D-Link DWL-1000AP [18/24] Managing security

Managing Security

Maintaining security in a wireless LAN environment is somewhat different from a wired

network, because the radio waves are not confined with the building. Eavesdropping or

unauthorized access from outside your building can be a serious threat.

There are three types of actions involved:

• Protecting your data while it is transferred from one station to another. Encryption

techniques will be necessary in most environments (Data Privacy).

• Control who can make use of the wireless network (Access Control).

• Protecting your network configuration against tampering from both inside and

outside your organization (Secure Management).

Data Privacy An DWL-1000AP supports three different data privacy algorithms:

unencrypted data; standardized IEEE 802.11 WEP (based on a 40 bit

shared key), and No Wires Needed AirLock™ (based on automatically

generated 128 bit session keys).

Access

Control

The IEEE 802.11 standard allows for Access Control rules based on

the client station’s hardware address, and is fully implemented by the

DWL-1000AP. If AirLock™ is enabled, the hardware address is also

verified using cryptographic techniques. See the section on AirLock™

Security Architecture.

Secure

Management

The primary protection against tampering for any SNMP agent is the

Write Community String (WCS), which functions as a password for

network management commands. The WCS is sent over your network

in plain text, making it vulnerable to eavesdropping from within your

organization. The WCS is never sent over the radio, however.

If you want you can lock your Access Points. After being locked they

can no longer be managed via SNMP. Press the pinhole Reset switch

on the back-panel of the Access Point to unlock the Access Point.