9
Introduction
Gigaset WLAN Repeater/ englisch / A31008-E505-B105-1-7619 / introduction.fm / 08.03.2004
WPA
WPA was developed to improve the security provided by WEP. WPA uses the same
encryption method, but uses TKIP (Temporal Key Integration Protocol) for key genera-
tion. TKIP comprises four elements: a key mix per packet, a message integrity check
(MIC), an initialisation vector with improved selection rules and a renewal mechanism
for the keys. The key mix includes the MAC address of the device in question. All the par-
ticipants do not use the same key as with WEP. The improved selection rules for the ini-
tialisation vector and key renewal prevent the publicly transmitted initialisation vector
ever being used twice with a key.
If you are running a small network (at home or in the office), then WPA encryption is
completely sufficient to protect your network. In this case, define a password (pre-
shared key) for your Gigaset WLAN Repeater, if you are using it in Access point mode.
The keys are generated automatically. How to set up such a pre-shared key is described
in Section "WPA encryption" on page 69. Every PC must use this pre-shared key to access
the Access Point and thus the wireless network. Additional software must be installed
on these PCs before WPA can be used. The system must have Windows XP as its operat-
ing system. On the Microsoft Internet pages you will find an update for installing WPA
on your PC. Configuration then uses the standard configuration tool for "Wireless Net-
work Connections" that is included in Windows XP. Further information can be found on
the Microsoft Internet site.
RADIUS Server
For larger networks (e.g. in companies), WPA provides additional authentication using
a procedure described in Standard IEEE 802.1x. An authentication server is set up for
user administration. This controls user logins via user IDs and passwords. In this case,
instead of a pre-shared key for your Gigaset WLAN Repeater, you configure access to an
authentication server. You can use an external RADIUS server as the authentication
server (see Section "RADIUS Server" on page 81).
Access control via MAC filters
Setting up access rights via MAC filters (Medium Access Control) on your Access Point
will give you optimum security for your local network. Only those PCs whose MAC
addresses you explicitly define in a filter list will be accepted on the wireless network.
This is described in Section "MAC Address Filter Settings" on page 67.
Hiding SSIDs
Network components via wireless connections use the same SSID (Service Set Identi-
fier). By default, this SSID is broadcast with all data transmissions and the SSID is dis-
played on PCs that have a wireless network adapter. This means that unauthorised per-
sons could eavesdrop on the network and use the SSID to gain access to your local net-
work. You can hide the SSID of your Gigaset WLAN Repeater. In this case, it is neither
broadcast nor displayed. This increases the protection against unauthorised access to
the wireless network. For more information about this please turn to "SSID Broadcast
Settings" on page 66.
