Wi-Fi Array70 Installing the Wi-Fi ArraySecurity PlanningThis section offers some useful guidelines for defining your preferred encryptionand authentication method. For additional information, see “UnderstandingSecurity” on page 210 and the Security section of “Frequently Asked Questions”on page 398.Wireless EncryptionEncryption ensures that no user can decipher another user’s data transmittedover the airwaves. There are three encryption options available to you, including: WEP-40bit or WEP-128bitBecause WEP is vulnerable to cracks, we recommend that you only usethis for legacy devices that cannot support a stronger encryption type. Wi-Fi Protected Access (WPA)This is much more secure than WEP and uses TKIP for encryption. Wi-Fi Protected Access (WPA2) with AESThis is government-grade encryption—available on most new clientadapters—and uses the AES–CCM encryption mode (AdvancedEncryption Standard–Counter Mode).AuthenticationAuthentication ensures users are who they say they are, and occurs when usersattempt to join the wireless network and periodically thereafter. The followingauthentication methods are available with the Wi-Fi Array: RADIUS 802.1x802.1x uses a remote RADIUS server to authenticate large numbers ofclients, and can handle different authentication methods (EAP-TLS, EAP-TTLS, EAP-PEAP, and EAP-LEAP Passthrough). Administrators mayalso be authenticated via RADIUS when preferred, or to meet particularsecurity standards. Xirrus Internal RADIUS serverRecommended for smaller numbers of users (about 100 or less). SupportsEAP-PEAP only