Additional Wep Key Security Features; Message Integrity Check (Mic) - Cisco Aironet 340 Series Installation And Configuration Manual

Overview of Security Features

Additional WEP Key Security Features

Client adapter firmware version 4.25.23 and greater and Windows CE driver version 2.2x and greater
support three new security features designed to prevent sophisticated attacks on your wireless network's
WEP keys. These features (MIC, TKIP, and broadcast key rotation) do not need to be enabled on the
client adapter; they are supported automatically in the driver and firmware versions listed above.
However, they must be enabled on the access point.
Access point firmware version 11.10T or greater is required to enable these security features. Refer
Note
to the Cisco Aironet Access Point Software Configuration Guide for instructions on enabling these
security features on the access point.

Message Integrity Check (MIC)

MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an
encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.
The ACU screen displays the word "(MIC)" next to the current status if MIC is supported by the client
adapter's driver and firmware and is enabled on the access point. See
Figure 4-1
Note
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows CE
4-4
ACU Screen
If you enable MIC on the access point, your client adapter's driver must support MIC;
otherwise, the client cannot associate.
Chapter 4 Enabling Security Features
Figure 4-1.
OL-1375-02