Wi-fi protected access (wpa) using tkip encryption, Wpa2-ccmp (802.11i) encryption, Firewall security – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual
Page 23: Vpn tunnels
Brocade Mobility 5181 Access Point Product Reference Guide
9
53-1002516-01
Feature overview
1
Wi-Fi protected access (WPA) using TKIP encryption
Wi-Fi Protected Access (WPA) is a security standard for systems operating with a Wi-Fi wireless
connection. WEP’s lack of user authentication mechanisms is addressed by WPA. Compared to
WEP, WPA provides superior data encryption and user authentication.
WPA addresses the weaknesses of WEP by including:
•
a per-packet key mixing function
•
a message integrity check
•
an extended initialization vector with sequencing rules
•
a re-keying mechanism
WPA uses an encryption method called Temporal Key Integrity Protocol (TKIP). WPA employs
802.1X and Extensible Authentication Protocol (EAP).
For detailed information on WPA using TKIP configurations, see
WPA2-CCMP (802.11i) encryption
WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi
Protected Access (WPA) and WEP. Counter-mode/CBC-MAC Protocol (CCMP) is the security
standard used by the Advanced Encryption Standard (AES). AES serves the same function TKIP
does for WPA-TKIP. CCMP computes a Message Integrity Check (MIC) using the proven Cipher Block
Message Authentication Code (CBC-MAC) technique. Changing just one bit in a message produces
a totally different result.
WPA2-CCMP is based on the concept of a Robust Security Network (RSN), which defines a
hierarchy of keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator
provides are used to derive other keys. Messages are encrypted using a 128-bit secret key and a
128-bit block of data. The end result is an encryption scheme as secure as any the Mobility 5181
Access Point provides.
For detailed information on WPA2-CCMP, see
“Configuring WPA2-CCMP (802.11i)”
Firewall security
A firewall keeps personal data in and hackers out. The Mobility 5181 Access Point firewall prevents
suspicious Internet traffic from proliferating the Mobility 5181 Access Point managed network. The
Mobility 5181 Access Point performs Network Address Translation (NAT) on packets passing to and
from the WAN port. This combination provides enhanced security by monitoring communication
with the wired network.
For detailed information on configuring the Mobility 5181 Access Point’s firewall, see
VPN tunnels
Virtual Private Networks (VPNs) are IP-based networks using encryption and tunneling providing
users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN
across the public network to another LAN, without sacrificing security. A VPN behaves like a private
network; however, because the data travels through the public network, it needs several layers of
security. The Mobility 5181 Access Point can function as a robust VPN gateway.