configured WLAN of “any,” it can read the SSID from the beacon and use it to
allow immediate connection to the access point. Wireless devices are
permitted to connect with the access point without first verifying that users
are authorized to access the network.
In addition, user data is transmitted over the air without being encrypted, and
is subject to being intercepted by wireless devices anywhere within range that
want to eavesdrop on the wireless network.
Configure your wireless network security to protect against eavesdroppers
and to prevent unauthorized access to the wireless network. Wireless network
security requires attention to three main areas:
■ Authentication: Verifying that devices attempting to connect to the
network are authorized users before granting them access.
■ Encryption: Encrypting data that passes between the access point and
devices (to protect against interception and eavesdropping).
■ Key Management: Assigning unique data encryption keys to each wire-
less device session, and periodically changing the encryption keys to
minimize risk of their potential discovery.
Authentication
The two ways of authenticating users on the Access Point 10ag are:
■ MAC Authentication: Based on the user's wireless device MAC address.
■ 802.1X Authentication: Based on the user credentials, such as; username/
password, digital certificates, etc.
MAC Authentication. MAC authentication of users can be done either
using a remote authentication server like a RADIUS server or by creating a
local database on the access point itself. MAC authentication is not as secure
as 802.1X authentication, as it is easy to decipher and spoof for unauthorized
network access.
802.1X Authentication. User 802.1X authentication can be implemented
using a remote authentication server, such as a RADIUS server. The user's
credentials are exchanged with the servers using a mechanism called “Exten-
sible Authentication Protocol (EAP)”. EAP is a public-key encryption system
to ensure that only authorized network users can access the network. In
wireless communications using EAP, a user requests connection to a WLAN
through an access point, which then requests the identity of the user and
transmits that identity to an authentication server such as RADIUS. The server
asks the access point for proof of identity, which the access point gets from
the user and sends back to the server to complete the authentication.
To Next Page
Loading...