ZyXEL M-102 User Guide - Page 29

EAP Authentication, 2.3.1, Encryption

Get ZyXEL M-102 PDF manuals and user guides View all ZyXEL M-102 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

ZyXEL M-102 User's Guide 2.2.2.1 EAP Authentication EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. The M-102 supports EAP-TLS, EAP-TTLS and EAP-PEAP. Refer to Appendix C on page 71 for descriptions. For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. 2.2.3 WPA Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences between WPA and WEP are improved data encryption and user authentication. If both an AP and the wireless clients support WPA and you have an external RADIUS server, use WPA for stronger data encryption. If you don't have an external RADIUS server, you should use WPA-PSK (WPA-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. Select WEP only when the AP and/or wireless clients do not support WPA. WEP is less secure than WPA. 2.2.3.1 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA uses Advanced Encryption Standard (AES) in the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer stronger encryption than TKIP. The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference between the two is that WPA-PSK uses a simple common password, instead of user-specific credentials. The common-password approach makes WPA-PSK susceptible to brute-force password-guessing attacks but it's still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP) Chapter 2 Wireless LAN Network 29

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
ZyXEL M-102 User’s Guide
Chapter 2 Wireless LAN Network
29
2.2.2.1
EAP Authentication
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, an access point helps a
wireless station and a RADIUS server perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s)
that supports IEEE 802.1x. The M-102 supports EAP-TLS, EAP-TTLS and EAP-PEAP. Refer
to
Appendix C on page 71
for descriptions.
For EAP-TLS authentication type, you must first have a wired connection to the network and
obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs)
can be used to authenticate users and a CA issues certificates and guarantees the identity of
each certificate owner.
2.2.3
WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard.
Key differences between WPA and WEP are improved data encryption and user
authentication.
If both an AP and the wireless clients support WPA and you have an external RADIUS server,
use WPA for stronger data encryption. If you don't have an external RADIUS server, you
should use WPA-PSK (WPA-Pre-Shared Key) that only requires a single (identical) password
entered into each access point, wireless gateway and wireless client. As long as the passwords
match, a wireless client will be granted access to a WLAN.
Select WEP only when the AP and/or wireless clients do not support WPA. WEP is less secure
than WPA.
2.2.3.1
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x. WPA uses Advanced Encryption Standard (AES) in
the Counter mode with Cipher block chaining Message authentication code Protocol (CCMP)
to offer stronger encryption than TKIP.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a
weakness of WEP)