Networking Fundamentals, 2nd Edition page 179

Chapter 4 Wireless Technology
179
Key Integrity Protocol (TKIP), which is part of the IEEE 802.11i standard. TKIP
improves wireless security by constantly changing the security key rather than
leaving it the same for all packets.
WPA was introduced in Windows XP Service Pack 1 and combined the
authentication method with encryption. Both features are incorporated into one
protocol. An additional improvement to encryption is that it is more diffi cult
to crack than WEP encryption. This is because WPA automatically changes the
encryption key with each packet exchanged on the network.
WPA-PSK
A variation of WPA is WPA-PSK. WPA-PSK represents Wi-Fi Protected Access-
Pre-Shared Key. WPA-PSK was designed for small-offi ce/home-offi ce (SOHO)
networks. It is designed to make it easy to confi gure encryption and authentication.
WPA-PSK was incorporated into the Wireless Network Setup Wizard that came
with Windows XP Service Pack 2. One of the improvements provided by WPA-PSK
is the ability to automatically generate a new key after a specifi ed length of time or
after a number of packets are exchanged. Changing keys often improves security
because the key can be guessed or cracked over time. The following is a sample of
what an encryption key might look like:
■ A1D4FFBB
■ Opensezzime
■ BigDogRunsHere
Keys are often referred to as a passphrase by some manufacturers. Also, some
keys require all characters to be constructed from HEX characters, as in the fi rst
example. A key constructed from HEX characters typically is diffi cult to guess.
WPA-2
WPA-2 is an improved version of WPA. Both use the Extensible
Authentication Protocol (EAP) for authentication and are based on the 802.11i
standard. The main difference between WPA and WPA-2 is the fact that WPA-2
has a stronger encryption mechanism using the Advanced Encryption Standard
(AES). WPA-2, is backward compatible with WPA devices. To learn more about
WPA and WPA-2 visit
www.wi-fi
.org/knowledge_center/wpa2.
Be aware that both WPA and WPA-2 have a personal and an enterprise mode
of operation. Check out the Microsoft article “4 steps to set up your home wireless
network” located at www.microsoft.com/athome/moredone/wirelesssetup.mspx.
The Windows Vista operating system made advances in wireless security
when compared with Windows XP. There are more options available to choose
from. The exact number and type of options depends on the physical network
adapter software drivers. Look at the screen capture showing the typical
Windows Vista wireless network security properties, Figure 4-29.
In Figure 4-29A, you can see a wide variety of security options to choose
from such as
No authentication
(Open), Shared, WPA2-Personal, WPA2-Enterprise,
802.1x, and Intel-CCKM-Enterprise. WPA-Enterprise and WPA2-Enterprise
mode are designed for high security and uses a centralized security server for
authentication. WPA-Personal and WPA2-Personal mode are designed for home-
and small-offi ce users that do not have an 802.1x server available.
The Cisco Centralized Key Management (CCKM) protocol was developed by
Cisco systems as the name implies. CCKM is designed to allow a mobile user to
move between access points without the need to reauthorize on a RADIUS server.
A copy of the security certifi cate is stored on the access points so that the user

Previous Page Next Page

Networking Fundamentals, 2nd Edition Page 179 (179 of 923)

Help