Wpa2 security, 4 wpa2 security – Quatech WLNG-ET-DP500 Series User Manual

Company Confidential

Quatech, Inc.

38

Airborne CLI Reference Manual

100-8081-100

Command

Description

pw-leap MyUserPassword

Defines the password for the user name
defined by user-leap. This must match the
password on the RADIUS authentication server.

10.4 WPA2 Security

WiFi Protected Access 2 (WPA2) is a compatibility certification program created
by the WiFi Alliance to indicate compliance to a minimum set of security and
functional capabilities for 802.11 devices. The WPA2 certification program was
created to enhance the security provided by WPA and utilize more fully the IEEE
802.11i standard and the available advanced hardware.

WPA2 implements the mandatory elements of the IEEE 802.11i standard and
replaces TKIP with AES-CCMP encryption and is considered fully secure at this
time. WPA2 has two configurations Personal and Enterprise, the Personal
version utilizes the PSK as supported by WPA, the Enterprise supports a set of
EAP (802.1x) protocols to provide the highest level of security available for
802.11 implementations.

WPA2-Enterprise, as defined by the WiFi Alliance, requires any product to
support the following EAP processes:

 EAP-TLS (Mandatory)

 PEAPv0/EAP-MSCHAPv2

 PEAPv1/EAP-GTC

 EAP-TTLS/MSCHAPv2

 EAP-SIM

Since all but the EAP-TLS are optional, many companies claim WPA2-Enterprise
compliance with minimal support (EAP-TLS only). Since there is no requirement
from the WiFi Alliance to make the implementation of the security standards
user-friendly, it is not always the case that configuring an embeddable WiFi
device for these advanced security methods is easy, let alone possible.

The implementation of WPA2-Personal follows very closely the WPA example, in
fact to the user the configuration is identical, and the underlying security
improvements are hidden by the device. The device supports both ASCII string
and precalculated hex keys as valid input, a description of the configuration
requirements can be seen in Table 6 and Table 7.

The implementation of WPA2-Enterprise is more complex and requires not only
configuration of the device but, in most cases, delivery of certificates and private
keys as well. These are small (2K-6K files) that the client uses to authenticate
with an infrastructures’ RADIUS server. For the different EAP processes to work
it is required to define which process and underlying encryption methods to use,
along with identification of the appropriate certificates and private keys. Each
EAP process has a different requirement. Although they utilize the same
common elements, each treats the authentication process differently and
accordingly requires the credentials to be presented in a particular way.