3com WL-575 Manual De Usuario
5-50
C
HAPTER
5: S
YSTEM
C
ONFIGURATION
S
ECURITY
The access point is configured by default as an “open system,” which broadcasts
a beacon signal including the configured SSID. Wireless clients with an SSID
setting of “any” can read the SSID from the beacon and automatically set their
SSID to allow immediate connection to the nearest access point.
a beacon signal including the configured SSID. Wireless clients with an SSID
setting of “any” can read the SSID from the beacon and automatically set their
SSID to allow immediate connection to the nearest access point.
To improve wireless network security, you have to implement two main functions:
Authentication: It must be verified that clients attempting to connect to the
network are authorized users.
network are authorized users.
Traffic Encryption: Data passing between the access point and clients must be
protected from interception and eavesdropping.
protected from interception and eavesdropping.
For a more secure network, the access point can implement one or a combination
of the following security mechanisms:
of the following security mechanisms:
Wired Equivalent Privacy (WEP)
IEEE 802.1x
Wireless MAC address filtering
Wi-Fi Protected Access (WPA or WPA2)
Both WEP and WPA security settings are configurable separately for each virtual
access point (VAP) interface. MAC address filtering, and RADIUS server settings
are global and apply to all VAP interfaces.
access point (VAP) interface. MAC address filtering, and RADIUS server settings
are global and apply to all VAP interfaces.
The security mechanisms that may be employed depend on the level of security
required, the network and management resources available, and the software
support provided on wireless clients.
required, the network and management resources available, and the software
support provided on wireless clients.
A summary of wireless security considerations is listed in the following table.
Table 4 Wireless Security Considerations
Security
Mechanism
Mechanism
Client Support
Implementation Considerations
WEP
Built-in support on all 802.11a
and 802.11g devices
and 802.11g devices
• Provides only weak security
• Requires manual key management
• Requires manual key management
WEP over 802.1X
Requires 802.1X client support
in system or by add-in software
(support provided in Windows
2000 SP3 or later and Windows
XP)
in system or by add-in software
(support provided in Windows
2000 SP3 or later and Windows
XP)
• Provides dynamic key rotation for improved WEP
security
• Requires configured RADIUS server
• 802.1X EAP type may require management of
• 802.1X EAP type may require management of
digital certificates for clients and server
MAC Address
Filtering
Filtering
Uses the MAC address of client
network card
network card
• Provides only weak user authentication
• Management of authorized MAC addresses
• Can be combined with other methods for
• Management of authorized MAC addresses
• Can be combined with other methods for
improved security
• Optionally configured RADIUS server