Chapter 3 Wireless LANs
NWD Series User’s Guide
21
3.3.1 WEP
3.3.1.1 Da ta Enc ryptio n
WEP (Wired Equivalent Privacy) encryption scrambles all data packets transmitted between the NWD
Series and the AP or other wireless stations to keep network communications private. Both the wireless
stations and the access points must use the same WEP key for data encryption and decryption.
There are two ways to create WEP keys in your NWD Series.
• Automatic WEP key generation based on a “password phrase” called a passphrase. The passphrase
is case sensitive. You must use the same passphrase for all WLAN adapters with this feature in the
same WLAN.
For WLAN adapters without the passphrase feature, you can still take advantage of this feature by
writing down the four automatically generated WEP keys from the
Se c urity Se tting s
screen of the
ZyXEL utility and entering them manually as the WEP keys in the other WLAN adapter(s).
• Enter the WEP keys manually.
Your NWD Series allows you to configure up to four 64-bit or 128-bit WEP keys. Only one key is used as
the default key at any one time.
3.3.1.2 Authe ntic a tio n Type
The IEEE 802.11b/g/n standard describes a simple authentication method between the wireless stations
and AP. Three authentication types are defined:
Auto
,
O pe n
and
Sha re d
.
•
O pe n
mode is implemented for ease-of-use and when security is not an issue. The wireless station and
the AP or peer computer do not share a secret key. Thus the wireless stations can associate with any
AP or peer computer and listen to any transmitted data that is not encrypted.
•
Sha re d
mode involves a shared secret key to authenticate the wireless station to the AP or peer
computer. This requires you to enable the wireless LAN security and use same settings on both the
wireless station and the AP or peer computer.
•
Auto
authentication mode allows the NWD Series to switch between the open system and shared
key modes automatically. Use the auto mode if you do not know the authentication mode of the
other wireless stations.
3.3.2 WPA- PSK a nd WPA2- PSK
Wi-Fi Protected Access (WPA)
is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless
security standard that defines stronger encryption, authentication and key management than WPA.
Key differences between WPA(2) and WEP are improved data encryption and user authentication.
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2 use Advanced Encryption Standard (AES) in the
Counter mode with Cipher block chaining Message authentication code Protocol (CCMP) to offer
stronger encryption than TKIP.
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference
between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force password-
guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric
password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all
wireless devices sharing the same encryption keys. (a weakness of WEP)