H3c-technologies H3C WA2600 Series WLAN Access Points Manual do Utilizador Página 18
- Página / 84
- Índice
- RESOLUÇÃO DE PROBLEMAS
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
5-3
Wired Equivalent Privacy (WEP) was developed to protect data exchanged among authorized users in
a wireless LAN from casual eavesdropping. WEP uses RC4 encryption for confidentiality. WEP
encryption falls into static and dynamic encryption according to how a WEP key is generated.
z Static WEP encryption
With Static WEP encryption, all clients using the same SSID must use the same encryption key. If the
encryption key is deciphered or lost, attackers will get all encrypted data. In addition, periodical manual
key update brings great management workload.
z Dynamic WEP encryption
Dynamic WEP encryption is a great improvement over static WEP encryption. With dynamic WEP
encryption, WEP keys are negotiated between client and server through the 802.1X protocol so that
each client is assigned a different WEP key, which can be updated periodically to further improve
unicast frame transmission security.
Although WEP encryption increases the difficulty of network interception and session hijacking, it still
has weaknesses due to limitations of RC4 encryption algorithm and static key configuration.
3) TKIP encryption
Temporal key integrity Protocol (TKIP) and WEP both use the RC4 algorithm, but TKIP has many
advantages over WEP, and provides more secure protection for WLAN as follows:
z First, TKIP provides longer IVs to enhance encryption security. Compared with WEP encryption,
TKIP encryption uses 128–bit RC4 encryption algorithm, and increases the length of IVs from 24
bits to 48 bits.
z Second, TKIP allows for dynamic key negotiation to avoid static key configuration. TKIP replaces a
single static key with a base key generated by an authentication server. TKIP dynamic keys cannot
be easily deciphered.
z Third, TKIP offers Message Integrity Check (MIC) and countermeasures. If a packet fails the MIC,
the data may be tampered, and the system may be attacked. If two packets fail the MIC in a certain
period, the AP automatically takes countermeasures. It will not provide services in a certain period
to prevent attacks.
4) CCMP encryption
CTR with CBC-MAC protocol (CCMP) is based on the CCM of the AES encryption algorithm. CCM
combines CTR for confidentiality and CBC-MAC for authentication and integrity. CCM protects the
integrity of both the MPDU Data field and selected portions of the IEEE 802.11 MPDU header. The AES
block algorithm in CCMP uses a 128-bit key and a 128-bit block size. Similarly, CCMP contains a
dynamic key negotiation and management method, so that each wireless client can dynamically
negotiate a key suite, which can be updated periodically to further enhance the security of the CCMP
encryption mechanism. During the encryption process, CCMP uses a 48-bit packet number (PN) to
ensure that each encrypted packet uses a different PN, thus improving the security to a certain extent.
Client Access Authentication
After a wireless client sets up a wireless link with an AP, the wireless client is considered as having
accessed the wireless network. However, for the security and management of the wireless network, the
wireless client can access the network resources only after passing subsequent authentication. Among
the authentication mechanisms, preshared key (PSK) authentication and 802.1X authentication
accompany the dynamic key negotiation and management of the wireless link, and therefore, they are
closely related to wireless link negotiation. However, they are not directly related to the wireless link.
- WLAN Configuration Guide 1
- All Rights Reserved 2
- Trademarks 2
- Preface 3
- GUI conventions 4
- Symbols 4
- Obtaining Documentation 5
- Documentation Feedback 5
- Table of Contents 6
- 2 Feature Matrix 10
- 3 Command/Parameter Matrix 11
- WLAN Interface Configuration 13
- WLAN-BSS Interface 14
- WLAN Mesh Interface 15
- WLAN Mesh Link Interface 15
- WLAN Security Configuration 16
- WLAN Data Security 17
- Client Access Authentication 18
- Configuring WLAN Security 19
- Configuring the PTK Lifetime 20
- Configuring Security IE 21
- Configuring Cipher Suit 22
- Configuring Port Security 24
- Configure MAC authentication 25
- Network requirements 27
- Configuration procedure 27
- Network Requirements 28
- Configuration verification 40
- Pre-RSN 41
- 6 WLAN RRM Configuration 42
- Configuring 802.11n Rates 43
- Configuring Power Constraint 44
- Enabling 802.11g Protection 45
- 7 WLAN IDS Configuration 46
- WLAN IDS IPS 47
- Frame Filtering 48
- IP network 49
- 8 WLAN QoS Configuration 52
- WMM Protocol Overview 53
- CAC admission policies 54
- U-APSD power-save mechanism 54
- WMM Configuration 55
- WMM Configuration Examples 57
- Troubleshooting 59
- Solution 60
- 9 WDS Configuration 61
- Deployment Scenarios 62
- WDS Configuration Task List 63
- Configuring a Mesh Profile 64
- Configuring an MP Policy 64
- WDS Configuration Examples 66
- WLAN Service Configuration 69
- Wireless Client Access 70
- 802.11 Overview 72
- WLAN Topologies 73
- Internet 74
- Protocols and Standards 75
- Configuring WLAN Service 75
- Configuring 802.11n 78
- Configuring Uplink Detection 79
- Introduction 80
- 11 Index 84
Manuais e produtos relacionados com Routers H3c-technologies H3C WA2600 Series WLAN Access Points
(58 páginas)Baumatic BMC450SS manuali
Manuali dei proprietari e guide per l'utente per no Baumatic BMC450SS.
We fornisce 1 manuali pdf Baumatic BMC450SS per scaricare gratuitamente in base al tipo di documento: Disegni e schemi
Comentários a estes Manuais