Back to Contents Page

Security Overview

Wireless Security

Since wireless networking devices transmit information through radio waves, it is imperative that you protect your information by configuring your security settings. There are three main components that, when used together, can protect your wireless network:

  • Service Set Identifier (SSID) — The name of a device on a network, the SSID is the first level of security, but it is not fool-proof because the access points broadcast the SSIDs across a wireless network. This level of security is okay if you are on a peer-to-peer network without any access points, but for larger networks, more complex security measures should be put in place.
  • Wired Equivalent Privacy (WEP) — Supported by the IEEE 802.11 standard, WEP uses 64- or 128-bit encryption keys to encrypt data as it is sent or received by each client on a wireless network. The way these keys are authenticated determines the level of security on your wireless network. Using the default keys, however, makes your wireless network vulnerable and you should not use them.
  • Authentication Server — An authentication server works with each client to authenticate access with a session-specific WEP key. This type of server protects sensitive user and password information from intruders.

Security Guidelines

The following can help to achieve maximum security for your wireless network:

  1. Enable WEP on your wireless network and change the WEP key daily or weekly.
  2. Protect your drives and folders with passwords.
  3. Change the default SSID.
  4. Change the WEP key with each session, if possible.
  5. Enable MAC address filtering, if possible.
  6. Implement a Virtual Private Network (VPN) system to increase security. A VPN client is included in most operating systems.

Protecting Your Network

Authentication Types

The IEEE 802.1x standard provides a general authentication framework for 802 LANs and specifies an extensible authentication protocol (EAP) to enable LAN transport for many different types of authentication protocols. 

Encryption Keys

To protect client traffic, the 802.11 standard defines Wireless Encryption Privacy (WEP) with fixed encryption keys (and three optional key lengths). The use of fixed keys has made it easy to mount several types of attack against WEP. 

WEP Encryption

You can prevent unauthorized reception of your wireless data using the IEEE 802.11 Wired Equivalent Privacy (WEP). The standard includes two levels of security, using a 64-bit key (sometimes referred to as 40-bit) or a 128-bit key. For better security, use a 128-bit key. If you use encryption, all wireless devices on your WLAN must use the same encryption settings.

Refer to Setting up WEP Encryption for more information.

802.1x

A WAN client initiates an authorization request to the access point, which authenticates the client to an Extensible Authentication Protocol (EAP) compliant RADIUS server. This RADIUS server may authenticate either the user (via passwords) or the machine (by MAC address). 

IPSEC

Software based IPSEC transport security.

TKIP (Temporal key Integrity Protocol)

Uses an encryption method called fast-packet rekeying, that changes the encryption keys frequency.

Virtual Private Networks (VPN)

The following VPN client software is supported by PROSet. Refer to Virtual Private Network (VPN) for more information.

  • Netstructure VPN (SST)
  • Netstructure VPN (IPsec-IKE)
  • Cisco 3000 VPN
  • Checkpoint VPN (Non office transparent mode, connect office mode and connect non-office mode)
  • Microsoftt VPN (L2TP over IPsec transport, L2TP for configuration with ESP-in-UDP)

802.11a and 802.11b can be augmented with VPN security to protect TCP/IP based services. 

Back to Contents Page


Copyright (c) 2003 Intel Corporation.