Support User Manuals

3Com 3CRWEASYA73 Network Router User Manual

Open as PDF

of 293

5-50

CHAPTER 5: SYSTEM CONFIGURATION

SECURITY

The access point is configured by default as an “open system,” which broadcasts

a beacon signal including the configured SSID. Wireless clients with an SSID

setting of “any” can read the SSID from the beacon and automatically set their

SSID to allow immediate connection to the nearest access point.

To improve wireless network security, you have to implement two main functions:

 Authentication: It must be verified that clients attempting to connect to the

network are authorized users.

 Traffic Encryption: Data passing between the access point and clients must be

protected from interception and eavesdropping.

For a more secure network, the access point can implement one or a combination

of the following security mechanisms:

 Wired Equivalent Privacy (WEP) page 5-50

 IEEE 802.1x page 5-57

 Wireless MAC address filtering page 5-12

 Wi-Fi Protected Access (WPA or WPA2) page 5-57

Both WEP and WPA security settings are configurable separately for each virtual

access point (VAP) interface. MAC address filtering, and RADIUS server settings

are global and apply to all VAP interfaces.

The security mechanisms that may be employed depend on the level of security

required, the network and management resources available, and the software

support provided on wireless clients.

A summary of wireless security considerations is listed in the following table.

Table 4 Wireless Security Considerations

Security

Mechanism

Client Support Implementation Considerations

WEP Built-in support on all 802.11a

and 802.11g devices

• Provides only weak security

• Requires manual key management

WEP over 802.1X Requires 802.1X client support

in system or by add-in software

(support provided in Windows

2000 SP3 or later and Windows

XP)

• Provides dynamic key rotation for improved WEP

security

• Requires configured RADIUS server

• 802.1X EAP type may require management of

digital certificates for clients and server

MAC Address

Filtering

Uses the MAC address of client

network card

• Provides only weak user authentication

• Management of authorized MAC addresses

• Can be combined with other methods for

improved security

• Optionally configured RADIUS server

previous next