You may have heard about all of the inefficencies and vulnerabilities of Wireless Technologies. At Clear Sky Wireless we are just as concerned as you are. So we have put together this article about the different securities available and which securities we will use with our Wireless Technology. In hopes it will ease your mind a little. Wired Equivalent Privacy (WEP)- is part of the IEEE 802.11 standard (ratified in September 1999), and is a scheme used to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping; WEP was designed to provide comparable confidentiality to a traditional wired network, hence the name. However, several serious weaknesses were identified by cryptanalysts, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the inherent weaknesses, WEP provides a bare minimal level of security that can deter casual snooping. Wi-Fi Protected Access (WPA)- was created by the Wi-Fi Alliance in 2002 ? in part out of impatience with the slow-moving 802.11i standard. The industry consortium?s consensus was that an alternative to WEP was needed quickly, and WPA was the result. To avoid multiple ?standards? and conflicts later on, WPA was designed from the get-go to be compatible with 802.11i and was based on its early draft specifications. This sets WPA apart from a number of proprietary Wireless LAN security solutions that were developed by Proxim, Funk and other vendors. WPA provides several security advantages. First, it uses a stronger key management scheme, by implementing the Temporal Key Integrity Protocol (TKIP). TKIP creates encryption values that are mathematically derived from a master key, and changes these encryption keys and IV values automatically (and transparently to the user) so to prevent key stream reuse. This is important because WEP keys have to be changed manually, and this can be an administrative hassle, leading to administrators not changing the keys often enough (or not at all). TKIP also uses a Message Integrity Code called Michael that uses a 64 bit key. The integrity checker is designed to block forged messages. There are two methods for generating the master key, and WPA operates in two different modes, depending on whether pre-shared keys are used or a central authentication server is available. For home users, WPA offers easy setup (one big problem with WEP was that many users found it too difficult or confusing to set up and manage, so they didn?t). Authentication is based on the Extensible Authentication Protocol (EAP) and can use pre-shared keys that make it simple to configure on the WAP and clients in small network settings: you manually enter a password, and then TKIP does its thing, automatically changing the keys periodically. This is called PSK (for PreShared Key) mode.It is recommended that when using PSK mode, you should set a password with at least 20 characters. At the large network level, operating in Enterprise mode, WPA supports RADIUS so that users can be authenticated through a centralized server. WPA 802.1x authentication methods include EAP-TLS, EAP-TTLS, EAP-LEAP, EAP-PEAP and other implementations of EAP. WPA uses the same encryption algorithm for encrypting data that WEP uses: the RC-4 cipher stream algorithm. However, TKIP uses a 48 bit initialization vector, as opposed to the weaker 24 bit IV used by WEP. The Wi-Fi Alliance started certifying WPA-capable wireless equipment in April 2003 Protected Extensible Authentication Protocol (PEAP)- provides a method to transport securely authentication data, including legacy password-based protocols, via 802.11 wireless networks. PEAP accomplishes this by using tunneling between PEAP clients and an authentication server. Like the competing standard Tunneled Transport Layer Security (TTLS), PEAP authenticates wireless LAN clients using only server-side certificates, thus simplifying the implementation and administration of a secure wireless LAN. Microsoft, Cisco and RSA Security developed PEAP. Note that Cisco's LEAP authentication server, ACS, recently added support for PEAP. 802.1x EAP TypesFeature / Benefit MD5