User Manual

ManualsBrandsMoxa Manualsnetwork antennasANT-WSB-ANM-05

www.moxa.com info@moxa.com 18

2009 Industrial Wireless Guidebook

Understanding Industrial WLAN – IEEE 802.11

2.2 Wireless Security

If you’re new to wireless, the ﬁrst thing you should realize is that the signals you send and receive from a nearby

access point are easily intercepted by anyone in the vicinity who has a wireless card and a computer. The purpose

of WLAN security techniques is to render the connection unusable and the data unreadable by anyone but you and

the person (or machine) you’re communicating with.

Although most people do not need in-depth knowledge of WLAN security, understanding the basics can make it

easier for you to ﬁnd the right product for your application. For example, one of the most basic questions you can

ask is whether or not a product supports WPA and/or WPA2. But why should you care? Most wireless products

available on the market today support WEP. Even though WEP may protect your data from the casual passerby,

it still leaves you vulnerable to attack from someone with some basic network knowledge and some time on their

hands, as we point out in the next section.

A Peek at the Technology

There are two basic aspects to wireless security: authentication and encryption. Simply put, a system uses

authentication to check a user’s credentials and determine if the user should be given access to the data and

resources provided by the protected network. Encryption, on the other hand, encodes the data so that anyone

who does not have the secret “key” will not be able to read the data.

Authentication

The 802.1X standard dictates how authentication on wired and wireless LANs is carried out. 802.1X

authentication uses port-based access control, which means that the various entities involved in the

authentication process gain access to each other’s resources by connecting through “ports.” In effect, the

authentication procedure involves placing a “guard” at each port to prevent unauthorized users from gaining

access to protected data.

The 802.1X authentication procedure involves three basic players:

• The supplicant is the client (PC

or laptop computer, for example)

who would like to gain access to

network resources through the

wireless network.

• The authenticator, which is

usually an access point (AP) for a

wireless network, plays the role of

gatekeeper.

• The authentication server,

which connects to the AP over

a wired network, handles the

authentication procedure. More

often than not, a RADIUS server is used.

In effect, the authenticator and authentication server work as a team to verify the identity of the supplicant.

The authentication server also takes responsibility for computing the “keys” that the encryption algorithm

will use. Although the details of authentication may be complex, the overall procedure is easy to describe:

STEP 1: The Authenticator relays authentication messages between the WLAN and the Ethernet.

STEP 2: The Authentication Server and Supplicant establish a secure tunnel that is used to pass encrypted

messages.

STEP 3: The Authenticator performs the authentication check based on the agreed upon method (TLS,

PEAP-MSCHAP-V2, TTL, etc.).