Apple MC340LL User Guide - Page 14

WPA Enterprise, WPA Personal, For Small Office/Home Office SO/HO and private home networks

Get Apple MC340LL - AirPort Extreme Base Station PDF manuals and user guides
UPC - 885909350186
View all Apple MC340LL manuals
Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

WPA on the AirPort Extreme Base Station and AirPort Express has two modes: "WPA for enterprise," or WPA Enterprise, which uses a RADIUS server for user authentication, and "WPA for home/small office," or WPA Personal, which relies on the capabilities of TKIP without requiring a RADIUS server. WPA Personal uses a network password, sometime called a Pre-Shared Key (PSK). Note: WPA security features are available only to AirPort Extreme Base Stations; AirPort Express; AirPort and AirPort Extreme clients using Mac OS X 10.3 or later and AirPort 3.3 or later, and Windows XP and Windows 2000 clients using other 802.11 wireless adapters that support WPA. WPA Enterprise WPA is a subset of the draft IEEE 802.11i standard. It effectively addresses the Wireless Local Area Network (WLAN) security requirements for the enterprise and provides a strong encryption and authentication solution prior to the ratification of the 802.11i standard. In an enterprise with IT resources, WPA should be used in conjunction with an authentication server such as RADIUS to provide centralized access control and management. With this implementation in place, the need for add-on solutions such as Virtual Private Networks (VPN) may be eliminated, at least for the local wireless network. WPA Personal For Small Office/Home Office (SO/HO) and private home networks, WPA runs in WPA Personal mode, taking into account the typical household or small office does not have an authentication server. Instead of authenticating with a RADIUS server, users enter a password or PSK to log in to the wireless network. When the user enters the password correctly, the base station starts the encryption process using TKIP. TKIP takes the original password and derives its encryption keys mathematically from the network password. TKIP then regularly changes and rotates the encryption key so that the same encryption key is never used twice. This all happens behind the scenes. Other than entering the network password, the user isn't required to do anything to make WPA Personal work in the home. 14 Chapter 2 AirPort Security

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
14
Chapter 2
AirPort Security
WPA on the AirPort Extreme Base Station and AirPort Express has two modes:
“WPA for
enterprise,” or WPA Enterprise, which uses a RADIUS server for user authentication, and
“WPA for home/small office,” or WPA Personal, which relies on the capabilities of TKIP
without requiring a RADIUS server. WPA Personal uses a network password, sometime
called a Pre-Shared Key (PSK).
Note:
WPA security features are available only to AirPort Extreme Base Stations; AirPort
Express; AirPort and AirPort Extreme clients using Mac OS X 10.3 or later and AirPort 3.3
or later, and Windows XP and Windows 2000 clients using other 802.11 wireless
adapters that support WPA.
WPA Enterprise
WPA is a subset of the draft IEEE 802.11i standard. It effectively addresses the Wireless
Local Area Network (WLAN) security requirements for the enterprise and provides a
strong encryption and authentication solution prior to the ratification of the 802.11i
standard. In an enterprise with IT resources, WPA should be used in conjunction with an
authentication server such as RADIUS to provide centralized access control and
management. With this implementation in place, the need for add-on solutions such as
Virtual Private Networks (VPN) may be eliminated, at least for the local wireless
network.
WPA Personal
For Small Office/Home Office (SO/HO) and private home networks, WPA runs in WPA
Personal mode, taking into account the typical household or small office does not have
an authentication server. Instead of authenticating with a RADIUS server, users enter a
password or PSK to log in to the wireless network. When the user enters the password
correctly, the base station starts the encryption process using TKIP. TKIP takes the
original password and derives its encryption keys mathematically from the network
password. TKIP then regularly changes and rotates the encryption key so that the same
encryption key is never used twice. This all happens behind the scenes. Other than
entering the network password, the user isn’t required to do anything to make WPA
Personal work in the home.