Counter Mode/CBC-MAC Protocol (CCMP)
CCMP is an encryption method for IEEE 802.11i that uses the Advanced
Encryption Standard (AES) combined with Cipher Block Chaining Counter
mode (CBC-CTR) and Cipher Block Chaining Message Authentication Code
(CBC-MAC) for encryption and message integrity.
AES is a symmetric 128-bit block data encryption technique that works on
multiple layers of the network. It is the most effective encryption system
currently available for wireless networks.
It is possible to use a mixed cipher mode of TKIP and CCMP on a WLAN in
the AP 530.
Key Management
Keys for encrypting the data can be managed either dynamically using 802.1X
authentication or statically using preshared keys between the access point
and station. Dynamic key management provides significantly better security
than static keys.
Security Profiles
Based on authentication, encryption and key management, the following is a
list of security profiles in order of increasing robustness:
■
No Security
Static WEP
■
■
Dynamic WEP
■
TKIP with PSK
AES with PSK
■
■
TKIP with 802.1X
■
AES with 802.1X
No Security
The No Security mode transmits data over the wireless connection without
any form of encryption for data privacy. This mode may be appropriate for
systems that provide simple internet and printer access, such as on a guest
network. It may also be appropriate where additional security is provided by
the use of encrypted VPN tunnels between the wireless client device and a
Wireless Security Configuration
Wireless Security Overview
7-9