Manualshelf

User guide

ManualsBrandsAtrust ManualsComputer equipmentM320
21222324252627282930
Odyssey Access Client User Guide
14 Menu Options
See the OAC User Web Page for more information about the appropriate
adapter drivers for use with the OAC FIPS module.
There must be a user certificate installed on the client machine prior to
configuring OAC for FIPS–compliant connections. This operation should only be
performed by a network administrator. Note the following about the user
certificate for FIPS–compliant network connections:
For FIPS 140-2 compliance, the private key of a user's personal certificate
must be protected using encryption that has been approved by the National
Institute of Standards and Technology (NIST) for FIPS 140-2. Some
cryptographic providers conform to this requirement. For example, the
Microsoft Cryptographic provider used in the Microsoft Certificate Store
conforms to these standards for the following operating systems:
All versions of Windows XP
Versions of Windows 2000 that have applied the correct service pack
Some older versions of Windows do not meet the NIST standards for
private key protection. In this case, you can use OAC to perform the
FIPS-compliant encryption required to protect the private key on the
system. In this case, you must make sure that the private key of the user
certificate is marked as Exportable.
You enable FIPS Mode by selecting File > FIPS Mode On.
The profile that you create for your FIPS-compliant network must have the
certificate-based EAP-TLS as the sole authentication method configured. See
“Setting Up Authentication” on page 44 for profile configuration instructions.
You must create a network that uses WPA2 (or xSec) association and AES
encryption and associate the network with this profile. In addition, select FIPS
mode required when you create or edit the network if you require FIPS
encryption for all connections to this network. Otherwise, do not select this
item. See “FIPS Secure Encryption (FE Only)” on page 61.
You must configure trust for the network server. See “Managing Trusted Servers”
on page 79
.
To disable FIPS mode, select File > FIPS Mode Off
to turn off this feature. Do not
select this setting if you require FIPS mode connections.
Authentication Method for FIPS Mode
When operating in FIPS mode, OAC protects all wireless data connections with
FIPS-validated cryptology. Some authentication methods and features permit
non-validated cryptography methods and are disabled when FIPS mode is on.
The only outer authentication method supported for FIPS mode is EAP-TLS; no
inner authentication methods are supported. This means that when FIPS mode is
on, users cannot connect to an Intranet Controller. See “FIPS Mode Constraint” on
page 72.