3.4 Security
Thi s Chapte r de scribe s setting up se cu rity u sing th e Athe ro s Client Utility (A CU).
While u sing the A the ro s USB wi rele ss ne two rk adapte r, enc ryption da ta can p rote ct it s a s it
i s t ran smitted th rough the wirele ss net wo rk.
While using the Atheros USB wireless network adapter, encrypting data can
protect its privacy as it is transmitted through the wireless network.
The ACU allows connection profiles of:
z
No security
(not recommended)
Link encryption/decryption is disabled, no keys are installed.
z
WPA security
Enables the use of Wi-Fi Protected Access (WPA). This option requires IT
administration. This option includes the EAP (with dynamic WEP keys)
security protocols: EAP, PEAP, and LEAP.
WPA is a standard-based, interoperable security enhancement that
provides data protection and access control for wireless LAN sy stems. It
is derived from and is forward-compatible with the upcoming IEEE
802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP)
and Michael message integrity check (MIC) for data protection, and
802.1X for authenticated key management.
WPA supports two mutually exclusive key management types: WPA and
WPA passphrase (also known as WPA-Pre Shared Key (PSK)). Using
WPA, clients and the authentication server authenticate to each other
using an EAP authentication method, and the client and server generate a
pairwise master key (PMK). The server generates the PMK dynamically
and passes it to the access point.
z
WPA-PSK security
Enables WPA passphrase security (also known as WPA-Pre Shared Key
(PSK)).
z
802.1x security
Enables 802.1x security. This option requires IT administration. This
option includes the EAP (with dynamic WEP keys) security protocols:
EAP, PEAP, and LEAP.
802.1x is the standard for wireless LAN security defined by IEEE as 802.1x
for 802.11, or simply 802.1x. An access point that supports 802.1x and its
protocol, Extensible Authentication Protocol (EAP), acts as the interface
between a wireless client and an authentication server such as a RADIUS
server, to which the access point communicates over the wired network.
z
Pre-Shared Key security (Static WEP)
Static WEP enables the use of up to four pre-shared (static wired equivalent privacy
(WEP)) keys that are defined on both the access point and the client station.
These keys are stored in an encrypted format in the registry of the
Windows device. When the driver loads and reads the USB device's
registry parameters, it also finds the static WEP keys, decrypts them, and
stores them in volatile memory on the USB device.
If a device receives a packet that is not encrypted with the appropriate key,
the device discards the packet and never delivers it to the intended recipient.
14