Keyguard

Keyguard (a form of WEP) could be all a small business needs for the simple encryption of wireless data.

Keyguard is a proprietary encryption method and an enhancement to WEP encryption, and was developed before the finalization of WPA-TKIP. The Keyguard encryption implementation is based on the IEEE Wi-Fi standard, 802.11i.

To configure Keyguard encryption on a WLAN:

  1. Select Configuration → Wireless → Wireless LANs to display available WLANs.
  2. Click Add to create an additional WLAN, or select an existing WLAN and click Edit to modify its security properties.
  3. Select Security.
  4. Select the Keyguard check box from within the Select Encryption field.
    The screen populates with the parameters required to define a keyguard configuration for the new or existing WLAN.
    Click to expand in new window
    WLAN Security - Keyguard Screen
  5. Configure the following keyguard settings:
    Generate Keys

    Specify a 4- to 32-character pass key and click Generate. TThe pass key can be any alphanumeric string. The access point, other proprietary routers, and WiNG clients use the algorithm to convert an ASCII string to the same hexadecimal number. Clients without these WiNG adapters need to use keys manually configured as hexadecimal numbers.

    Keys 1-4 Use the Key #1-4 fields to specify key numbers. For keyguard (104-bit key), the keys are 26 hexadecimal characters in length. Select one of these keys for default activation by clicking its radio button. Selecting Show displays a key in exposed plain text.
    Restore Default WEP Keys Select this button to restore the keyguard algorithm to its default settings. This might be necessary, for example, if the latest defined algorithm has been compromised and no longer provides its former measure of data security.
    Default WEP keyguard keys are as follows:
    • Key 1 101112131415161718191A1B1C
    • Key 2 202122232425262728292A2B2C
    • Key 3 303132333435363738393A3B3C
    • Key 4 404142434445464748494A4B4C
  6. Select OK when completed to update the WLAN's keyguard encryption configuration.

    Select Reset to revert to the last saved configuration.

Before defining a keyguard configuration on a WLAN, refer to the following deployment guidelines to ensure the configuration is optimally effective:
  • WiNG proprietary authentication techniques can also be enabled on WLANs supporting other WiNG proprietary techniques, such as keyguard.
  • A WLAN using keyguard to support legacy devices should largely limit its use of keyguard to those legacy devices only.
  • If WEP support is needed for WLAN legacy device support, 802.1X EAP authentication should be also configured in order for the WLAN to provide authentication and dynamic key derivation and rotation.