Table of Contents
Advertisement
4.1.4
Encrypted data transfer
Encryption takes on a special role in the transfer of data in wireless LANs.
Wireless communication with IEEE 802.11 is supplemented with the the
encryption standards 802.11i/WPA and WEP. The aim of the encryption
methods is to provide wireless LAN with levels of security equivalent to those
in cabled LANs.
Use encryption on the data transferred in the WLAN. Activate the stron-
gest possible encryption method available to you ((802.11i with AES, TKIP
or WEP) and enter the appropriate keys or passphrases into the access
point and the WLAN clients.
Regularly change the WEP key in your access point. The passphrases for
802.11i or WPA do not have to be changed quite so regularly as new keys
are generated for each connection anyway. This is not the only reason that
the encryption with 802.11i/AES or WPA/TKIP is so much more secure
than the now obsolete WEP method.
LANCOM Systems's recommendation for the most secure passphrase
variant is to employ 802.11i (WPA2) in combination with AES. The key
should be randomly selected from the largest possible range of num-
bers and should be as long as possible (32 to 63 characters). The pre-
vents dictionary attacks.
If the data is of a high security nature, further improvements include addi-
tionally authenticating the client with the 802.1x method ('802.1x / EAP'
→
Seite 47) or activate an additional encryption of the WLAN connection
as used for VPN tunnels ('IPSec over WLAN'
a combination of these two mechanisms is possible.
Detailed information about WLAN security and the various encryption
methods are to be found in the LCOS reference manual.
4.1.5
802.1x / EAP
The international industry standard IEEE 802.1x and the Extensible Authenti-
cation Protocol (EAP) enable access points to carry out reliable and secure
access checks. The access data can be managed centrally on a RADIUS server
(integrated RADIUS/EAP server in the L-300 Access Point or external RADIUS/
EAP server) and accessed by the access point when required. The dynamically
generated and cryptographically secure key material for 802.11i (WPA1/2)
replaces the manual key management.
LANCOM L-300 Access Point Serie
Chapter 4: Security settings
→
Seite 48). In special cases,
47
Advertisement
Table of Contents
Need help?
Do you have a question about the L-305agn Wireless and is the answer not in the manual?