The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism (MIC), TKIP makes it much more difficult to decode data on a
The encryption mechanisms used for WPA and
WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients using an external RADIUS database.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2
If the AP or the wireless clients do not support WPA2, just use WPA or
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2.
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features.
Table 95 Wireless Security Relational Matrix
AUTHENTICATION | ENCRYPTION | ENTER | ENABLE IEEE 802.1X | |
METHOD/ KEY | ||||
METHOD | MANUAL KEY | |||
MANAGEMENT PROTOCOL |
| |||
|
|
|
| |
Open | None | No | No | |
|
|
|
| |
Open | WEP | No | Enable with Dynamic WEP Key | |
|
|
|
| |
|
| Yes | Enable without Dynamic WEP Key | |
|
|
|
| |
|
| Yes | Disable | |
|
|
|
|
264 | Appendix G Wireless LANs |