When to use wpa/wpa2 personal (psk) – USRobotics Instant802 APSDK User Manual

Professional Access Point

Administrator Guide

Security - 104

R

ECOMMENDATIONS

IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically generated and
changed periodically. However, the encryption algorithm used is the same as that of Static WEP and is
therefore not as reliable as the more advanced encryption methods such as

TKIP

and

CCMP

(

AES

) used

in Wi-Fi Protected Access (

WPA

) or

WPA2

.

Additionally, compatibility issues may be cumbersome because of the variety of authentication methods
supported and the lack of a standard implementation method.

Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (

WPA

) or

WPA2

.

S

EE

A

LSO

For information on how to configure IEEE 802.1x security mode, see “IEEE 802.1x” on page 114 under
“Configuring Security Settings”.

When to Use WPA/WPA2 Personal (PSK)

Wi-Fi Protected Access 2 (

WPA2

) Personal Pre-Shared Key (

PSK

) is an implementation of the Wi-Fi

Alliance IEEE

802.11i

standard, which includes Advanced Encryption Algorithm (

AES

), Counter mode/

CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (

TKIP

) mechanisms. This mode offers

the same encryption algorithms as WPA 2 with RADIUS but without the ability to integrate a RADIUS
server for user authentication.

This security mode is backward compatible for wireless clients that support only the original

WPA

.

Key Management

Encryption Algorithm

User Authentication

IEEE 802.1x provides dynamically-
generated keys that are periodically
refreshed.

There are different

Unicast

keys for

each station.

An

RC4

stream cipher is used to

encrypt the frame body and cyclic
redundancy checking (CRC) of each
802.11 frame.

IEEE 802.1x mode supports a vari-
ety of authentication methods, like
certificates, Kerberos, and public
key authentication with a RADIUS
server.

You have a choice of using the Pro-
fessional Access Point embedded
RADIUS server or an external
RADIUS server. The embedded
RADIUS server supports Protected

EAP

(PEAP) and MSCHAP V2.

Key Management

Encryption Algorithms

User Authentication

WPA/WPA2 Personal (PSK) pro-
vides dynamically-generated keys
that are periodically refreshed.

There are different

Unicast

keys for

each station.

• Temporal Key Integrity Protocol

(

TKIP

)

• Counter mode/CBC-MAC Proto-

col (

CCMP

) Advanced Encryption

Standard (

AES

)

The use of a Pre-Shared (

PSK

) key

provides user authentication similar
to that of shared keys in

WEP

.