Home » ZyXEL Manuals » Networking » ZyXEL G-220 » Manual Viewer

ZyXEL G-220 User Guide - Page 105

WPA and WPA2, Encryption

Get ZyXEL G-220 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 105 highlights

ZyXEL G-220 v2 User's Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 32 Comparison of EAP Authentication Types Mutual Authentication Certificate - Client Certificate - Server Dynamic Key Exchange Credential Integrity Deployment Difficulty Client Identity Protection EAP-MD5 No No No No None Easy No EAP-TLS Yes Yes Yes Yes Strong Hard No EAP-TTLS Yes Optional Yes Yes Strong Moderate Yes PEAP Yes Optional Yes Yes Strong Moderate Yes LEAP Yes No No Yes Moderate Moderate No WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA(2) and WEP are improved data encryption and user authentication. If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. Appendix D Wireless Security 105

Section	Page
User’s Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Copyright	7
Certifications	8
ZyXEL Limited Warranty	10
Table of Contents	11
List of Figures	15
List of Tables	19
Getting Started	21
1.1 About Your G-220 v2	21
1.2 Application Overview	21
1.2.1 Windows Vista Users	21
1.2.2 Station Mode	21
1.2.2.1 Infrastructure	21
1.2.2.2 Ad-Hoc	22
1.2.3 Access Point Mode	23
1.2.4 Changing G-220 v2 Mode	23
1.3 G-220 v2 Hardware and Utility Installation	24
1.3.1 ZyXEL Utility Icon	24
1.4 Configuration Methods	24
1.4.1 Enabling WZC	24
1.4.2 Accessing the ZyXEL Utility	25
Tutorial	27
2.1 Connecting to a Wireless LAN	27
2.2 Creating and Using a Profile	29
2.3 Configuring the G-220 v2 as an AP	32
Wireless LAN Network	35
3.1 Wireless LAN Overview	35
3.2 Wireless LAN Security	36
3.2.1 Hide SSID	36
3.2.2 MAC Address Filter	36
3.2.3 User Authentication and Encryption	37
3.2.3.1 WEP	37
3.2.3.2 IEEE 802.1x	38
3.2.3.3 WPA and WPA2	38
3.3 WiFi Protected Setup	39
3.3.1 Push Button Configuration	39
3.3.2 PIN Configuration	39
3.3.3 How WPS Works	41
3.3.3.1 Example WPS Network Setup	42
3.3.4 Limitations of WPS	44
3.4 Introduction to OTIST	45
3.4.1 Enabling OTIST	45
3.4.1.1 AP	45
3.4.1.2 Wireless Client	46
3.4.2 Starting OTIST	47
3.4.3 Notes on OTIST	47
Wireless Station Mode Configuration	49
4.1 Wireless Station Mode Overview	49
4.1.1 ZyXEL Utility Screen Summary	49
4.2 The Link Info Screen	50
4.2.1 Trend Chart	51
4.3 The Site Survey Screen	52
4.3.1 Security Settings	53
4.3.1.1 WEP Encryption	54
4.3.1.2 WPA-PSK/WPA2-PSK	55
4.3.1.3 WPA/WPA2	56
4.3.1.4 IEEE 802.1x	57
4.3.2 Confirm Save Screen	59
4.4 The Profile Screen	60
4.4.1 Adding a New Profile	62
4.5 The Adapter Screen	66
4.6 Security Settings in Windows Vista	69
4.6.1 Using PEAP in Vista	69
4.6.2 Using TLS in Vista	70
Access Point Mode Configuration	73
5.1 Access Point Mode Introduction	73
5.1.1 ZyXEL Utility Screen Summary	73
5.1.2 Additional Setup Requirements	74
5.2 The Link Info Screen	74
5.3 The Configuration Screen	75
5.4 The MAC Filter Screen	77
Maintenance	79
6.1 The About Screen	79
6.2 Uninstalling the ZyXEL Utility	79
6.3 Upgrading the ZyXEL Utility	80
Troubleshooting	83
7.1 Problems Starting the ZyXEL Utility	83
7.2 Problem Connecting to an Access Point	83
7.3 Problem with the Link Quality	84
7.4 Problems Communicating With Other Computers	84
Product Specifications	85
Access Point Mode Setup Example	87
Configuring the Computer on Which You Install the G-220 v2	87
Configuring the Wireless Station Computer	89
Management with Wireless Zero Configuration	91
Activating Wireless Zero Configuration	91
Connecting to a Wireless Network	92
Security Settings	95
Association	96
Authentication	97
Ordering the Preferred Networks	100
Wireless Security	103
Types of EAP Authentication	103
EAP-MD5 (Message-Digest Algorithm 5)	103
EAP-TLS (Transport Layer Security)	104
EAP-TTLS (Tunneled Transport Layer Service)	104
PEAP (Protected EAP)	104
LEAP	104
Dynamic WEP Key Exchange	104
WPA and WPA2	105
Encryption	105
User Authentication	106
WPA(2)-PSK Application Example	107
WPA(2) with RADIUS Application Example	107
Security Parameters Summary	108
Setting up Your Computer’s IP Address	109
Windows 95/98/Me	109
Installing Components	110
Configuring	111
Verifying Settings	112
Windows 2000/NT/XP	112
Verifying Settings	116
Macintosh OS 8/9	116
Verifying Settings	118
Macintosh OS X	118
Verifying Settings	119
Customer Support	121

Match case Limit results 1 per page

ZyXEL G-220 v2 User’s Guide

Appendix D Wireless Security

105

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use

dynamic keys for data encryption. They are often deployed in corporate environments, but for

public deployment, a simple user name and password pair is more practical. The following

table is a comparison of the features of authentication types.

Table 32

Comparison of EAP Authentication Types

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

Yes

Certificate – Client

Yes

Optional

Certificate – Server

Yes

Dynamic Key Exchange

Yes

Credential Integrity

None

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Client Identity Protection

Yes

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE

802.11i) is a wireless security standard that defines stronger encryption, authentication and

key management than WPA.

Key differences between WPA(2) and WEP are improved data encryption and user

authentication.

If both an AP and the wireless clients support WPA2 and you have an external RADIUS

server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,

you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical)

password entered into each access point, wireless gateway and wireless client. As long as the

passwords match, a wireless client will be granted access to a WLAN.

If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending

on whether you have an external RADIUS server or not.

Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is

less secure than WPA or WPA2.

Encryption

Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol

(TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced

Encryption Standard (AES) in the Counter mode with Cipher block chaining Message

authentication code Protocol (CCMP) to offer stronger encryption than TKIP.