Table of Contents
Advertisement
Security (Access Point Mode)
A radio band set to access point mode is configured by default as an "open system,"
which broadcasts a beacon signal including the configured SSID. Wireless clients
can read the SSID from the beacon, and automatically reset their SSID to allow
immediate connection to the access point.
To improve wireless network security for access point operation, you have to
implement two main functions:
• Authentication: It must be verified that clients attempting to connect to the network
are authorized users.
• Traffic Encryption: Data passing between the access point and clients must be
protected from interception and evesdropping.
For a more secure network, the access point can implement one or a combination of
the following security mechanisms:
• Wired Equivalent Privacy (WEP) page 6-48
• IEEE 802.1X
• Wireless MAC address filtering
• Wi-Fi Protected Access (WPA)
The security mechanisms that may be employed depend on the level of security
required, the network and management resources available, and the software
support provided on wireless clients. A summary of wireless security considerations
is listed in the following table.
Security
Client Support
Mechanism
WEP
Built-in support on all
802.11a and 802.11g
devices
WEP over
Requires 802.1X client
802.1X
support in system or by
add-in software
(support provided in
Windows 2000 SP3 or
later and Windows XP)
MAC Address
Uses the MAC address of
Filtering
client network card
page 6-12
page 6-13
page 6-59
Implementation Considerations
• Provides only weak security
• Requires manual key management
• Provides dynamic key rotation for
improved WEP security
• Requires configured RADIUS server
• 802.1X EAP type may require
management of digital certificates for
clients and server
• Provides only weak user authentication
• Management of authorized MAC
addresses
• Can be combined with other methods for
improved security
• Optionally configured RADIUS server
6
Radio Interface
6-53
Advertisement
Table of Contents
