40 © 2001-2008 D-Link Corporation. All Rights Reserved.
D-Link Unified Access Point Administrator’s Guide
provides the best data protection available and is the best choice if all client stations are
equipped with WPA supplicants. To use WPA Enterprise, you must have an external RADIUS
server on your network. Additionally, backward compatibility or interoperability issues with
clients or even with other access points may require that you configure WPA with RADIUS
with a different encryption algorithm or choose one of the other security modes.
For some networks, security might not be a priority. If you are simply providing Internet and
printer access, as on a guest network, setting the security mode to “None (Plain-text)” might
be the appropriate choice. To prevent clients from accidentally discovering and connecting to
your network, you can disable the broadcast SSID so that your network name is not advertised.
If the network is sufficiently isolated from access to sensitive information, this might offer
enough protection in some situations. For more information, see
“Prohibiting the SSID
Broadcast”
on page 53.
Comparing Security Modes
There are three major factors that determine the effectiveness of a security protocol:
•
How the protocol manages keys
•
What kind of encryption algorithm or formula the protocol uses to encode and decode the
data
•
Whether the protocol has integrated user authentication
The following sections describe the security modes available on the DWL-3500AP and DWL-
8500AP along with a description of the key management, authentication, and encryption
algorithms used in each mode.
•
When to Use Unencrypted (No Security)
•
When to Use Static WEP
•
When to Use IEEE 802.1X
•
When to Use WPA Personal
•
When to Use WPA Enterprise
This guide also includes some suggestions as to when one mode might be more appropriate
than another.
When to Use Unencrypted (No Security)
Setting the security mode to “None (Plain-text)” by definition provides no security. In this
mode, the data is not encrypted but rather sent as “plain text” across the network. No key
management, data encryption, or user authentication is used.
Recommendations
Unencrypted mode, i.e. None (Plain-text), is not recommended for networks with sensitive or
private information because it is not secure. Therefore, only set the security mode to “None
(Plain-text)” on the internal network for initial setup, testing, or problem solving.
When to Use Static WEP
Static Wired Equivalent Privacy (
WEP
) is a data encryption protocol for 802.11 wireless
networks. All wireless stations and access points on the network are configured with a static