Manualshelf

User Manual

ManualsBrandsXplore Technologies ManualsComputers & AccessoriesTablet PC with GSM and WLAN radios
919293949596979899100
5-25
Cisco Aironet Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-06
Chapter 5 Configuring the Client Adapter
Setting Network Security Parameters
Refer to the “Enabling LEAP” section on page 5-31 for instructions on enabling LEAP or to the
“Enabling Host-Based EAP” section on page 5-34 for instructions on enabling EAP-TLS, PEAP, or
EAP-SIM.
Note Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the following
URL for additional information on RADIUS servers:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt2/scrad.htm
Additional WEP Key Security Features
The three security features discussed in this section (MIC, TKIP, and broadcast key rotation) are
designed to prevent sophisticated attacks on your wireless network’s WEP keys. These features do not
need to be enabled on the client adapter; they are supported automatically in the firmware and driver
versions included in the Install Wizard file. However, they must be enabled on the access point.
Note Access point firmware version 11.10T or greater is required to enable these security features. Refer to
the documentation for your access point for instructions on enabling these security features.
Message Integrity Check (MIC)
MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an
encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.
The Status screen indicates if MIC is being used, and the Statistics screen provides MIC statistics.
Note If you enable MIC on the access point, your client adapter’s driver must support these features;
otherwise, the client cannot associate.
Temporal Key Integrity Protocol (TKIP)
This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.
Note If you enable TKIP on the access point, your client adapter’s firmware must support these features;
otherwise, the client cannot associate.
Broadcast Key Rotation
EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or
multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless
client devices using LEAP, EAP-TLS, PEAP, or EAP-SIM authentication can associate to the access
point. Client devices using static WEP (with open or shared key authentication) cannot associate.