User guide
Overview
312 Check Point Safe@Office User Guide
Security
Protocol
Description
WEP encryption In the WEP (Wired Equivalent Privacy) encryption security method, wireless
stations must use a pre-shared key to connect to your network. This method
is not recommended, due to known security flaws in the WEP protocol. It is
provided for compatibility with existing wireless deployments.
Note: The appliance and the wireless stations must be configured with the
same WEP key.
802.1x: RADIUS
authentication, no
encryption
In the 802.1x security method, wireless stations (supplicants) attempting to
connect to the access point (authenticator) must first be authenticated, either
by a RADIUS server (authentication server) which supports 802.1x, or by the
Safe@Office appliance's built-in EAP authenticator. All messages are passed
in EAP (Extensible Authentication Protocol).
This method is recommended for situations in which you want to authenticate
wireless users, but do not need to encrypt the data.
This security method is not supported for WDS links.
Note: To use this security method, you must first configure either a RADIUS
server that supports 802.1x, or set up the network for use with the
Safe@Office EAP authenticator. For information on configuring a RADIUS
server, see Using RADIUS Authentication. on page 688 For information on
using the Safe@Office EAP authenticator, see Using the Safe@Office EAP
Authenticator on page 433.
WPA-Enterprise:
RADIUS
authentication,
encryption
The WPA-Enterprise (Wi-Fi Protected Access) security method uses MIC
(message integrity check) to ensure the integrity of messages, and TKIP
(Temporal Key Integrity Protocol) to enhance data encryption.
Furthermore, WPA-Enterprise includes 802.1x and EAP authentication,
based either on a central RADIUS authentication server, or on the
Safe@Office appliance's built-in EAP authenticator. This method is