Manual ZyXEL NBG6503 (page 219 of 244) (English)

544172

219

Zoom out

Zoom in

1/244

Appendix D Wireless LANs

NBG6503 User’s Guide

219

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a

wireless security standard that defines stronger encryption, authentication and key management

than WPA.

Key differences between WPA or WPA2 and WEP are improved data encryption and user

authentication.

If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use

WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use

WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into

each access point, wireless gateway and wireless client. As long as the passwords match, a wireless

client will be granted access to a WLAN.

If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on

whether you have an external RADIUS server or not.

Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less

secure than WPA or WPA2.

Encryption

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity

Check (MIC) and IEEE 802.1x. WPA2 also uses TKIP when required for compatibility reasons, but

offers stronger encryption than TKIP with Advanced Encryption Standard (AES) in the Counter

mode with Cipher block chaining Message authentication code Protocol (CCMP).

TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server.

AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm

called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check

(MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying

mechanism.

WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is

never used twice.

The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key

hierarchy and management system, using the PMK to dynamically generate unique data encryption

keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless

clients. This all happens in the background automatically.

The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets,

altering them and resending them. The MIC provides a strong mathematical function in which the

receiver and the transmitter each compute and then compare the MIC. If they do not match, it is

assumed that the data has been tampered with and the packet is dropped.

By generating unique data encryption keys for every data packet and by creating an integrity

checking mechanism (MIC), with TKIP and AES it is more difficult to decrypt data on a Wi-Fi

network than WEP and difficult for an intruder to break into the network.

The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference

between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific

credentials. The common-password approach makes WPA(2)-PSK susceptible to brute-force

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of ZyXEL NBG6503 in the language / languages: English as an attachment in your email.

The manual is 7,79 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

Others manual(s) of ZyXEL NBG6503

ZyXEL NBG6503 User Manual - German - 39 pages

ZyXEL NBG6503 Quick start guide - All languages - 4 pages

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

ZyXEL NBG6503 Manual

Product: