ZyXEL NBG-460N User Guide - Page 351
Encryption
View all ZyXEL NBG-460N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 351 highlights
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled. Note: EAP-MD5 cannot be used with dynamic WEP key exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 131 Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS Mutual Authentication No Yes Yes Certificate - Client No Yes Optional Certificate - Server No Yes Yes Dynamic Key Exchange No Yes Yes Credential Integrity None Strong Strong Deployment Difficulty Easy Hard Moderate Client Identity Protection No No Yes PEAP Yes Optional Yes Yes Strong Moderate Yes LEAP Yes No No Yes Moderate Moderate No WPA(2) Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA(2) and WEP are improved data encryption and user authentication. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. In addition to TKIP, WPA2 also uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption. Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. NBG-460N User's Guide 351