Psion Teklogix 9160 G2 Wireless Gateway User Manual 91
Chapter 10: Configuring Security
Understanding Security Issues On Wireless Networks
The following sections describe how to configure Security settings on the 9160 G2
Wireless Gateway.
10.1 Understanding Security Issues On Wireless
Networks
Wireless mediums are inherently less secure than wired mediums. For example, an
Ethernet NIC transmits its packets over a physical medium such as coaxial cable or
twisted pair. A wireless NIC broadcasts radio signals over the air allowing a wireless
LAN to be easily tapped without physical access or sophisticated equipment. A
hacker equipped with a laptop, a wireless NIC, and a bit of knowledge can easily
attempt to compromise your wireless network. One does not even need to be within
normal range of the access point. By using a sophisticated antenna on the client, a
hacker may be able to connect to the network from many miles away.
The 9160 G2 Wireless Gateway provides a number of authentication and encryption
schemes to ensure that your wireless infrastructure is accessed only by the intended
users. The details of each security mode are described in the sections below.
See also the related topic, Appendix C: “Security Settings On Wireless Clients
And RADIUS Server Setup”.
10.1.1 How Do I Know Which Security Mode To Use?
In general, we recommend that on your Internal network you use the most robust
security mode that is feasible in your environment. When configuring security on
the access point, you first must choose the security mode, then in some modes an
authentication algorithm, and whether to allow clients not using the specified secu-
rity mode to associate.
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service
(RADIUS) using the CCMP (AES) encryption algorithm provides the best data pro-
tection available and is clearly the best choice if all client stations are equipped with
WPA supplicants. However, backward compatibility or interoperability issues with
clients or even with other access points may require that you configure WPA
with RADIUS with a different encryption algorithm or choose one of the other
security modes.