Ieee 802.11 Authentication; Wep Encryption - Samsung Network Printer User Manual

IEEE 802.11 authentication

IEEE 802.11 authentication is a process of identifying an
individual who is attempting to access a wireless LAN or an
access point. The IEEE 802.11 standard defines two types of
authentication services:
• Open System: Authentication is not used, and encryption
may or may not be used, depending on the need for data
security.
• Shared Key: Authentication is used. A device that has a
proper WEP key can access the network.
The Samsung Network Printer Card supports both
authentication methods.

WEP encryption

WEP (Wired Equivalent Privacy) is a security protocol
preventing unauthorised access to your wireless network.
Wireless LANs, which communicate over radio waves, do not
have a physical structure that can be protected from
unauthorised access and therefore are vulnerable to tampering.
WEP is designed to provide a wireless LAN with a security level
equal to that found on a wired network. WEP encrypts the data
portion of each packet exchanged on a wireless network using
a 64-bit or 128-bit WEP encryption key. Sometimes, 64-bit WEP
is called 40-bit and 128-bit is called 104-bit. 40-bit and 64-bit
encryption are really the same thing, as are 104-bit and 128-
bit encryption, because an additional 24 initialisation vector
(IV) bits are automatically added to make a total of 64 bits and
128 bits. To encrypt data, the Samsung Wireless Network
Printer Card uses four encryption keys. You must select a key
and enter the key value. The key value must be the same as
the other wireless devices or that of the access point of your
wireless network. In 64-bit mode, each key value is 10
hexadecimal digits (0-9 and A-F) or 5 alphanumeric characters.
In 128-bit mode, each key value is 26 hexadecimal digits or 13
alphanumeric characters. Contact your network administrator
for this configuration.
IEEE 802.1x
IEEE 802.1x uses EAP (Extensible Authentication Protocol) and
an authentication server, such as RADIUS (Remote
Authentication Dial In User Server, RFC2138) for client and
network server authentication. In this authentication process,
the authentication server verifies the identity of the party
attempting to connect to the network. The Samsung Wireless
Network Printer Card supports popular authentication methods
based on EAP, including:
• EAP-MD5 (EAP using Message Digest Algorithm 5): EAP-
MD5 uses a password protected by the MD5 encryption
algorithm, which is the same challenge handshake protocol
as PPP-based CHAP. This authentication method provides
one-way authentication based on a user name and
password. This implementation is useful only in a small
private network because it does not support automatic key
distribution.
• EAP-MSCHAPv2: EAP-MSCHAPv2 uses the MS-CHAPv2
• EAP-TLS (EAP using Transport Layer Security): EAP-TLS
• EAP-TTLS: EAP-TTLS is known as a Tunneled TLS (Transport
• PEAP (Protected Extensible Authentication Protocol): PEAP
WPA (Wi-Fi Protected Access)
WPA, announced by Wi-Fi Alliance, authorises and identifies
users based on a secret key that changes automatically at
regular intervals. WPA uses 802.1x or WPA-PSK (WPA mode
Pre-Shared Key) for authentication. WPA-PSK verifies users via
a pre-shared key on both a client station and an access point.
In WPA-PSK authentication, a client may only gain access to the
network if the client's password matches the access point's
password. WPA also uses TKIP (Temporal Key Integrity
Protocol) and AES (Advanced Encryption Standard) for data
encryption.
Certificates
Certificates are used to validate the identity of clients and
network servers and allow encrypted data communications for
EAP/802.1x authentication. Certificates may be issued and
signed by a trusted third party, called Certificate Authority
(CA). In EAP/802.1x authentications, such as EAP-TLS, EAP-
TTLS, and PEAP, the Samsung network print server may require
one or both of the following certificates:
• Root Certificate: A certificate from a trusted Certificate
6.2
Wireless network environment
authentication protocol to create a strong encryption key
initially for MMPE (Microsoft Point-to-Point Encryption) and
to use a different encryption key during communication.
uses X.509-compliant digital certificates for both client and
server authentication.
Layer Security) protocol. It is designed to provide
authentication that is every bit as strong as EAP-TLS, but it
does not require that each user be issued a certificate.
Instead, only the RADIUS authentication servers are issued
certificates. User authentication is performed by a password.
The password credentials are transported in a securely
encrypted tunnel that is established using the server
certificate. As a result, the credentials are not vulnerable to
dictionary attacks. Using TTLS forwarding, any inner
authentication requests that are found inside the TTLS
tunnel, such as EAP, PAP, CHAP, or MS-CHAP-V2, can be
processed by downstream RADIUS servers. In this manner,
you can perform authentication against any RADIUS
infrastructure that is already deployed in your organisation.
uses digital certificates for network server authentication
and a password for client authentication.
Authority (CA) is used to validate the identity of a network
authentication server while EAP authentication methods,
such as EAP-TLS, EAP-TTLS, and PEAP, are performed. The
network authentication server's identity will be validated
when the root certificate information installed on the
Samsung network print server is identical to the information
on a certificate received from the network authentication
server, such as RADIUS. To be installed on the Samsung