Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61

131

132

133

134

135

136

137

138

139

140

Security Options 115

Chapter 5

IPSec

IP was originally developed within a highly restricted, secure network.

Therefore, IP did not have security features built in. Once the Internet became

a public forum, security became a critical need. This need has been, and

continues to be addressed by the IETF which had developed a suite of security

protocols under the umbrella of IP Security, or IPSec. IPSec defines two

encryption modes: Transport mode (which only encrypts the data in a packet)

and Tunnel mode (which encrypts the entire packet).

All encrypted traffic must be decrypted upon receipt. Therefore, the receiving

node (which also must be IPSec compliant) uses a decryption device called a

key, which it shares with the encrypting node. The key, known as a public

key, is shared between the two communicating nodes by means of the

Internet Security Association and Key Management Protocol (ISAKMP).

WEP Encryption

WEP encryption comes in two basic flavors 64-bit and 128-bit encryption.

Obviously, the 128-bit version offers stronger encryption. When using WEP

both sender and receiver must be using the same key to decrypt the

transmitted data. WEP allows for rotation of keys and most equipment will

allow you to have as many as 4 keys.

Some equipment supports WEP Mapped Keys which are MAC keyed pairwise

keys. In this scheme each unique pair of MAC address share a unique WEP

key. The pairing is stored in a MIB table.

The Problem With WEP

The problem with WEP is that from a design standpoint, it’s basically broken.

There are actually many flaws in WEP that allow ingenious attackers to break

the codes and get to the data. The Internet Security, Applications,

Authentication and Cryptography (ISAAC) Group at the University of California

at Berkeley has published a report based on their analysis of the WEP

standard which can be found at

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.

TKIP (Temporal Key Integrity Protocol)

TKIP is a replacement for WEP, and along with 802.1x, forms the basis for

Wi-Fi Protected Access (WPA). TKIP generates per packet keys, greatly

decreasing the likelihood of unauthorized decryption.

TKIP is used in two modes, WPA and PSK (pre-shared key). The WPA mode

requires the use of an authentication server and is described below.