Wep encryption, Keyguard encryption, Wi-fi protected access (wpa) using tkip encryption – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

Brocade Mobility 7131 Access Point Product Reference Guide

13

53-1002517-01

1

EAP is only supported on mobile devices running Windows XP, Windows 2000 (using Service Pack
#4) and Windows Mobile 2003. Refer to the system administrator for information on configuring a
Radius Server for EAP (802.1x) support.

For detailed information on EAP configurations, see Configuring 802.1x EAP Authentication on
page 6-196.

WEP Encryption

All WLAN devices face possible information theft. Theft occurs when an unauthorized user
eavesdrops to obtain information illegally. The absence of a physical connection makes wireless
links particularly vulnerable to this form of theft. Most forms of WLAN security rely on encryption to
various extents. Encryption entails scrambling and coding information, typically with mathematical
formulas called algorithms, before the information is transmitted. An algorithm is a set of
instructions or formula for scrambling the data. A key is the specific code used by the algorithm to
encrypt or decrypt the data. Decryption is the decoding and unscrambling of received encrypted
data.

The same device, host computer or front-end processor, usually performs both encryption and
decryption. The transmit or receive direction determines whether the encryption or decryption
function is performed. The device takes plain text, encrypts or scrambles the text typically by
mathematically combining the key with the plain text as instructed by the algorithm, then transmits
the data over the network. At the receiving end, another device takes the encrypted text and
decrypts, or unscrambles, the text revealing the original message. An unauthorized user can know
the algorithm, but cannot interpret the encrypted data without the appropriate key. Only the sender
and receiver of the transmitted data know the key.

Wired Equivalent Privacy (WEP) is an encryption security protocol specified in the IEEE Wireless
Fidelity (Wi-Fi) standard, 802.11b and supported by the Mobility 7131 Access Point AP. WEP
encryption is designed to provide a WLAN with a level of security and privacy comparable to that of
a wired LAN. The level of protection provided by WEP encryption is determined by the encryption
key length and algorithm. An encryption key is a string of case sensitive characters used to encrypt
and decrypt data packets transmitted between a mobile unit (MU) and the access point Mobility
7131 Access Point. An access point Mobility 7131 Access Point and its associated wireless clients
must use the same encryption key (typically 1 through 4) to interoperate.

For detailed information on WEP, see Configuring WEP Encryption on page 6-199.

KeyGuard Encryption

Use KeyGuard to shield the master encryption keys from being discovered through hacking.
KeyGuard negotiation takes place between the access point and MU upon association. The access
point can use KeyGuard with Brocade MUs. KeyGuard is only supported on Brocade MUs making it
a Brocade proprietary security mechanism.

For detailed information on KeyGuard configurations, see Configuring KeyGuard Encryption on
page 6-201.

Wi-Fi Protected Access (WPA) Using TKIP Encryption

Wi-Fi Protected Access (WPA) is a security standard for systems operating with a Wi-Fi wireless
connection. WEP’s lack of user authentication mechanisms is addressed by WPA. Compared to
WEP, WPA provides superior data encryption and user authentication.

WPA addresses the weaknesses of WEP by including: