User guide

ManualsBrandsAtrust ManualsComputer equipmentM320

101

102

103

104

105

106

107

108

109

110

Network Security  95

Network Security Concepts

 Preshared passphrases used to generate keys for WPA or WPA2 association.

Preshared passphrases enable you to configure a simple phrase that is used to

generate cryptographically strong encryption keys to be used with AES or TKIP

encryption. AES and TKIP periodically change the encryption keys in use. The

generated keys keep unauthorized users off the wireless network and encrypt

the data of legitimate users. See “Wi-Fi Protected Access and its Encryption

Methods” on page 98 for a description of AES or TKIP encryption methods that

enhance the 802.11 standards.

 Authentication using an 802.1X-based protocol. This method uses a variety of

underlying authentication protocols to control network access. The stronger

protocols provide cryptographically protected mutual authentication of the user

and the network. In addition, you can configure Odyssey Access Client so that

keys that are used to encrypt wireless data are generated dynamically.

802.1X-based authentication can use WEP, AES, or TKIP encryption, depending

on network hardware/firmware. See “802.1X Authentication” on page 99 for

information about authentication using 802.1X. See “Wi-Fi Protected Access

and its Encryption Methods” on page 98 for a description of some of the

strongest available association and encryption modes.

 The 802.1X methods are viable for wired 802.1X-based network connections.

Odyssey Access Client Features for a Secure Network

You can use the following Odyssey Access Client features to make wireless networks

secure:

 You can require user authentication. A user must be authenticated by the

network before being allowed access to the network and make it safe from

intruders. See “Extensible Authentication Protocol” on page 100 for an

overview of the Odyssey Access Client authentication protocols. For protocol

configuration details, see “Profile Properties” on page 42.

 You can require data encryption between the wireless client and the access

point. The wireless connection between a client and an access point must be

encrypted so that eavesdroppers cannot access private data. For configuration

details, see “Network Properties” on page 70.

 You can configure server trust for mutual authentication. The network must be

authenticated (trusted) by the user before the user enables their credentials to

be released to the network to make a network connection. This prevents a

wireless device that might be posing as a legitimate network from

impersonating the network and gaining access to the user’s PC. For

configuration details, see “Trusted Servers Panel” on page 84 and “Validate the

Server Certificate” on page 58.

 You can use mutual authentication between user and network must be

cryptographically protected. This type of mutual authentication requires

801.1X-based protocols and prevents connections to phony networks. For

configuration details, see “Authentication” on page 56.