ZyXEL Communications Corporation NBG419N 사용자 설명서
Appendix D Wireless LANs
NBG-419N Users Guide
278
TKIP regularly changes and rotates the encryption keys so that the same
encryption key is never used twice. The RADIUS server distributes a Pairwise
Master Key (PMK) key to the AP that then sets up a key hierarchy and
management system, using the pair-wise key to dynamically generate unique
data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients. This all happens in the
background automatically.
encryption key is never used twice. The RADIUS server distributes a Pairwise
Master Key (PMK) key to the AP that then sets up a key hierarchy and
management system, using the pair-wise key to dynamically generate unique
data encryption keys to encrypt every data packet that is wirelessly
communicated between the AP and the wireless clients. This all happens in the
background automatically.
WPA2 AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit
mathematical algorithm called Rijndael.
mathematical algorithm called Rijndael.
The Message Integrity Check (MIC) is designed to prevent an attacker from
capturing data packets, altering them and resending them. The MIC provides a
strong mathematical function in which the receiver and the transmitter each
compute and then compare the MIC. If they do not match, it is assumed that the
data has been tampered with and the packet is dropped.
capturing data packets, altering them and resending them. The MIC provides a
strong mathematical function in which the receiver and the transmitter each
compute and then compare the MIC. If they do not match, it is assumed that the
data has been tampered with and the packet is dropped.
By generating unique data encryption keys for every data packet and by creating
an integrity checking mechanism (MIC), TKIP makes it much more difficult to
decode data on a Wi-Fi network than WEP, making it difficult for an intruder to
break into the network.
an integrity checking mechanism (MIC), TKIP makes it much more difficult to
decode data on a Wi-Fi network than WEP, making it difficult for an intruder to
break into the network.
The encryption mechanisms used for WPA and WPA-PSK are the same. The only
difference between the two is that WPA-PSK uses a simple common password,
instead of user-specific credentials. The common-password approach makes WPA-
PSK susceptible to brute-force password-guessing attacks but it's still an
improvement over WEP as it employs an easier-to-use, consistent, single,
alphanumeric password.
difference between the two is that WPA-PSK uses a simple common password,
instead of user-specific credentials. The common-password approach makes WPA-
PSK susceptible to brute-force password-guessing attacks but it's still an
improvement over WEP as it employs an easier-to-use, consistent, single,
alphanumeric password.
User Authentication
WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database.
authenticate wireless clients using an external RADIUS database.
If both an AP and the wireless clients support WPA2 and you have an external
RADIUS server, use WPA2 for stronger data encryption. If you don't have an
external RADIUS server, you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that
only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a wireless client will
be granted access to a WLAN.
RADIUS server, use WPA2 for stronger data encryption. If you don't have an
external RADIUS server, you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that
only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a wireless client will
be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK
depending on whether you have an external RADIUS server or not.
depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
WEP is less secure than WPA or WPA2.
WEP is less secure than WPA or WPA2.
om
pan
y
on
fiden
tial