Technical information

Network Security White Paper ver. G.1.2

Page 31 of 72

WPA employs four authentication modes: ‘WPA-PSK’, ‘WPA2-PSK’, ‘WPA (802.1X)’ and ‘WPA2

(802.1X)’. WPA-PSK and WPA2-PSK are similar to WEP in that a pre-shared key is used to join the

network. However, a new encryption key is generated in handshake process, making WPA-PSK and

WPA2-PSK more secure than WEP. WPA (802.1X) and WPA2 (802.1X) are more strict than the PSK

protocols. Only users that can be authenticated by a RADIUS server using EAP are allowed to join the

network.

Supported EAP authentication types are:

 EAP-TLS

 EAP-TTLS

 PEAP

 LEAP

2-1-5 Potential Threats

SSID Only (No Encryption)

All data (including the SSID) is transmitted in plain text. It is easily readable by anyone within range of

the wireless transmission.

2-1-6 WEP

WEP provides RC4 encryption of data and is therefore more secure than using only a SSID. However,

the weakness of RC4 encryption and WEP are well documented.

NOTE: WPA TKIP uses RC4. However, because the keys are being constantly refreshed, the key will

change before it can be cracked.

2-1-7 WPA

In WPA, the encryption key is generated at intervals by TKIP or CCMP. The key does not need to be

entered manually. Since the key is refreshed often, a brute force attack is almost impossible.

Furthermore, CCMP uses AES, which is a stronger encryption method than RC4. As an added

precaution, WPA (802.1X) /WPA2 (802.1X) provides user authentication.

2-1-8 Recommended Precautions

Please take the appropriate action for your security policy.

Scenario 1:

Basic security settings:

General Access Point settings

Prohibit broadcast of the SSID.

Prohibit connections that do not have the correct SSID.

Limit connections to only specific MAC addresses.

We recommend not using security Level 1.