ZyXEL Communications Corporation NBG2105 User Manual
Chapter 13 Wireless LAN
NBG2105 User’s Guide
85
WEP
Data Encryption
WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the
NBG2105 and the AP or other wireless stations to keep network communications private. Both the
wireless stations and the access points must use the same WEP key for data encryption and
decryption.
NBG2105 and the AP or other wireless stations to keep network communications private. Both the
wireless stations and the access points must use the same WEP key for data encryption and
decryption.
Authentication Type
The IEEE 802.11b/g/n standard describes a simple authentication method between the wireless
stations and AP. Three authentication types are defined: Both, Open and Shared.
stations and AP. Three authentication types are defined: Both, Open and Shared.
• Open mode is implemented for ease-of-use and when security is not an issue. The wireless
station and the AP or peer computer do not share a secret key. Thus the wireless stations can
associate with any AP or peer computer and listen to any transmitted data that is not encrypted.
associate with any AP or peer computer and listen to any transmitted data that is not encrypted.
• Shared mode involves a shared secret key to authenticate the wireless station to the AP or peer
computer. This requires you to enable the wireless LAN security and use same settings on both
the wireless station and the AP or peer computer.
the wireless station and the AP or peer computer.
• Both authentication mode allows the NBG2105 to switch between the open system and shared
key modes automatically. Use this mode if you do not know the authentication mode of the other
wireless stations.
wireless stations.
WPA-PSK and WPA2-PSK
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a
wireless security standard that defines stronger encryption, authentication and key management
than WPA.
wireless security standard that defines stronger encryption, authentication and key management
than WPA.
Key differences between WPA(2) and WEP are improved data encryption and user authentication.
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP),
Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption
Standard (AES) in the Counter mode with Cipher block chaining Message authentication code
Protocol (CCMP) to offer stronger encryption than TKIP.
Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption
Standard (AES) in the Counter mode with Cipher block chaining Message authentication code
Protocol (CCMP) to offer stronger encryption than TKIP.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of
WEP)
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force
password-guessing attacks but it’s still an improvement over WEP as it employs a consistent,
single, alphanumeric password to derive a PMK which is used to generate unique temporal
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of
WEP)
If both an AP and the wireless clients support WPA2-PSK, use WPA2-PSK for stronger data
encryption. If the AP or the wireless clients do not support WPA2-PSK, just use WPA-PSK. Select
WEP only when the AP and/or wireless clients do not support WPA-PSK or WPA2-PSK. WEP is less
secure than WPA-PSK or WPA2-PSK.
encryption. If the AP or the wireless clients do not support WPA2-PSK, just use WPA-PSK. Select
WEP only when the AP and/or wireless clients do not support WPA-PSK or WPA2-PSK. WEP is less
secure than WPA-PSK or WPA2-PSK.