Wireless_DWIT_WEP_WPA_Encryption
Wired Equivalent Protocol (WEP) can be used to protect data as it is transmitted over the wireless network, but it provides no protection past the SonicWALL. It is designed to provide a minimal level of protection for transmitted data, and is not recommended for network deployments requiring a high degree of security.
Wi-Fi Protected Access (WPA and WPA2) provides much greater security than WEP, but requires a separate authentication protocol, such as RADIUS, be used to authenticate all users. WPA uses a dynamic key that constantly changes, as opposed to the static key that WEP uses.
The SonicWALL security appliance provides a number of permutations of WEP and WPA encryption.The following sections describe the available wireless security options:
Below is a list of available authentication types with descriptive features and uses for each:
WEP
Lower security
For use with older legacy devices, PDAs, wireless printers
WPA
Good security (uses TKIP)
For use with trusted corporate wireless clients
Transparent authentication with Windows log-in
No client software needed in most cases
WPA2
Best security (uses AES)
For use with trusted corporate wireless clients
Transparent authentication with Windows log-in
Client software install may be necessary in some cases
Supports 802.11i “Fast Roaming” feature
No backend authentication needed after first log-in (allows for faster roaming)
WPA2-AUTO
Tries to connect using WPA2 security.
If the client is not WPA2 capable, the connection will default to WPA.
Both WPA and WPA2 support two protocols for storing and generating keys:
Pre-Shared Key (PSK): PSK allows WPA to generate keys from a pre-shared passphrase that you configure. The keys are updated periodically based on time or number of packets. Use PSK in smaller deployments where you do not have a RADIUS server.
Extensible Authentication Protocol (EAP): EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.
WPA2 also supports EAP and PSK protocols, but adds an optional AUTO mode for each protocol. WPA2 EAP AUTO and WPA2 PSK AUTO try to connect using WPA2 security, but will default back to WPA if the client is not WPA2 capable.
Encryption Mode: In the Authentication Type field, select either WPA-PSK, WPA2-PSK, or WPA2-Auto-PSK.
WPA Settings
Cypher Type: select TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis.
Group Key Update: Specifies when the SonicWALL security appliance updates the key. Select By Timeout to generate a new group key after an interval specified in seconds. Select By Packet to generate a new group key after a specific number of packets. Select Disabled to use a static key.
Interval: If you selected By Timeout, enter the number of seconds before WPA automatically generates a new group key.
Preshared Key Settings (PSK)
Passphrase: Enter the passphrase from which the key is generated.
Click Apply in the top right corner to apply your WPA settings.
Encryption Mode: In the Authentication Type field, select either WPA-EAP, WPA2-EAP, or WPA2-AUTO-EAP.
WPA Settings
Cypher Type: Select TKIP. Temporal Key Integrity Protocol (TKIP) is a protocol for enforcing key integrity on a per-packet basis.
Group Key Interval: Eenter the number of seconds before WPA automatically generates a new group key.
Extensible Authentication Protocol Settings (EAP)
Radius Server 1 IP and Port: Enter the IP address and port number for your primary RADIUS server.
Radius Server 1 Secret: Enter the password for access to Radius Server
Radius Server 2 IP and Port: Enter the IP address and port number for your secondary RADIUS server, if you have one.
Radius Server 2 Secret: Enter the password for access to Radius Server
Click Apply in the top right corner to apply your WPA settings.
The SonicWALL security appliance offers the following WEP encryption options:
WEP - Open system: In open-system authentication, the SonicWALL allows the wireless client access without verifying its identity.
WEP -Shared key: Uses WEP and requires a shared key to be distributed to wireless clients before authentication is allowed.
Both (Open System & Shared Key): The Default Key assignments are not important as long as the identical keys are used in each field. If Shared Key is selected, then the key assignment is important.
To configure wireless security on the SonicWALL, navigate to the Wireless > Security page and perform the following tasks:
Select the appropriate authentication type from the Authentication Type list.
In the Default Key pulldown menu, select which key will be the default key.
In the Key Entry menu, select if your keys will be Alphanumeric or Hexadecimnal.
|
You can enter up to four keys. For each key, select whether it will be 64-bit, 128-bit, or 152-bit. The higher the bit number, the more secure the key is.
Enter the keys.
Click Apply.