Configuring Wep Keys - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring WEP Keys
Copyright © 2010, Juniper Networks, Inc.
Server—The key is stored on a RADIUS authentication server. When enabled, you
must configure a RADIUS authentication server to handle WEP key requests (you
do not need to configure or use a WEP key on the security device).
Both—The key is stored on the security device and on the RADIUS authentication
server. When enabled, you must configure a RADIUS authentication server to
handle WEP key requests and configure a default WEP key on the security device.
Shared Key—When selected, both the device and the wireless clients use the same
key for authentication and encryption/decryption. You must configure a default WEP
key on the security device.
During a shared key exchange:
a. The wireless client contacts the device.
b. The device responds to the client with a clear-text challenge text string that the client
must then encrypt with the correct WEP key and return to the device.
c. The device receives the encrypted string from the client, decrypts it, and compares it
with the original. If the strings match, authentication is successful; if the strings do
not match or the client does not respond, authentication fails.
Although this method uses WEP keys for encryption, an attacker might be able to
intercept both the clear-text challenge and the same challenge encrypted with a WEP
key, and potentially decipher the WEP key.
You can define WEP keys on the security device for BSS use. The security device, acting
as a wireless access point (WAP), uses WEP keys for authenticating wireless clients in
that BSS, and for encrypting and decrypting traffic sent between itself and the clients.
You can define one to four WEP keys for each BSS on the security device. Using multiple
keys enables you to adjust the level of security for different wireless clients within the
same BSS; you can use longer keys to provide greater security for some traffic and smaller
keys to reduce processing overhead for other, less critical traffic.
When you define only one WEP key on the security device, that key is the default key and
handles all encryption, authentication, and decryption. When you define multiple keys
on the security device, you can designate non default keys to handle authentication and
decryption (the default key always handles encryption). If you do not specify a default
key, the first key you define automatically becomes the default key.
Wireless clients can use a static WEP key stored on the device, or a dynamic key on an
external RADIUS server.
When clients use a unique, dynamic WEP key from an external RADIUS server, the
security device also uses this unique key—which it also receives from the RADIUS
server—for bidirectional communication.
When clients use static WEP keys stored locally on the security device, the device uses
the default key to encrypt all transmitted wireless traffic. Clients must also have the
default key loaded to decrypt traffic from the device.
Chapter 14: WAN, ADSL, Dial, and Wireless
393
Advertisement
Table of Contents
