Samsung Network Printer Ieee 802.11 authentication, WEP encryption, WPA Wi-Fi Protected Access

Page 24

IEEE 802.11 authentication

IEEE 802.11 authentication is a process of identifying an individual who is attempting to access a wireless LAN or an access point. The IEEE 802.11 standard defines two types of authentication services:

Open System: Authentication is not used, and encryption may or may not be used, depending on the need for data security.

Shared Key: Authentication is used. A device that has a proper WEP key can access the network.

The Samsung Network Printer Card supports both authentication methods.

WEP encryption

WEP (Wired Equivalent Privacy) is a security protocol preventing unauthorised access to your wireless network. Wireless LANs, which communicate over radio waves, do not have a physical structure that can be protected from unauthorised access and therefore are vulnerable to tampering. WEP is designed to provide a wireless LAN with a security level equal to that found on a wired network. WEP encrypts the data portion of each packet exchanged on a wireless network using a 64-bit or 128-bit WEP encryption key. Sometimes, 64-bit WEP is called 40-bit and 128-bit is called 104-bit. 40-bit and 64-bit encryption are really the same thing, as are 104-bit and 128- bit encryption, because an additional 24 initialisation vector (IV) bits are automatically added to make a total of 64 bits and 128 bits. To encrypt data, the Samsung Wireless Network Printer Card uses four encryption keys. You must select a key and enter the key value. The key value must be the same as the other wireless devices or that of the access point of your wireless network. In 64-bit mode, each key value is 10 hexadecimal digits (0-9 and A-F) or 5 alphanumeric characters. In 128-bit mode, each key value is 26 hexadecimal digits or 13 alphanumeric characters. Contact your network administrator for this configuration.

EAP-MSCHAPv2: EAP-MSCHAPv2 uses the MS-CHAPv2 authentication protocol to create a strong encryption key initially for MMPE (Microsoft Point-to-Point Encryption) and to use a different encryption key during communication.

EAP-TLS(EAP using Transport Layer Security): EAP-TLS uses X.509-compliant digital certificates for both client and server authentication.

EAP-TTLS: EAP-TTLS is known as a Tunneled TLS (Transport Layer Security) protocol. It is designed to provide authentication that is every bit as strong as EAP-TLS, but it does not require that each user be issued a certificate. Instead, only the RADIUS authentication servers are issued certificates. User authentication is performed by a password. The password credentials are transported in a securely encrypted tunnel that is established using the server certificate. As a result, the credentials are not vulnerable to dictionary attacks. Using TTLS forwarding, any inner authentication requests that are found inside the TTLS tunnel, such as EAP, PAP, CHAP, or MS-CHAP-V2, can be processed by downstream RADIUS servers. In this manner, you can perform authentication against any RADIUS infrastructure that is already deployed in your organisation.

PEAP (Protected Extensible Authentication Protocol): PEAP uses digital certificates for network server authentication and a password for client authentication.

WPA (Wi-Fi Protected Access)

WPA, announced by Wi-Fi Alliance, authorises and identifies users based on a secret key that changes automatically at regular intervals. WPA uses 802.1x or WPA-PSK (WPA mode Pre-Shared Key) for authentication. WPA-PSK verifies users via a pre-shared key on both a client station and an access point. In WPA-PSK authentication, a client may only gain access to the network if the client's password matches the access point's password. WPA also uses TKIP (Temporal Key Integrity Protocol) and AES (Advanced Encryption Standard) for data encryption.

IEEE 802.1x

IEEE 802.1x uses EAP (Extensible Authentication Protocol) and an authentication server, such as RADIUS (Remote Authentication Dial In User Server, RFC2138) for client and network server authentication. In this authentication process, the authentication server verifies the identity of the party attempting to connect to the network. The Samsung Wireless Network Printer Card supports popular authentication methods based on EAP, including:

EAP-MD5(EAP using Message Digest Algorithm 5): EAP- MD5 uses a password protected by the MD5 encryption algorithm, which is the same challenge handshake protocol as PPP-based CHAP. This authentication method provides one-way authentication based on a user name and password. This implementation is useful only in a small private network because it does not support automatic key distribution.

Certificates

Certificates are used to validate the identity of clients and network servers and allow encrypted data communications for EAP/802.1x authentication. Certificates may be issued and signed by a trusted third party, called Certificate Authority (CA). In EAP/802.1x authentications, such as EAP-TLS, EAP- TTLS, and PEAP, the Samsung network print server may require one or both of the following certificates:

Root Certificate: A certificate from a trusted Certificate Authority (CA) is used to validate the identity of a network authentication server while EAP authentication methods, such as EAP-TLS, EAP-TTLS, and PEAP, are performed. The network authentication server's identity will be validated when the root certificate information installed on the Samsung network print server is identical to the information on a certificate received from the network authentication server, such as RADIUS. To be installed on the Samsung

6.2

Wireless network environment

Image 24
Contents Page Page Contents Appendix Federal Communications Commission FCC For products fitted with EU-approved radio devicesPlace and the system is fully assembled Package contents Getting startedIntroduction Supported network environmentsInstalling your Network Printer Card System requirementsComputer Requirements IBMInstalling software Uninstalling softwareViewing the SyncThru Web Admin Service User’s Guide Programs supplied on the Network Utilities CDIP address setup Using SetIPUsing SyncThru Web Admin Service Using SyncThru Web Service Click Devices Æ Add deviceEnter your print server’s TCP/IP addresses and click Apply Configuring DHCP/BOOTP Configuring SnmpUsing Snmp TCP/IP environmentConfiguring SLP Using SLPConfiguring Ddns Dynamic DNS DdnsConfiguring Wins Configuring UPnPUsing UPnP BonjourPrinting protocols Standard TCP/IP portLPR port Configuring IPP in the print server Samsung Printer PortIPP port Windows 2000/XP/2003Additional functions Reset Click Network Settings Æ ResetClick Network Settings Æ General Ethernet speedConfiguring NetWare NetWare environmentNetWare printing Printing in NetWare Adding a queueAdding a printer Assignments menuConfiguring EtherTalk Configuring the printerEtherTalk environment EtherTalk printingTCP/IP printing Bonjour printerWireless network environment OverviewBasic concept and terms Ieee 802.11 authentication WPA Wi-Fi Protected AccessWEP encryption IeeeBefore configuring the print server Wireless settingsSelect Network Settings Æ Wireless Status DescriptionWireless basic settings Wireless security settings Security Authentication Encryption method Method ModeNone Open System No encryption None security mode settings Static WEP security mode settingsEnhanced Security mode settings Click Configure Using WPA-PSKUsing EAP-TLS Select File Æ Add/Remove Snap-inUsing EAP-TTLS Specifications Wireless specificationsItems Specifications AppendixOpenSSL Statements OpenSSL LicenseDisclaimer Ad hoc peer-to-peer mode Bonjour BootpDdns Dhcp Http SLP Snmp UPnP Static WEP 6.4 WEP encryption Rev.1.00