Table of Contents
Advertisement
Overview of Security Features
Overview of Security Features
When you use your client adapter with the Mac OS operating system, you can protect your data as it is
transmitted through your wireless network by encrypting it through the use of Wired Equivalent Privacy
(WEP) encryption keys. With WEP encryption, the transmitting device encrypts each packet with a WEP
key, and the receiving device uses that same key to decrypt each packet.
The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your
adapter or dynamically created as part of the LEAP authentication process. The information in the
sections below can help you to decide which type of WEP keys you want to use. Dynamic WEP keys
with LEAP offer a higher degree of security than static WEP keys.
WEP keys, whether static or dynamic, are either 40 or 128 bits in length. The 128-bit WEP keys contain
more characters than the 40-bit keys and, therefore, offer a greater level of security.
Static WEP Keys
Each device (or profile) within your wireless network can be assigned up to four static WEP keys. If a
device receives a packet that is not encrypted with the appropriate key (as the WEP keys must match in
all devices that are to communicate with each other), the device discards the packet.
For the Mac OS X, the Static WEP keys are write-only and stored in an encrypted format (for security
reasons) in your Macintosh; therefore, you cannot read them back. When the driver loads and reads the
client adapter's parameters, it also finds the static WEP keys, decrypts them, and stores them in volatile
memory on the client adapter. The WEP keys in the client adapter are temporary and they are lost when
power to the adapter is removed or the Macintosh is rebooted. Although the keys in the client adapter
are temporary, you do not need to re-enter them when you restore power or reboot because the keys are
stored in your Macintosh.
For the Mac OS 9.x, the Static WEP keys can be permanently or temporarily stored in your client adapter.
If the keys are temporarily stored in volatile memory, the keys will be lost when power is removed from
your client adapter.
The client utility allows you to enable or disable static WEP and to add or change keys.
Dynamic WEP Keys with EAP
The new standard for wireless LAN security, as defined by the Institute of Electrical and Electronics
Engineers (IEEE), is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X
and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless
client and an authentication server, such as a Remote Authentication Dial-In User Service (RADIUS)
server, to which the access point communicates over the wired network.
The use of an 802.1X authentication type, which is supported by the client and the authentication server,
causes the following to occur:
•
•
•
•
Cisco Aironet Wireless LAN Adapters Installation and Configuration Guide for Mac OS
4-2
After associating to the access point, the client does not gain access to the network until mutual
authentication between the client and the authentication server is successful.
The client and authentication server derive the same dynamic WEP key.
The authentication server sends the dynamic WEP key to the access point.
For the length of a session, or time period, the access point and the client use the dynamic WEP key
to encrypt and decrypt all unicast packets that travel between the access point and the client.
Chapter 4
Security Features
OL-1377-01
Advertisement
Table of Contents
Troubleshooting
