FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide
60
01-30004-0265-20070831
Wireless Security
Using a wireless network
Wireless Security
Radio waves transmitted between a wireless device and access points provide the
weakest link between the wireless device and network servers. Wireless
networking can be risky because information travels on radio waves, which is a
public medium. The 802.11 standard includes security options to stop your
information from being intercepted by unwanted sources. These are Wireless
Equivalent Privacy (WEP) and WiFi Protected Access (WPA) encryption. Wireless
encryption is only used between the wireless device and the AP. The AP decrypts
the data before sending it along the wired network. The FortiWiFi-50B supports
both encryption methods.
Wireless Equivalent Privacy (WEP)
WEP security uses an encryption key between the wireless device and the AP. For
WEP security, the wireless device and AP must use the same encryption key, and
is manually typed by the wireless user and administrator. When activated, the
wireless device encrypts the data with the encryption key for each frame using
RSA RC4 ciphers.
There has been criticism of WEP security. WEP keys are static. They must be
changed manually and frequently on both the wireless device and the APs. On a
small company or network with a few users and APs, this is not a big issue.
However, the more users and APs, changing WEP keys regularly can become an
administrative headache and potentially error prone. Consequently, keys are
rarely changed over months or years, leaving a hacker plenty of time to get the
key and gain access to the network.
In small wireless networking environments, activating WEP security will
significantly minimize outside infiltrators from getting in your network and is better
than no security at all. However, it is still very important that you regularly change
the WEP key, at least weekly; or monthly at most.
Wi-Fi Protected Access (WPA)
WPA was developed to replace the WEP standard and provide a higher level of
data protection for wireless networks. WPA provides two methods of
authentication; through 802.1X authentication or pre-shared keys.
802.1X authenticates users through an EAP authentication server such as a
RADIUS server authenticates each user before they can connect to the network.
The encryption keys can be changed at varying intervals to minimize the
opportunity for hackers to crack the key being used.
In a network setup where a RADIUS server is not a viable option, WPA also
provides authentication with preshared keys using Temporal Key Integrity Protocol
(TKIP). Using TKIP, the encryption key is continuously re-keyed while the user is
connected to the wireless network. This creates a unique key on every data
packet. To further ensure data integrity, a Message Integrity Code (MIC also
known as Michael) is incorporated into each packet. It uses an 8 byte message
integrity code that is encrypted using the MAC addresses and data from each
frame to provide a more secure packet transmission.
WPA provides a more robust security between the wireless device and the access
point. The FortiWiFi-50B device supports both WPA methods.
Summary of Contents for Fortigate 100D
Page 83: ...www fortinet com ...
Page 84: ...www fortinet com ...