Chapter 10: Configuring Security
Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms
96
Psion Teklogix 9160 G2 Wireless Gateway User Manual
We recommend that you use WPA Enterprise mode instead, unless you have
interoperability issues that prevent you from using this mode.
For example, some devices on your network may not support WPA or WPA2 with
EAP talking to a RADIUS server. Embedded printer servers or other small client
devices with very limited space for implementation may not support RADIUS. For
such cases, we recommend that you use WPA Personal.
See Also
For information on how to configure this security mode, see “WPA Personal” on
page 109.
10.1.2.5 When To Use WPA Enterprise
Wi-Fi Protected Access Enterprise with Remote Authentication Dial-In User
Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11h stan-
dard, which includes Advanced Encryption Standard (AES), Counter mode/CBC-
MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms.
This mode requires the use of a RADIUS server to authenticate users. WPA Enter-
prise provides the best security available for wireless networks.
This security mode also provides backwards-compatibility for wireless clients that
support only the original WPA.
Recommendations
WPA Enterprise mode is the recommended mode. The CCMP (AES) and TKIP
encryption algorithms used with WPA modes are far superior to the RC4 algorithm
used for Static WEP or IEEE 802.1x modes. Therefore, CCMP (AES) or TKIP
Key Management Encryption Algorithms User Authentication
WPA Enterprise mode pro-
vides dynamically-gener-
ated keys that are
periodically refreshed.
There are different
Uni-
cast
keys for each station.
• Temporal Key Integrity Protocol
(TKIP).
• Counter mode/CBC-MAC Proto-
col (CCMP) Advanced Encryp-
tion Standard (AES).
Remote Authentication Dial-In User Service
(
RADIUS
)
You have a choice of using the 9160 G2 Wire-
less Gateway embedded RADIUS server or
an external RADIUS server. The embedded
RADIUS server supports Protected
EAP
(PEAP) and MSCHAP V2.
Table 10.4 WPA Enterprise Security Mode