User guide
7-20
BreezeNET DS.11b User’s Guide
Manual Version 1.0
Advanced Security
Maintenance
Maintaining Access Control Tables
It is best to create a single access control table and store it on the harddisk of
the LAN administrator station and/or share it with other LAN administrator
stations. You are advised to use only one table for all Base Stations.
For more information refer to Creating/Editing an Access Control Table.
Maintaining WEP Encryption Keys
The WEP Encryption functionality allows the wireless system to support up to
four different keys simultaneously. This is in accordance with the 802.11
standard, which defines four so-called “default keys”.
These keys can be used to smooth the transition from the usage of one key to
usage of a next key. The general requirement for two cards to transmit
encrypted between each other is that they share a common key value at the
same key-index number in the 4-key area at the moment of transmission. The
key-index of the key that was used for encryption is transmitted in clear-text in
the header of the message, and will be used at the receiving side to determine
which of the 4 keys to use for decryption.
It is not mandatory that both sides (typically Base Station and BreezeNET
station) have the same active set of 4 keys. As long as there is one key in
common, they can communicate, provided they both use that common key.
When planning the usage of different keys over time a number of aspects have
to be considered:
! the length of time one key stays in use;
this is a direct trade-off between security level (= the chance of someone
finding out what the key value is) and operational overhead (= the efforts
to reconfigure Base Station and stations)
! the requirements for smooth transition from one key to another
! the minimization of end user exposure to key values
NOTE:
The 802.11 standard also defines the possibility for having a unique key per Station, tied
to the station’s MAC Address. BreezeNET currently does not support that feature of the
standard WEP function.