User guide

ManualsBrandsAtrust ManualsComputer equipmentM320

101

102

103

104

105

106

107

108

109

110

Odyssey Access Client User Guide

94  Network Security

 IPsec is a set of protocols used to secure (encrypt) IP data packets being

exchanged on a network. Best practices for network security usually call for

encrypting the data being transferred between protected network resources

and endpoint computers. A Juniper UAC network can include a firewall that

provides an IPsec gateway deployed in front of protected resources to enforce

the security policy. Odyssey Access Client supports IPsec encryption as part of

conforming to that policy.

Encryption and Association for Secure Authentication

To establish a wireless connection with an access point, a wireless client must

associate with the access point. For a wireless client device to access a secure

network, the user of the client device must be authenticated by the network. The

following list briefly defines terminology necessary to understand association, data

encryption, and authentication:

 Association is the method by which a client establishes a relationship with an

access point.

 Data encryption is used to secure data that is exchanged between a client

device and an access point (or another computer device).

 Encryption keys are a sequence of characters that an encryption algorithm uses

make plain text unreadable unless you share the encryption keys to decode the

encrypted message. Encryption keys are key components of data encryption

algorithms. Encryption keys might also be used for access point association.

 Once a wireless client has associated with an access point, the user of that

client device can be authenticated to the network. Authentication is used to

secure the relationship between a user of a wireless-equipped computer device

and an authentication server. For example, wireless network authentication that

is based on the 802.1X standard can use cryptographically strong (and

dynamically generated) encryption keys.

Authentication Overview

There are several methods for providing secure authentication over a wireless

network. Each method requires data encryption and, consequently, requires some

method for specifying or generating encryption keys. Some of these methods are

known to be more secure than others:

 Preconfigured secrets, called WEP (wired-equivalent privacy) keys. These keys

are intended to encrypt the data transferred between the client and the access

point and can be used to keep unauthorized users off the wireless network and

to encrypt the data of legitimate users. See “Wired-Equivalent Privacy” on

page 97 for a description of WEP-based encryption that complies with 802.11

standards.