Security Solutions
3-18
Designing Access Controls
Choose the Access Control Methods
Table 3-3. Wireless Security
Authentication
Method
Encryption Options Advantages Disadvantages
Shared key • Static WEP
• WPA/WPA2 with
preshared keys (PSK)
Static WEP
• Data encryption
• Control over which users can
send and receive data
WPA/WPA2
• No need for RADIUS server and
802.1X
• Per-frame keys
• Secure distribution and
rotation with TKIP or CCMP
• Optional AES, which is a very
secure encryption algorithm
Static WEP
• Manual maintenance of
keys, which are rarely
changed
• Ability to crack keys if
enough frames are collected
• No central management for
keys on multiple APs
WPA/WPA2
• Weaker authentication
• Either software upgrades or
special hardware and
software on APs and
stations
• Increased AP workload,
which could decrease
performance
802.1X • Dynamic WEP
• WPA/WPA2
–TKIP
– CCMP-AES
Dynamic WEP
• Generation and distribution of
per-session keys
• Secure, centralized
distribution of global keys
• Key rotation
• User-based authentication
• Widely supported
WPA/WPA2
• Strongest security available for
wireless networks when
combined with 802.1X
• Per-frame keys
• Secure key distribution and
rotation with TKIP or CCMP
• User-based authentication
• Optional AES
Dynamic WEP
• Per-session keys (the default
setting) that can be cracked
with high effort
• Additional overhead for per-
packet keys
• RADIUS required (although
some APs, such as the
ProCurve AP 530, have an
internal RADIUS server)
• 802.1X supplicant required
on endpoints
WPA/WPA2
• Either software upgrades or
special hardware and
software on APs and
stations
• Increased AP workload,
which could decrease
overall performance
• RADIUS server required
• 802.1X supplicant required
on endpoints