Filter
Top Products
Professional Access Point
Administrator Guide
Security - 102
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS) using the
CCMP (AES) encryption algorithm provides the best data protection available and is clearly the best
choice if all client devices are equipped with WPA supplicants. However, backward compatibility or
interoperability issues with clients or even with other access points may require that you configure WPA
with RADIUS with a different encryption algorithm or choose one of the other security modes.
However, security may not be as much of a priority on some types of networks. If you are simply providing
internet and printer access, None may be the appropriate choice. To prevent clients from accidentally
discovering and connecting to your network, you can disable the broadcast SSID so that your network
name is not advertised. If the network is sufficiently isolated from access to sensitive information, this may
offer enough protection in some situations.
Following is a brief discussion of the factors that make one mode more secure than another, a description
of each mode offered, and when to use each mode.
Comparison of Security Modes for Key Management, Authentication and Encryption
Algorithms
The major factors that determine the effectiveness of a security protocol are:
• How the protocol manages keys
• Presence or absence of integrated user authentication in the protocol
• Encryption algorithm or formula the protocol uses to encode and decode the data
Following is a list of the security modes available on the Professional Access Point along with a description
of the key management, authentication, and encryption algorithms used in each mode. Each discussion
includes suggestions as to when one mode might be more appropriate than another.
• When to Use No Security
• When to Use Static WEP
• When to Use IEEE 802.1x
• When to Use WPA/WPA2 Personal (PSK)
• When to Use WPA/WPA2 Enterprise (RADIUS)
When to Use No Security
None is a security mode option. In this mode, the data is not encrypted. Instead, the data is sent as plain
text across the network. No key management, data encryption, or user authentication is used.
RECOMMENDATIONS
None is not recommended for regular use on the Internal network because the Internal network should
have some level of security. Use None on the Internal network for initial setup, testing, or problem solving
only.