Home | Knowledge Center | Featured Topics
Deploying WPA™ and WPA2™ in the Enterprise
In 2004, the Wi-Fi Alliance introduced Wi-Fi Protected Access® 2 (WPA2), the second generation of WPA security. WPA2 using AES encryption is the recommended security configuration for Wi-Fi networks. WPA2 provides enterprise and home Wi-Fi users with a high level of assurance that their data will remain protected and that only authorized users can access their wireless networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard ratified in June 2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption and is eligible for FIPS (Federal Information Processing Standards) 140-2 compliance.This White Paper is structured to provide a practical hands-on guide for deploying WPA and WPA2 in the enterprise.
Section I provides an overview of Wi-Fi security. It discusses the features and benefits of WPA and WPA2 as over-the-air solutions that bring strong authentication and encryption to the wireless environment. It identifies the components of WPA and WPA2, summarizes how these solutions work to protect wireless networks from attack, and identifies issues that must be addressed before deploying WPA or WPA2 in the enterprise.
Section II identifies the 7 steps to prepare for a WPA or WPA2 Enterprise Deployment. It presents all 7 steps in detail, provides 2 examples of WPA deployment configurations, and reviews WPA and WPA2 deployment configuration tools as well as general WPA and WPA2 deployment guidelines.
Section III discusses transition strategies for a variety of scenarios. These include new Wi-Fi WPA or WPA2 deployments, supporting multiple user communities, upgrading to WPA from vendor proprietary solutions using WEP, and upgrading to WPA or WPA2 from VPN. It also offers a roadmap to future upgrades for organizations that expect to migrate from WPA to WPA2.
If planning a new deployment, managers are advised to read all 3 sections. If planning security upgrades on established Wi-Fi networks, managers should pay specific attention to the passages in Section III that address their particular network scenario.
