Specifications
Altitude 35x0 Access Point Product Reference Guide 13
is performed. The device takes plain text, encrypts or scrambles the text typically by mathematically
combining the key with the plain text as instructed by the algorithm, then transmits the data over the
network. At the receiving end, another device takes the encrypted text and decrypts, or unscrambles,
the text revealing the original message. An unauthorized user can know the algorithm, but cannot
interpret the encrypted data without the appropriate key. Only the sender and receiver of the
transmitted data know the key.
Wired Equivalent Privacy (WEP) is an encryption security protocol specified in the IEEE Wireless Fidelity
(Wi-Fi) standard, 802.11b and supported by the AP. WEP encryption is designed to provide a WLAN
with a level of security and privacy comparable to that of a wired LAN. The level of protection
provided by WEP encryption is determined by the encryption key length and algorithm. An encryption
key is a string of case sensitive characters used to encrypt and decrypt data packets transmitted
between a mobile unit (MU) and the access point. An access point and its associated wireless clients
must use the same encryption key (typically 1 through 4) to interoperate.
Wi-Fi Protected Access (WPA) Using TKIP Encryption
Wi-Fi Protected Access (WPA) is a security standard for systems operating with a Wi-Fi wireless
connection. WEP’s lack of user authentication mechanisms is addressed by WPA. Compared to WEP,
WPA provides superior data encryption and user authentication.
WPA addresses the weaknesses of WEP by including:
● a per-packet key mixing function
● a message integrity check
● an extended initialization vector with sequencing rules
● a re-keying mechanism
WPA uses an encryption method called Temporal Key Integrity Protocol (TKIP). WPA employs 802.1X and
Extensible Authentication Protocol (EAP).
WPA2-CCMP (802.11i) Encryption
WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi Protected
Access (WPA) and WEP. Counter-mode/CBC-MAC Protocol (CCMP) is the security standard used by the
Advanced Encryption Standard (AES). AES serves the same function TKIP does for WPA-TKIP. CCMP
computes a Message Integrity Check (MIC) using the proven Cipher Block Message Authentication Code
(CBC-MAC) technique. Changing just one bit in a message produces a totally different result.
WPA2-CCMP is based on the concept of a Robust Security Network (RSN), which defines a hierarchy of
keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator provides are used to
derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The
end result is an encryption scheme as secure as any the provides.
Firewall Security
A firewall keeps personal data in and hackers out. The access point’s firewall prevents suspicious
Internet traffic from proliferating the access point managed network. The access point performs
Network Address Translation (NAT) on packets passing to and from the WAN port. This combination
provides enhanced security by monitoring communication with the wired network.