Manualshelf

User guide

ManualsBrandsAtrust ManualsComputer equipmentM320
111112113114115116117118119120
802.1X Authentication 99
Network Security Concepts
See the following topics:
“Specifying an Association Mode” on page 60 to use WPA2 or WPA association
mode with Odyssey Access Client
“Specifying an Association Mode” on page 60 to use AES or TKIP encryption
with WPA2 or WPA association
“Encryption Methods for an Association Mode” on page 61 to configure a
passphrase that is used in encryption key generation.
“FIPS Secure Encryption (FE Only)” on page 61 for information about this data
encryption security module.
FIPS 140-2 Encryption Using AES and WPA2 or XSec
Federal Information Processing Standards (FIPS) that are issued by the National
Institutes of Standards and Technology (NIST) include standards for cryptographic
security (FIPS 140-2). With the appropriate licensing and configuration, Odyssey
Access Client implements level 1 of this secure encryption standard using WPA2 or
xSec association mode and AES encryption. Odyssey Access Client provides
approved cryptographic algorithms and approved modes of operation for the
Cryptographic Module Specification and provides the strongest cryptographic key
management mechanisms.
For instructions about operating Odyssey Access Client in FIPS mode, see “FIPS
Mode On (FE Only)” on page 13.
802.1X Authentication
The IEEE 802.1X protocol provides authenticated access to a LAN. This standard
applies to wireless and wired networks. In a wireless network, the 802.1X
authentication occurs after the client has associated to an access point using an
802.11 association method.
The WEP protocol has various shortcomings when preconfigured keys are in use.
Preconfigured WEP keys not only contribute to administrative overhead and poses
security weaknesses. Although the encryption methods calculated from keys
generated from preshared passphrases are stronger than WEP encryption
calculated from static WEP keys, the use and distribution of passphrases can pose
administrative and security problems. The use of 802.1X protocols in wireless
networks addresses these problems.
NOTE: You can use a preshared passphrase to generate encryption keys for TKIP
or AES data encryption for securing peer-to-peer network connections. In this
case, all clients in the peer-to-peer network must share the same passphrase.