Manualshelf

User Manual

ManualsBrandsPsion ManualsComputers & AccessoriesPSION TEKLOGIX WIRELESS GATEWAY 802.11a/b/g
141142143144145146147148149150
Chapter 13: Configuring Security
Does Prohibiting The Broadcast SSID Enhance Security?
122
Psion Teklogix 9160 Wireless Gateway User Manual
standard WPA mode, and most interoperable mode with client Wireless
software security features. TKIP is the only encryption algorithm that is
being tested in Wi-Fi WPA certification.
Notes: If there are older client stations on your network that do not support WPA
or WPA2, you can configure WPA/WPA2 Enterprise (RADIUS) with Both,
CCMP, or TKIP and check the “Allow non-WPA IEEE 802.1x clients”
checkbox to allow non-WPA clients. This way, you get the benefit of IEEE
802.1x key management for non-WPA clients along with even better data
protection of TKIP and CCMP (AES) key management and encryption
algorithms for your WPA clients.
A typical scenario is that one is upgrading a current 802.1x network to use
WPA. You might have a mix of clients; some new clients that support WPA
or WPA2 and some older ones that do not support any flavours of WPA. You
might even have other access points on the network that support only
802.1x and some that support WPA with RADIUS or WPA2 Enterprise
(RADIUS). For as long as this mix persists, use the “Allow non-WPA IEEE
802.1x clients” option.
When all the stations have been upgraded to use WPA or better yet WPA2,
you should disable the “Allow non-WPA IEEE 802.1x clients” option, and
set “WPA Versions” option appropriately (“WPA”, “WPA2,” or “Both”).
See Also
For information on how to configure this security mode, see “WPA/WPA2 Enter-
prise (RADIUS)” on page 136.
13.1.3 Does Prohibiting The Broadcast SSID Enhance Security?
You can suppress (prohibit) this broadcast to discourage stations from automatically
discovering your access point. When the AP’s broadcast SSID is suppressed, the
network name will not be displayed in the List of Available Networks on a client
station. Instead, the client must have the exact network name configured in the sup-
plicant before it will be able to connect.
Disabling the broadcast SSID is sufficient to prevent clients from accidentally con-
necting to your network, but it will not prevent even the simplest of attempts by a
hacker to connect, or monitor plain-text traffic.