Manual Compaq Ipaq 3630 wireless security (page 26 of 30) (English)

35484

Zoom out

Zoom in

1/30

Wireless Security White Paper 26

• For security reasons, the authentication information must be cryptologically secure. This

implies that the Authenticator cannot decrypt the credentials.

• The model must be extensible to new authentication mechanisms as they are invented and

implemented.

In order to ensure that the Authenticator can always identify and interpret new authentication

mechanisms, any authentication types must be encapsulated using the Extensible Authentication

Protocol (EAP) as specified in RFC 2284. EAP already supports multiple authentication schemes

including smart cards, Kerberos, Public Key Encryptions, and One Time Passwords. Many others

can be added.

The biggest security consideration of 802.1x is that its sole purpose is authentication. It does not

provide integrity, encryption, replay protection or non-repudiation. These would need to be

implemented with complementary schemes such as IPSec.

There are also other points of vulnerability that must be addressed in any implementation of

802.1x:

• Piggybacking on an authenticated port – Multiple end stations on a port must be detected and

disconnected

• Interception of credentials – Passwords must always be encrypted

• Subversion of authentication negotiation – It should not be possible to provoke a lesser form

of authentication by interfering with the authentication process

802.11b WLANs are ideal candidates for 802.1x authentication since they represent a completely

uncontrolled periphery. While it is possible to restrict physical access to wired LANs, this is not

feasible in a wireless environment. It is much more difficult to monitor and enforce the air space

around office buildings than the ports and wiring within them.

This vulnerability is currently addressed using Wired Equivalent Privacy (WEP), which is

available on 802.11b Access Points. If WEP is in use, then all stations must configure a

symmetric passphrase in order to connect. All transmission is then encrypted with 40-128 bit

encryption.

Recently, there have been alleged cryptological weaknesses with the WEP algorithms that have

cast a shadow on its use. Beyond these there is a fundamental problem with key distribution and

update. Since WEP keys are typically symmetrical (the same on the Access Point and all

connecting stations) they must be changed in unison. Clearly this is difficult to orchestrate when

large user populations are involved.

There have been solutions, including automating regular key changes, for example, using logon

scripts; however, they are non-standard and require additional work. There are also problems

ensuring that employees who leave the company no longer have access to the network, since they

could “remember” their WEP key.

Another aspect of the problem arises when users connect to multiple different wireless LANs

(e.g. in public areas or at customer sites). Current WEP implementations require that the user

manually change the WEP key each time a new network is selected, which is tedious and

interferes with any automated key changes.

802.1x solves all of these problems. It is not necessary to distribute any keys. The user can

authenticate to a central Authentication server, which stores per-user credentials that can be

disabled or modified as needed.

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of Compaq Ipaq 3630 wireless security in the language / languages: English as an attachment in your email.

The manual is 0,5 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

Compaq Ipaq 3630 wireless security Manual

Product: