Wireless Security Configuration - Foundry Networks IronPoint 200 User Manual

The access point is configured by default as an "open system," which broadcasts a beacon signal
including the configured SSID. Wireless clients can read the SSID from the beacon, and
automatically reset their SSID to allow immediate connection to the nearest access point.
To improve wireless network security, you have to implement two main functions:
• Authentication: It must be verified that clients attempting to connect to the network are authorized
users.
• Traffic Encryption: Data passing between the access point and clients must be protected from
interception and eaves dropping.
For a more secure network, the access point can implement one or a combination of the following
security mechanisms:
• Wired Equivalent Privacy (WEP)
• IEEE 802.1x
• Wireless MAC address filtering
• Wi-Fi Protected Access (WPA) or WPA2
The security mechanisms that may be employed depend on the level of security required, the
network and management resources available, and the software support provided on wireless
clients. A summary of wireless security considerations is listed in the following table.
Security Mechanism
Static WEP shared
keys
802.1x with dynamic
WEP keys
December 2006

Wireless Security Configuration

Client Support
Built-in support on all 802.11a,
802.11b and 802.11g devices
Requires 802.1x client support in
system or by add-in software
(support provided in Windows
2000 SP3 or later and Windows
XP)
© 2006 Foundry Networks, Inc.
page 21-4
page 18-6
page 18-2
page 21-4
Implementation Considerations
• Provides only weak security
• Requires manual key management
• Provides dynamic key rotation for improved
WEP security
• Requires configured RADIUS server
• 802.1x EAP type may require management of
digital certificates for clients and server
Chapter 21
21-1