Filter
Top Products
AT-TQ2403 Management Software User's Guide 57
Chapter 9: Configuring Security
The following sections describe how to configure Security settings on the AT-TQ2403 Management
Software:
Understanding Security Issues on Wireless Networks
How Do I Know Which Security Mode to Use?
Comparison of Security Modes for Key Management, Authentication and Encryption
Algorithms
Does Prohibiting the Broadcast SSID Enhance Security?
Navigating to Security Settings
Configuring Security Settings
Updating Settings
Understanding Security Issues on Wireless Networks
Wireless mediums are inherently less secure than wired mediums. For example, an Ethernet NIC
transmits its packets over a physical medium such as coaxial cable or twisted pair. A wireless NIC
broadcasts radio signals over the air allowing a wireless LAN to be easily tapped without physical access
or sophisticated equipment. A hacker equipped with a laptop, a wireless NIC, and a bit of knowledge can
easily attempt to compromise your wireless network. One does not even need to be within normal
range of the access point. By using a sophisticated antenna on the client, a hacker may be able to connect
to the network from many miles away.
The AT-TQ2403 Management Software provides a number of authentication and encryption schemes to
ensure that your wireless infrastructure is accessed only by the intended users. The details of each
security mode are described in the sections below.
See also the related topic, “Appendix A: Security Settings on Wireless Clients and RADIUS Server
Setup”.
How Do I Know Which Security Mode to Use?
In general, we recommend that on your Internal network you use the most robust security mode that is
feasible in your environment. When configuring security on the access point, you first must choose the
security mode, then in some modes an authentication algorithm, and whether to allow clients not using
the specified security mode to associate.
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS) using the
CCMP (AES) encryption algorithm provides the best data protection available and is clearly the best
choice if all client stations are equipped with WPA supplicants. However, backward compatibility or
interoperability issues with clients or even with other access points may require that you configure WPA
with RADIUS with a different encryption algorithm or choose one of the other security modes.
That said, however, security may not be as much of a priority on some types of networks. If you are
simply providing internet and printer access, as on a guest network, setting the security mode to None
(Plain-text) may be the appropriate choice. To prevent clients from accidentally discovering and
connecting to your network, you can disable the broadcast SSID so that your network name is not
advertised. If the network is sufficiently isolated from access to sensitive information, this may offer
enough protection in some situations. This level of protection is the only one offered for guest networks,