1 understanding static wep data encryption, 2 understanding wpa (psk) data encryption – Psion Teklogix 9160 G2 User Manual

Chapter 20: Wireless Distribution System
Understanding Static WEP Data Encryption

202

Psion Teklogix 9160 G2 Wireless Gateway User Manual

20.2.1 Understanding Static WEP Data Encryption

Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11
wireless networks. Both access points in a given WDS link must be configured with
the same security settings. For static WEP, either a static 64-bit (40-bit secret key +
24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared
Key is specified for data encryption.

You can enable Static WEP on the WDS link (bridge). When WEP is enabled, all
data exchanged between the two access points in a WDS link is encrypted using a
fixed WEP key that you provide.

Static WEP does not provide effective data protection to the level of other security
modes available for service to client stations. If you use Static WEP on a LAN
intended for secure wireless traffic you are putting your network at risk. Therefore,
we recommend using WPA (PSK) encryption on any WDS links on an internal net-
work. Do not use Static WEP-based WDS to bridge access points on the Internal
network unless you have no concerns about the security risk for data traffic on that
network. For more information on WPA (PSK), see “Understanding WPA (PSK)
Data Encryption”, below.

For more information about the effectiveness of the different security modes, see
Chapter 10: “Configuring Security”. This topic also covers use of the unencrypted
security mode for AP-to-station traffic on the Guest network, which is intended for
less sensitive data traffic.

20.2.2 Understanding WPA (PSK) Data Encryption

Wi-Fi Protected Access (Pre-Shared Key) or WPA (PSK) is a more robust form of
security than Static WEP. Formerly known as ‘WPA-Home’, WPA (PSK) works
using a pre-shared key which is basically a shared password between the APs on a
bridged link. WPA (PSK) provides enhanced 802.11 wireless security without the
need for a RADIUS authentication infrastructure, which is both complicated and
expensive to implement.

Since WPA (PSK) encryption relies upon a shared key, both APs on the WDS link
must be set with the same key, otherwise they will not be able to communicate and
share information.

Note:

For security reasons it is recommended you change the shared keys on your
WDS bridge on a regular basis.