Cisco 340 User Manual

5-30

Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows

OL-1394-08

Chapter 5 Configuring the Client Adapter

Setting Network Security Parameters

Message Integrity Check (MIC)

MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an
encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted
message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.

The Status screen indicates if MIC is being used, and the Statistics screen provides MIC statistics.

Note

If you enable MIC on the access point, your client adapter’s driver must support these features;
otherwise, the client cannot associate.

Temporal Key Integrity Protocol (TKIP)

This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the
intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes
the predictability that an intruder relies on to determine the WEP key by exploiting IVs. It protects both
unicast and broadcast WEP keys.

Note

If you enable TKIP on the access point, your client adapter’s firmware must support these features;
otherwise, the client cannot associate.

Note

TKIP is automatically enabled whenever WPA is enabled, and it is disabled whenever WPA is disabled.

Broadcast Key Rotation

EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or
multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic
broadcast WEP key and changes it at the interval you choose. When you enable this feature, only
wireless client devices using LEAP, EAP-FAST, EAP-TLS, PEAP, or EAP-SIM authentication can
associate to the access point. Client devices using static WEP (with open or shared key authentication)
cannot associate.