beautypg.com

3 when to use ieee 802.1x, Recommendations, See also – Psion Teklogix 9160 G2 User Manual

Page 116

background image

Chapter 10: Configuring Security
Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms

94

Psion Teklogix 9160 G2 Wireless Gateway User Manual

Recommendations

Static WEP was designed to provide security equivalent of sending unencrypted
data through an Ethernet connection, however it has major flaws and it does not
provide even this intended level of security.

Therefore, Static WEP is not recommended as a secure mode. The only time to use
Static WEP is when interoperability issues make it the only option available to you
and you are not concerned with the potential of exposing the data on your network.

See Also

For information on how to configure Static WEP security mode, see “Static WEP”
on page 102.

10.1.2.3

When To Use IEEE 802.1x

IEEE 802.1x is the standard for passing the Extensible Authentication Protocol
(EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation
Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.

Recommendations

IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically
generated and changed periodically. However, the encryption algorithm used is the
same as that of Static WEP and is therefore not as reliable as the more advanced
encryption methods such as TKIP and CCMP (AES) used in Wi-Fi Protected
Access
(WPA) or WPA2.

Key Management

Encryption Algorithm

User Authentication

IEEE 802.1x provides
dynamically-generated
keys that are periodically
refreshed.

There are different Uni-
cast
keys for each station.

An RC4 stream cipher is used to
encrypt the frame body and cyclic
redundancy checking
(CRC) of each
802.11 frame.

IEEE 802.1x mode supports a variety of
authentication methods, like certificates,
Kerberos, and public key authentication with a
RADIUS server.

You have a choice of using the 9160 G2 Wire-
less Gateway embedded RADIUS server or an
external RADIUS server. The embedded
RADIUS server supports Protected EAP
(PEAP) and MSCHAP V2.

Table 10.2 IEEE 801.1x Security Mode