KeyGuard-MCM Support

When a Kerberos-enabled mobile unit (MU) authenticates with WS 2000 Wireless through an Access Port, the switch initially performs Kerberos authentication, even though the Kerberos server exists as a separate entity on the wired LAN. On initial request from a Kerberos-enabled MU, the WS 2000 Wireless Switch acts as a proxy to the external KDC. The switch passes initial Kerberos authentication information to the external KDC until the MU authenticates in the manner described in this section. Once authenticated, the user maintains access to the wired network for the allotted time provided by the session ticket (TK-TS).

Once an administrator enables Kerberos on a device, the device must pass authentication before wireless access via the device is permitted to the wired LAN.

KeyGuard-MCM Support

KeyGuard-MCM (Mobile Computing Mode) is Symbol Technologies’ security enhancement algorithm based on the Temporal Key Integrity Protocol (TKIP) from the forthcoming IEEE 802.11i standard. KeyGuard-MCM provides an enhanced solution for protecting data transfer over a Wireless LAN (WLAN) by using a proprietary algorithm to encrypt, decrypt, and transmit network packets.

KeyGuard-MCM leverages existing WEP encryption hardware by providing per-packet key mixing, a message integrity check, and a re-keying mechanism, which changes the security key set by the administrator when KeyGuard-MCM recognizes a potential compromise of network security.

KeyGuard-MCM works with all Symbol Technologies’ mobile units that support 128-bit WEP. KeyGuard-MCM is fully compatible with other network security protocols, including RADIUS and Kerberos.

The WS 2000 Wireless Switch fully supports KeyGuard-MCM.

Wireless Protected Access (WPA)

WEP uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to use the same key.

WPA specifies the use of the TKIP, and optionally, 802.1x for encryption.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

17

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 17
Image 17
Symbol Technologies WS 2000 manual KeyGuard-MCM Support, Wireless Protected Access WPA