7-6
Wireless Security Configuration
Wireless Security Overview
Wireless Security Overview
The access point is configured by default as an “open system,” with no security.
This means that the access point broadcasts a beacon frame advertising each
configured WLAN. If a wireless client has a configured WLAN of “any”, it can
read the SSID from the beacon and use it to allow immediate connection to
the access point. Client stations are permitted to connect with the access point
without first verifying that users are authorized to access the network. In
addition, user data is transmitted over the air without being encrypted, and is
subject to being intercepted by client stations anywhere within range that
want to eavesdrop on the wireless network.
Wireless network security requires attention to three main areas:
■ Authentication: Verifying that stations attempting to connect to the
network are authorized users before granting access to the network.
■ Encryption: Encrypting data that passes between the access point and
stations (to protect against interception and eavesdropping).
■ Key management: Assigning unique data encryption keys to each wire-
less station session, and periodically changing the encryption keys to
minimize the risk of their discovery.
User Authentication
The two ways of authenticating users on the Access Point 530 are:
■ MAC authentication: Based on the user’s wireless station MAC address.
■ 802.1X authentication: Based on the user’s credentials, such as user-
name/password or digital certificates.
MAC Authentication
MAC authentication of users is performed either by using a remote authenti-
cation server like a RADIUS server or by creating a local Access Control List
on the access point itself. MAC authentication is not as secure as 802.1X
authentication, because it is easy to decipher and spoof for unauthorized
network access.
NOTE If Access Point 530s are deployed along with Access Point 520s, there can be
a compatibility issue when MAC authentication is used. An Access Point 520
sends a shared-secret string (for the authentication server) as the MAC
authentication password. By default, the AP 530 sends the client station MAC
To Next Page
Loading...
Need help?
General
