Wireless Security; Wireless Equivalent Privacy (Wep); Wi-Fi Protected Access (Wpa) - Fortinet FortiWiFi FortiWiFi-60 Installation And Configuration Manual

Wireless Security

Wireless Security

Wireless Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

34
Radio waves transmitted between a wireless device and access points provide the
weakest link between the wireless device and network servers. Wireless networking
can be risky because information travels on radio waves, which is a public medium.
The 802.11 standard includes security options to stop your information from being
intercepted by unwanted sources. These are Wireless Equivalent Privacy (WEP) and
WiFi Protected Access (WPA) encryption. Wireless encryption is only used between
the wireless device and the AP. The AP decrypts the data before sending it along the
wired network. The FortiWiFi-60 supports both encryption methods.
WEP security uses an encryption key between the wireless device and the AP. For
WEP security, the wireless device and AP must use the same encryption key, which is
manually typed by the wireless user and administrator. When activated, the wireless
device encrypts the data with the encryption key for each frame using RSA RC4
ciphers.
There has been criticism of WEP security. WEP keys are static. They must be
changed manually and frequently on both the wireless device and the APs. On a small
company or network with a few users and APs, this is not a big issue. However, the
more users and APs, changing WEP keys regularly can become an administrative
headache and potentially error prone. Consequently, keys are rarely changed over
months or years, leaving a hacker plenty of time to get the key and gain access to the
network.
In small wireless networking environments, activating WEP security will significantly
minimize outside infiltrators from getting in your network and is better than no security
at all. However, it is still very important that you regularly change the WEP key, at
least weekly; or monthly at most.
WPA was developed to replace the WEP standard and provide a higher level of data
protection for wireless networks. WPA provides two methods of authentication;
through 802.1X authentication or pre-shared keys.
802.1X authenticates users through an EAP authentication server such as a RADIUS
server, which generates unique encryption keys automatically with each session. The
RADIUS server authenticates each user before they can connect to the network. The
encryption keys can be changed at varying intervals to minimize the opportunity for
hackers to crack the key being used.
In a network setup where a RADIUS server is not a viable option, WPA also provides
authentication with preshared keys using Temporal Key Integrity Protocol (TKIP).
Using TKIP, the encryption key is continuously re-keyed while the user is connected
to the wireless network. This creates a unique key on every data packet. To further
ensure data integrity, a Message Integrity Code (MIC also known as Michael) is
incorporated into each packet. It uses an 8 byte message integrity code that is
encrypted using the MAC addresses and data from each frame to provide a more
secure packet transmission.
01-28008-0030-20050128
Using a wireless network
Fortinet Inc.