Appendix c: configuring wireless security – RF-Link WRT55AG User Manual

Dual-Band Wireless A+G Broadband Router

93

92

There are two types of WEP encryption for 802.1x, static and dynamic. Static
WEP keys are more vulnerable and can only be changed manually on all
devices, including the Router. If you are using MD5 authentication, then you
can only use static WEP keys. Dynamic WEP keys are keys that are renewed
automatically on a periodic basis. This makes the WEP key(s) more difficult to
break, so network security is strengthened. To enable dynamic WEP keys, you
must use 802.1x certificate-based authentication methods, such as TLS or
TTLS.

Make sure your wireless network is functioning before attempting to configure
WEP encryption.

On a wireless network, a 128-bit WEP encrypted device will NOT communi-
cate with a 64-bit WEP encrypted device. Therefore, make sure that all of the
wireless devices on each network are using the same encryption level.

In addition to enabling WEP, Linksys also recommends the following security
implementations:
• Change the SSID from the default “linksys”
• Change the SSID on a regular basis
• Change the WEP key regularly
• Enable MAC address filtering (if your wireless products allow it)

For instructions on how to configure the Router’s WEP settings, go to the
“Setup” section of “Chapter 7: The Router’s Web-Based Utility.” For instruc-
tions on how to configure the WEP settings of your PC’s wireless adapter, refer
to your wireless adapter’s documentation.

WEP Encryption

Instant Wireless

®

Series

Appendix C: Configuring Wireless

Security

The Router offers two wireless security features. The basic feature is Wired
Equivalent Privacy (WEP) encryption, an encryption method used to protect
your wireless data communications. WEP uses 64-bit, 128-bit, or 152-bit keys
to provide access control to your network and encryption security for every
data transmission. To decode a data transmission, each point in a network must
use an identical key. Higher encryption levels mean higher levels of security,
but due to the complexity of the encryption, they may mean decreased network
performance.

You may also have heard the term “40-bit” used in conjunction with WEP
encryption. This is simply another term for 64-bit WEP encryption. This level
of WEP encryption has been called 40-bit because it uses a 40-bit secret key
along with a 24-bit Initialization Vector (40 + 24 = 64). Wireless vendors may
use either name. Linksys uses the term “64-bit” when referring to this level of
encryption.

The second wireless security feature is 802.1x. The IEEE 802.1x standard spec-
ifies authentication methods for a wireless client, such as a PC, to access a net-
work, so network security is enhanced. Based on the Extensible Authentication
Protocol (EAP), 802.1x designates how a client accesses a network server, fre-
quently a RADIUS server, with the Router acting as an authenticator. When a
network uses 802.1x, the identity of the client is verified before the client is
allowed network access.

For example, a wireless user may use one of the authentication methods to
access a wireless network protected by an authentication server. The user’s PC
sends a request to the Router (an access point can be used instead). The Router
sends an identification request back to the PC. After the PC sends the Router the
identification message, the Router forwards the identification message to the
server. If the server accepts the identification message, then the PC is permitted
access to the wireless network.

Background

Note: WEP encryption is an additional data security measure and not
essential for router operation; however, Linksys recommends the use
of WEP encryption.