Wlan data security – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 65

Figure 28 Shared key authentication process

WLAN data security

WLAN networks tend to be more susceptible to attacks than wired networks because WLAN devices

share the same transmission medium. As a result, the potential exists for one a device to intercept data

not intended for it. If no security is provided, plain-text data is at risk of being read by unintended
recipients.
To secure data transmission, 802.11 protocols provide some encryption methods to make sure devices

without the correct key cannot read encrypted data.

Plain-text data
All data packets are not encrypted. It is in fact a WLAN service without any security protection.

WEP encryption
Wired Equivalent Privacy (WEP) was developed to protect data exchanged among authorized
users in a wireless LAN from casual eavesdropping. WEP uses RC4 encryption for confidentiality.

WEP encryption falls into static and dynamic encryption according to how a WEP key is

generated.

•

Static WEP encryption
With Static WEP encryption, all clients using the same SSID must use the same encryption key. If
the encryption key is deciphered or lost, attackers will get all encrypted data. In addition,

periodical manual key update brings great management workload.

•

Dynamic WEP encryption
Dynamic WEP encryption is a great improvement over static WEP encryption. With dynamic WEP
encryption, WEP keys are negotiated between client and server through the 802.1X protocol so

that each client is assigned a different WEP key, which can be updated periodically to further

improve unicast frame transmission security.
Although WEP encryption increases the difficulty of network interception and session hijacking, it

still has weaknesses due to limitations of RC4 encryption algorithm and static key configuration.

TKIP encryption
Temporal key integrity Protocol (TKIP) and WEP both use the RC4 algorithm, but TKIP has many

advantages over WEP, and provides more secure protection for WLAN as follows:

{

First, TKIP provides longer IVs to enhance encryption security. Compared with WEP encryption,
TKIP encryption uses 128–bit RC4 encryption algorithm, and increases the length of IVs from 24

bits to 48 bits.

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points