Chapter 5 — Network Support
162 CK60 Mobile Computer with Windows Mobile User’s Manual
Key Management Protocols
WPA (Wi-Fi Protected Access) This is an enhanced version of WEP that does not rely on a static, shared key. It
encompasses a number of security enhancements over WEP, including improved
data encryption via TKIP and 802.11b/g authentication with EAP. WiFi
Alliance security standard is designed to work with existing 802.11 products and
to offer forward compatibility with 802.11i.
WPA2 (Wi-Fi Protected Access) Second generation of WPA security. Like WPA, WPA2 provides enterprise and
home Wi-Fi users with a high level of assurance that their data remains protected
and that only authorized users can access their wireless networks. WPA2 is based
on the final IEEE 802.11i amendment to the 802.11 standard ratified in June
2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption
and is eligible for FIPS (Federal Information Processing Standards) 140-2
compliance.
Authentication
EAP (Extensible Authentication
Protocol)
802.11b/g uses this protocol to perform authentication. This is not necessarily an
authentication mechanism, but is a common framework for transporting actual
authentication protocols. Intermec provides a number of EAP protocols for you
to choose the best for your network.
EAP-FAST (Flexible
Authentication via Secure
Tu n n e l i n g )
A publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is
available as an IETF informational draft. An 802.1X EAP type that does not
require digital certificates, supports a variety of user and password database types,
supports password expiration and change, and is flexible, easy to deploy, and easy
to manage.
LEAP (Lightweight Extensible
Authentication Protocol)
Also known as Cisco-Wireless EAP, provides username/password based
authentication between a wireless client and a RADIUS server. In the 802.1x
framework, traffic cannot pass through a wireless network access point until it
successfully authenticates itself.
EAP-PEAP (Protected Extensible
Authentication Protocol)
Performs secure authentication against Windows domains and directory services.
It is comparable to EAP-TTLS both in its method of operation and its security,
though not as flexible. This does not support the range of inside-the-tunnel
authentication methods supported by EAP-TTLS. Microsoft and Cisco both
support this protocol.
EAP-TLS (Transport Layer
Security)
Based on the TLS (Transport Layer Security) protocol widely used to secure web
sites. This requires both the user and authentication server have certificates for
mutual authentication. While cryptically strong, this requires corporations that
deploy this to maintain a certificate infrastructure for all their users.
EAP-TTLS (Tunneled Transport
Layer Security)
This protocol provides authentication like EAP-TLS (see page 152) but does not
require certificates for every user. Instead, authentication servers are issued
certificates. User authentication is done using a password or other credentials that
are transported in a securely encrypted “tunnel” established using server
certificates.
EAP-TTLS works by creating a secure, encrypted tunnel through which you
present your credentials to the authentication server. Thus, inside EAP-TTLS
there is another inner authentication protocol that you must configure via
Additional TTLS Settings.
To Next Page
Loading...
