Deploying WPA™ and WPA2™ in the Enterprise
By 2001, a series of independent studies from various academic and commercial institutions had identified weaknesses in Wired Equivalent Privacy (WEP), the original native security mechanism for wireless local area networks (WLANs) in the Institute of Electrical and Electronics Engineers (IEEE) 802.11 specification. These studies showed that, even with WEP enabled, an intruder equipped with the proper tools and a moderate amount of technical knowledge could gain unauthorized access to the wireless network via the WLAN. As a result, enterprises found it necessary to supplement WEP with third-party security solutions such as VPN, IEEE 802.1X authentication services servers, or add-on proprietary technologies.To address this situation, the Wi-Fi Alliance® introduced two new interoperable Wi-Fi security specifications for both enterprise and home networks.
In 2003, the Wi-Fi Alliance introduced Wi-Fi Protected Access™ (WPA™) as a strong, standards-based interoperable Wi-Fi security specification. WPA provides assurance to enterprises, small businesses and home users that their data will remain protected and that only authorized users may access their networks. WPA uses Temporal Key Integrity Protocol (TKIP) for data encryption.
In 2004, the Wi-Fi Alliance introduced Wi-Fi Protected Access 2 (WPA2™), the second generation of WPA security. Like WPA, WPA2 provides enterprise and home Wi-Fi users with a high level of assurance that their data will remain protected and that only authorized users can access their wireless networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard ratified in June 2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption and is eligible for FIPS (Federal Information Processing Standards) 140-2 compliance.
This White Paper is structured to provide a practical hands-on guide for deploying WPA and WPA2 in the enterprise.
Section I provides an overview of Wi-Fi security. It discusses the features and benefits of WPA and WPA2 as over-the-air solutions that bring strong authentication and encryption to the wireless environment. It identifies the components of WPA and WPA2, summarizes how these solutions work to protect wireless networks from attack, and identifies issues that must be addressed before deploying WPA or WPA2 in the enterprise.
Section II identifies the 7 steps to prepare for a WPA or WPA2 Enterprise Deployment. It presents all 7 steps in detail, provides 2 examples of WPA deployment configurations, and reviews WPA and WPA2 deployment configuration tools as well as general WPA and WPA2 deployment guidelines.
Section III discusses transition strategies for a variety of scenarios. These include new Wi-Fi WPA or WPA2 deployments, supporting multiple user communities, upgrading to WPA from vendor proprietary solutions using WEP, and upgrading to WPA or WPA2 from VPN. It also offers a roadmap to future upgrades for organizations that expect to migrate from WPA to WPA2.
If planning a new deployment, managers are advised to read all 3 sections. If planning security upgrades on established Wi-Fi networks, managers should pay specific attention to the passages in Section III that address their particular network scenario.
Downloadable File
Deploying WPA™ and WPA2™ in the Enterprise
