Symbol Technologies WS 2000 manual Setting the Encryption Method, Kerberos Authentication

Page 33

Step 6: Configure WLAN Security

Kerberos Authentication

secret-key cryptography. Using this protocol, a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server use Kerberos to prove their identity, they can encrypt all communications to assure privacy and data integrity.

1.Select the Kerberos radio button to enable Kerberos authentication.

2.Click the Kerberos Configuration button to display a sub-screen for authentication settings. To see the details on how to set up the Kerberos authentication, refer to How to Configure Kerberos Authentication.

3.Click the Apply button to save changes.

4.Make sure that NTP is enabled (go to System Configuration --> NTP Servers from the left menu). It is required for Kerberos Authentication. For more information, see How to Configure an NTP Server.

Setting the Encryption Method

Encryption applies a specific algorithm to data to alter its appearance and prevent unauthorized reading. Decryption applies the algorithm in reverse to restore the data to its original form. Sender and receiver employ the same encryption/decryption method.

The WS 2000 Wireless Switch provides three methods for data encryption: WEP, WPA- TKIP, and KeyGuard-MCM. The WPA-TKIP and KeyGuard-MCM methods use WEP 104-bit key encryption. WPA-TKIP offers the highest level of security among the encryption methods available with the switch.

Configuring WEP Encryption

Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b. WEP is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN. WEP might be all that a small- business user needs for the simple encryption of wireless data. However, networks that require more security are at risk from a WEP flaw. The existing 802.11 standard alone offers administrators no effective method to update keys. Key changes require the manual reconfiguration of each access port. An unauthorized person with a sniffing tool can monitor a network for less than a day and decode its encrypted messages.

WEP is available in two encryption modes: 40 bit (also called 64-bit) and 104 bit (also called 128 bit). The 104-bit encryption mode provides a longer algorithm that takes longer to decode than that of the 40-bit encryption mode.

Note: The 104-bit encryption mode allows devices using keys 104-bit and devices 40-bit keys to talk to each other using 40-bit keys if the 104-bit devices permit this option.

1.Select the WEP radio button to enable the Wired Equivalent Privacy (WEP) protocol.

2.Choose between the 40-bit key (WEP 64) and 104-bit key (WEP 128) option by selecting the appropriate radio button.

3.To use WEP encryption with the No Authentication selection, click the WEP Key Settings button to display a sub-screen for entering keys.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

33

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 32 Page 34
Image 33
Page 32 Page 34
Contents WS 2000 Wireless Switch Version System Reference72E-67701-01 Rev a March Patents CopyrightTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 WS 2000 Wireless Switch System Reference Guide About this DocumentDocument Conventions Wireless LAN Wlan Security Management of Access PortsSystem Overview Firewall SecurityTechnical Specifications Physical SpecificationsHardware Overview Cell Controller Services Operating System OS ServicesPower Specifications Environmental SpecificationsGateway Services 802.11b Support 802.11a SupportAccess Ports Gateway Services WS 2000 Wireless Switch FirewallNetwork Address Translation NAT Snmp Management Support Layer 3 RoutingDhcp Client and Server Overview802.1x with Radius Authentication WEP 64 40-bit keyWEP 128 104-bit Key Kerberos Authentication 802.1x with Shared Key AuthenticationKeyGuard-MCM Support Wireless Protected Access WPAInstalling the Switch Set up Communication to the SwitchGetting Started Overview Getting Started Overview Changing the Administrator Password Configuring the Switch Configure the LAN InterfaceField Description Defining the SubnetsInterfaces Configure SubnetsDhcp Configuration Advanced Dhcp Settings Communicating with the Outside World Configure the WAN InterfaceSetting Up Point-to-Point over Ethernet PPPoE Communication Chap Enable Wireless LANs WLANsWireless Summary Area Access Port Adoption Configure WLANsConfigure Wlan Security Field Description NameSubnet 802.1x EAP Authentication Setting the Authentication MethodSetting the Encryption Method Kerberos AuthenticationConfiguring WEP Encryption Configuring WPA-TKIP Configure Wlan Security No Encryption KeyGuard-MCMMobile Unit Access Control List ACL Configure Access PortsConfigure Access Ports Name Configure Subnet AccessAccess Exception Area Access Overview TableColor Access Type Description Green YellowHttp Protocol Transport Description Port UsedALL Transport DescriptionWLAN-How to Configure Advanced Settings Advanced ConfigurationWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Dtim Period Beacon IntervalWLAN-Advanced Access Port Settings Primary WlanSecurity Beacon WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Always On Firewall Filters Gateway-How to Configure the WS 2000 FirewallConfigurable Firewall Filters Mime Flood Attack Check Gateway-How to Configure Static RoutesDefining Routes Setting the RIP ConfigurationNo RIP RIPRIP v2 Security-How to Configure 802.1x EAP AuthenticationCompat NoneSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server WS 2000 Wireless Switch LED Functions Switch SettingsOverview Location DescriptionChanging the Name of the Switch Location field Change the Location and Country Settings of the WSUpdating the WS 2000 Wireless Switch’s Firmware How to Restart the WS 2000 Wireless SwitchPerforming the Firmware Update Checking for and Downloading Firmware updatesExporting and Importing Wireless Switch Settings System ConfigurationTo Import or Export Settings to an FTP Site To Import Settings to a Local FileTo Export Settings to a Local File How to Restore Default Configuration Settings Property Value How to Configure Snmp Traps Remote AdministrationSetting the Snmp Version Configuration Setting Up Snmp v1/v2c Community DefinitionsNoAuth Setting Up Snmp v3 Community DefinitionsAuthNoPriv AuthPrivSetting the Trap Configuration Setting Up the Access Control ListConfiguration AuthenticationTrap Trap Name Generates a Trap when… Category Cold StartSetting the Trap Configuration for Snmp v1/v2c Setting the Trap Configuration for Snmp Configure Administrator AccessAccess Port Description Configure Management AccessSetup AirBEAM Software Access Access Port StatisticsChanging the Administrator and Manager Passwords Statistics and LogsGeneral Access Port Information Associated Mobile Units Received and Transmitted TablesSubnet Statistics Transmitted Description Field Received Field DescriptionInterfaces WAN StatisticsReceived Field Description Viewing the Log on the Switch Setting Up and Viewing the System LogSetting Up a Log Server Background Retail Use CasesPlan Contacting the Wireless Switch Configuring the System SettingsEntering the Basic System Settings Setting Access Control Configuring the Subnets IP Address PlanSubnet IP Address Range For each subnet Configuring POS SubnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Setting Access Port Defaults Configuring the Access PortsSwitch Port Connected to Inspecting the FirewallNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the Cafe Wlan Configuring the WLANsName Printer Configuring the Printer WlanFor the POS WLAN, she makes the following choices Configuring the POS WlanSetting Subnet Access Retail Use Cases Configuring the Clients Testing ConnectionsWireless Authentication Encryption Channel Client IP Address Subnet Mask Gateway PortField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the Engineering LAN Configuring the LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example Adopting Access Ports Confirm Firewall ConfigurationMAC Address Location Adoption List LabelField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents