Step 6: Configure WLAN Security
Kerberos Authentication
secret-key cryptography. Using this protocol, a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server use Kerberos to prove their identity, they can encrypt all communications to assure privacy and data integrity.
1.Select the Kerberos radio button to enable Kerberos authentication.
2.Click the Kerberos Configuration button to display a sub-screen for authentication settings. To see the details on how to set up the Kerberos authentication, refer to How to Configure Kerberos Authentication.
3.Click the Apply button to save changes.
4.Make sure that NTP is enabled (go to System Configuration --> NTP Servers from the left menu). It is required for Kerberos Authentication. For more information, see How to Configure an NTP Server.
Setting the Encryption Method
Encryption applies a specific algorithm to data to alter its appearance and prevent unauthorized reading. Decryption applies the algorithm in reverse to restore the data to its original form. Sender and receiver employ the same encryption/decryption method.
The WS 2000 Wireless Switch provides three methods for data encryption: WEP, WPA- TKIP, and KeyGuard-MCM. The WPA-TKIP and KeyGuard-MCM methods use WEP 104-bit key encryption. WPA-TKIP offers the highest level of security among the encryption methods available with the switch.
Configuring WEP Encryption
Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b. WEP is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN. WEP might be all that a small- business user needs for the simple encryption of wireless data. However, networks that require more security are at risk from a WEP flaw. The existing 802.11 standard alone offers administrators no effective method to update keys. Key changes require the manual reconfiguration of each access port. An unauthorized person with a sniffing tool can monitor a network for less than a day and decode its encrypted messages.
WEP is available in two encryption modes: 40 bit (also called 64-bit) and 104 bit (also called 128 bit). The 104-bit encryption mode provides a longer algorithm that takes longer to decode than that of the 40-bit encryption mode.
Note: The 104-bit encryption mode allows devices using keys 104-bit and devices 40-bit keys to talk to each other using 40-bit keys if the 104-bit devices permit this option.
1.Select the WEP radio button to enable the Wired Equivalent Privacy (WEP) protocol.
2.Choose between the 40-bit key (WEP 64) and 104-bit key (WEP 128) option by selecting the appropriate radio button.
3.To use WEP encryption with the No Authentication selection, click the WEP Key Settings button to display a sub-screen for entering keys.
