Encryption and authentication – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 32

Advertising
background image

18

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Software overview

1

Local RADIUS server

IPSec VPN

NAT

Certificate management

Encryption and authentication

The switch can implement the following encryption and authentication types:

WEP

WPA

WPA2

Keyguard-WEP

WEP

Wired Equivalent Privacy (WEP) is an encryption scheme used to secure wireless networks. WEP
was intended to provide comparable confidentiality to a traditional wired network, hence the name.
WEP had many serious weaknesses and hence was superseded by Wi-Fi Protected Access (WPA).
Regardless, WEP still provides a level of security that can deter casual snooping. For more
information on configuring WEP for a target WLAN, see

“Configuring WEP 64”

on page 125 or

“Configuring WEP 128 / KeyGuard”

on page 126.

WEP uses passwords entered manually at both ends (Pre Shared Keys). Using the RC4 encryption
algorithm, WEP originally specified a 40-bit key, but was later boosted to 104 bits. Combined with a
24-bit initialization vector, WEP is often touted as having a 128-bit key.

WPA
WPA is designed for use with an 802.1X authentication server, which distributes different keys to
each user. However, it can also be used in a less secure pre-shared key (PSK) mode, where every
user is given the same passphrase.

WPA uses Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is
used. When combined with the much larger Initialization Vector, it defeats well-known key recovery
attacks on WEP. For information on configuring WPA for a WLAN, see

“Configuring WPA/WPA2 using

TKIP and CCMP”

on page 128.

WPA2
WPA2 uses a sophisticated key hierarchy that generates new encryption keys each time a MU
associates with an Access Point. Protocols including 802.1X, EAP and RADIUS are used for strong
authentication. WPA2 also supports the TKIP and AES-CCMP encryption protocols. For information
on configuring WPA for a WLAN, see

“Configuring WPA/WPA2 using TKIP and CCMP”

on page 128.

Keyguard-WEP
KeyGuard is Brocade’s proprietary dynamic WEP solution. Brocade (upon hearing of the
vulnerabilities of WEP) developed a non standard method of rotating keys to prevent compromises.
Basically, KeyGuard is TKIP without the message integrity check. KeyGuard is proprietary to
Brocade MUs only. For information on configuring KeyGuard for a WLAN, see

“Configuring WEP 128

/ KeyGuard”

on page 126.

Advertising
Popular Brands
Popular manuals