A WiFi network uses radio, which is open to the public, as its data transmission
medium. If the WiFi network is not protected by necessary measures, any client can
connect to the network to use the resources of the network or access unprotected
data over the network. To ensure communication security, transmission links of WiFi
networks must be encrypted for protection.
The device supports various security modes for network encryption, including None,
WEP, WPA-PSK, WPA2-PSK, Mixed WPA/WPA2-PSK, WPA, and WPA2.
None: It indicates that any wireless client can connect to the WiFi network. This
option is not recommended because it affects network security.
WEP: It uses a static key to encrypt all exchanged data, and ensures that a wireless
LAN has the same level of security as a wired LAN. Data encrypted based on WEP
can be easily cracked. In addition, WEP supports a maximum WiFi network
throughput of only 54 Mbps. Therefore, this security mode is not recommended.
WPA-PSK/WPA2-PSK/Mixed WPA/WPA2-PSK: They belong to pre-shared key or
personal key modes, where Mixed WPA/WPA2-PSK supports both WPA-PSK and
WPA2-PSK.
WPA-PSK, WPA2-PSK, and Mixed WPA/WPA2-PSK adopt a pre-shared key for
authentication, while the AP generates another key for data encryption. This
prevents the vulnerability caused by static WEP keys, and makes the three security
modes suitable for ensuring security of home WiFi networks. Nevertheless,
because the initial pre-shared key for authentication is manually set and all clients
use the same key to connect to the same AP, the key may be disclosed
unexpectedly. This makes the security modes not suitable for scenarios where high
security is required.
To address the key management weakness of WPA-PSK and WPA2-PSK, the WiFi
Alliance puts forward WPA and WPA2, which use 802.1x to authenticate clients
and generate data encryption–oriented root keys. WPA and WPA2 use the root
keys to replace the pre-shared keys that set manually, but adopt the same
encryption process as WPA-PSK and WPA2-PSK.
WPA/WPA2: WPA and WPA2 uses 802.1x to authenticate clients and the login
information of a client is managed by the client. This effectively reduces the
probability of information leakage. In addition, each time a client connects to an
AP that adopts the WPA or WPA2 security mode, the RADIUS server generates a
data encryption key and assigns it to the client. This makes it difficult for attackers
to obtain the key. These features of WPA and WPA2 help significantly increase
network security, making WPA and WPA2 the preferred security modes of WiFi
networks that require high security.
