPA2. Considerations for its deployment are outlined in Section III.
Cipher Type
•TKIP
oTemporal Key Integrity Protocol is an upgrade to the WEP known as WEP 1.1 that fixes known security problems in WEP’s implementation of the RC4 stream cipher. TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with.
•AES
oAdvanced Encryption Standard (Rijndael Cypher) is the U.S. government's next-generation cryptography algorithm, which will replace DES and 3DES. AES works at multiple network layers simultaneously. Supports 128, 192 and 256 bit keys. AES and 802.11i (WEP version 2) is based on 32bit processing unlink the older standard.
•TKIP and AES
oIf clients support both the TKIP and AES standards then this would be the strongest cipher type to use. That combines both the TKIP and AES security.
EAP (802.1x)
When WPA enterprise is enabled, the router uses EAP (802.1x) to authenticate clients via a remote RADIUS server.
PSK
PSK stands for Pre-Shared-Key and serves as a password. User may key in an 8 to 63 characters string to set the password or leave it blank, in which the 802.1x Authentication will be activated. Note that if user key in own password, make sure to use the same password on client's end.
ADVANCED
All Rights Reserved. Copyright 2006 Teletronics International, Inc.
2 Choke Cherry Road, Rockville, MD 20850 Tel: 301.309.8500 Fax: 301.309.8851