Intermec 751G Cell Phone User Manual


 
Chapter 5 — Network Support
751G Color Mobile Computer User’s Manual 119
Encryption
AES
(Advanced
Encryption
Standard)
A block cipher, a type of symmetric key cipher that uses groups of bits of a fixed length - called blocks.
A symmetric key cipher is a cipher using the same key for both encryption and decryption.
As implemented for wireless, this is also known as CCMP, which implements AES as TKIP and WEP
are implementations of RC4.
CKIP (Cisco
Key Integrity
Protocol)
This is Cisco's version of the TKIP protocol, compatible with Cisco Aironet products.
TKIP (Temporal
Key Integrity
Protocol)
This protocol is part of the IEEE 802.11i encryption standard for wireless LANs, which provides per-
packet key mixing, a message integrity check and a re-keying mechanism, thus overcoming most of
the weak points of WEP. This encryption is more difficult to crack than the standard WEP. Weak
points of WEP include: No Initiation Vector (IV) reuse protection, weak keys, no protection against
message replay, no detection of message tampering, and no key updates.
WEP (Wired
Equivalent
Privacy)
encryption
With preconfigured WEP, both the client 751G and access point are assigned the same key, which
can encrypt all data between the two devices. WEP keys also authenticate the 751G to the access point
- unless the 751G can prove it knows the WEP key, it is not allowed onto the network. WEP keys are
only needed if they are expected by your clients. There are two types available: 64-bit (5-character
strings, 12345) (default) and 128-bit (13-character strings, 1234567890123). Enter these as either
ASCII (12345) or Hex (0x3132333435).
Key Management Protocols
WPA (Wi-Fi
Protected Access)
This is an enhanced version of WEP that does not rely on a static, shared key. It encompasses a
number of security enhancements over WEP, including improved data encryption via TKIP and
802.11b/g authentication with EAP. WiFi Alliance security standard is designed to work with existing
802.11 products and to offer forward compatibility with 802.11i.
WPA2 (Wi-Fi
Protected Access)
Second generation of WPA security. Like WPA, WPA2 provides enterprise and home Wi-Fi users
with a high level of assurance that their data remains protected and that only authorized users can
access their wireless networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11
standard ratified in June 2004. WPA2 uses the Advanced Encryption Standard (AES) for data
encryption and is eligible for FIPS (Federal Information Processing Standards) 140-2 compliance.
Authentication
EAP (Extensible
Authentication
Protocol)
802.11b/g uses this protocol to perform authentication. This is not necessarily an authentication
mechanism, but is a common framework for transporting actual authentication protocols. Intermec
provides a number of EAP protocols for you to choose the best for your network.
EAP-FAST
(Flexible
Authentication
via Secure
Tunneling)
A publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is available as an IETF
informational draft. An 802.1X EAP type that does not require digital certificates, supports a variety
of user and password database types, supports password expiration and change, and is flexible, easy to
deploy, and easy to manage.
LEAP
(Lightweight
Extensible
Authentication
Protocol)
Also known as Cisco-Wireless EAP, provides username/password based authentication between a
wireless client and a RADIUS server. In the 802.1x framework, traffic cannot pass through a wireless
network access point until it successfully authenticates itself.
EAP-PEAP
(Protected
Extensible
Authentication
Protocol)
Performs secure authentication against Windows domains and directory services. It is comparable to
EAP-TTLS both in its method of operation and its security, though not as flexible. This does not
support the range of inside-the-tunnel authentication methods supported by EAP-TTLS. Microsoft
and Cisco both support this protocol.