Filter
Top Products
Appendix E Wireless LANs
ZyWALL USG 300 User’s Guide
1028
Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and
PEAP) use dynamic keys for data encryption. They are often deployed in corporate
environments, but for public deployment, a simple user name and password pair
is more practical. The following table is a comparison of the features of
authentication types.
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2
(IEEE 802.11i) is a wireless security standard that defines stronger encryption,
authentication and key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption and
user authentication.
If both an AP and the wireless clients support WPA2 and you have an external
RADIUS server, use WPA2 for stronger data encryption. If you don't have an
external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that
only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a wireless client will
be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK
depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
WEP is less secure than WPA or WPA2.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity
Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2
Table 305 Comparison of EAP Authentication Types
EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP
Mutual Authentication No Yes Yes Yes Yes
Certificate – Client No Yes Optional Optional No
Certificate – Server No Yes Yes Yes No
Dynamic Key Exchange No Yes Yes Yes Yes
Credential Integrity None Strong Strong Strong Moderate
Deployment Difficulty Easy Hard Moderate Moderate Moderate
Client Identity
Protection
No No Yes Yes No