Chapter 10 Wireless LAN

Unauthorized devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.

Local user databases also have an additional limitation that is explained in the next section.

10.6.4 Encryption

Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message.

The types of encryption you can choose depend on the type of user authentication. (See Section 10.6.3 on page 221 for information about this.)

Table 54 Types of Encryption for Each Type of Authentication

 

 

No Authentication

RADIUS Server

Weakest

No Security

 

 

 

 

 

 

 

Static WEP

 

 

 

 

 

 

 

 

802.1x +Static WEP

 

 

 

 

 

 

WPA-PSK

WPA

 

 

 

 

 

 

Strongest

WPA2-PSK or WPA2-PSK-Mix

WPA2 or WPA2-Mix

 

 

 

 

For example, if the wireless network has a RADIUS server, you can choose WPA or WPA2. If users do not log in to the wireless network, you can choose no encryption, Static WEP, WPA-PSK, or WPA2-PSK.

Usually, you should set up the strongest encryption that every wireless client in the wireless network supports. For example, suppose the AP does not have a local user database, and you do not have a RADIUS server. Therefore, there is no user authentication. Suppose the wireless network has two wireless clients. Device A only supports WEP, and device B supports WEP and WPA. Therefore, you should set up Static WEP in the wireless network.

"It is recommended that wireless clients use WPA-PSK, WPA, or stronger encryption. IEEE 802.1x and WEP encryption are better than none at all, but it is still possible for unauthorized devices to figure out the original information pretty quickly.

222

 

ZyWALL 2WG User’s Guide