Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 344

Advertising
background image

344

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 11

Configuring Cipher Suites and WEP

Cipher suites are sets of encryption and integrity algorithms designed to protect
radio communication on your wireless LAN. You must use a cipher suite to
enable WPA or CCKM. Because cipher suites provide the protection of WEP
while also allowing use of authenticated key management, We recommend that
you enable WEP by using the

encryption mode cipher

command in CLI

or by using the cipher pull-down menu in the web browser interface. Cipher
suites that contain TKIP provide the best security for your wireless LAN, and
cipher suites that contain only WEP are the least secure.

WEP (Wired Equivalent Privacy)

WEP is an 802.11 standard encryption algorithm originally designed to
provide your wireless LAN with the same level of privacy available on a
wired LAN. However, the basic WEP construction is flawed, and an
attacker can compromise the privacy with reasonable effort.

TKIP (Temporal Key Integrity Protocol)

TKIP is a suite of algorithms surrounding WEP that is designed to achieve
the best possible security on legacy hardware built to run WEP. TKIP adds
four enhancements to WEP:
A per-packet key mixing function to defeat weak-key attacks
A new IV sequencing discipline to detect replay attacks
A cryptographic message integrity check (MIC), called Michael, to

detect forgeries such as bit flipping and altering packet source and
destination

An extension of IV space, to virtually eliminate the need for re-keying

CMIC (Cisco Message Integrity Check)

Like TKIP's

Michael, Cisco's message integrity check mechanism is

designed to detect forgery attacks.

Broadcast key rotation (also known as Group Key Update)

Broadcast key rotation allows the access point to generate the best possible
random group key and update all key-management capable clients
periodically. Wi-Fi Protected Access (WPA) also provides additional
options for group key updates.

See

Using WPA Key Management on page 357

for details on WPA.

TIP

Cisco 802.11n radios require that either no encryption or AES-CCMP be
configured for proper operation.

IMPORTANT

Client devices using static WEP cannot use the access point when you enable
broadcast key rotation. Broadcast key rotation is supported when using only
key management (such as dynamic WEP (802.1x), WPA with EAP, or preshared
key).

Advertising
Popular Brands
Popular manuals