User's Manual

ManualsBrandsElectronic Systems Technology ManualsComputers & AccessoriesWIRELESS MODEM

100

Table Of Contents

APPENDIXD

SECURITY

Revised: 27 Jun 16 APX D-1 ESTeem Horizon Series

OVERVIEW



ThesecurityfortheESTeemHorizon,likeallnetworksecurity,mustbemulti‐layered.Onelevelofsecurityisneverenoughto

makesurethatdatadoesnotendupinthewronghands. Pleasereviewthefollowingsecuritylevelsanddecidewhatis themost

appropriateforyournetwork.



AES‐CCMP(802.11iandWPA‐2)



AES‐CCMP(AdvancedEncryptionStandard‐CounterMo deCBC‐MACProtocol)istheencryptionalgorithmusedintheIEEE802.11i

andWPA‐2securityprotocols.Thisnationalencryptionstandardusesa128bit‐AESblockcipherandCCMPtechniquetoensure

thehi g hes tlevelofsecurityandintegrityav ai labl e onawirelessnetwork.AES‐CCM

Pincorporatestw o sophisticatedcryptographic

techniques(countermodeandCBC‐MAC)andadaptsthemtoEthernetframestoprovidearobustsecurityprotocolbetweenthe

mobilecl ie ntandtheaccesspoint . AESitselfisaverystrongcipher,butco un t e r modemakesitdifficul t foraneavesdroppertosp

ot

patterns,andtheCBC‐MACmessageintegritymethodensuresthatmessageshavenotbee n tamperedwith. TheESTeem Horizon

iscompatibleasei the ranAccessPointorclientineit her WPA2orIEEE802.11isecuritysystems.



Wi‐Fi ProtectedAccess2withPresharedKey(WPA2PSK)

WPA2 PSK uses a co

mmon passphrase (preshar e d key) between the Access Point (AP) and the client to begin a secure

communicationsession.ThispassphrasemustbeenteredexactlythesameinboththeAccessPointandtheclient.Thispassphrase

isusedto authenticatecommunicationsessionbetweentheAPandclienttobeginthese

curewireless networki n gsession.



Wi‐FiProtected Access2withEnterpriseServer(WPAEnterprise)

LikeWPA2PSK,WPA2EnterpriseverifiestheauthenticityoftheAccessPointandclient,butusesan802.1xbackendauthentication

serverhandlingtheauthenticationdecision.ThemostcommonlytypeofauthenticationserverisaRADIUSserver.Th

eESTeem

HorizoncanbeconfiguredtooperatewithanestablishedRADIUSserveronthenetwork.



WPA



Wi‐FiProtected AccesswithPresharedKey(WPAPSK)

WPA, which uses 802.1x, was introduced in 2003 to improve on the authentication and encryption features of WEP. All

authenticationishandledwithinthisaccesspo intdevice.WPAhastwosignificantadvantagesove rWEP:

1. An encryption key differing in every packet. The TKI

P (Temporal Key Integrity Protocol) mechanism shares a starting key

betweendevices.Eachdevicethenchangesthei r encryptionkeyforev e r y packet.Itisextremelydifficultforhackerstoread

messageseveniftheyhaveinterceptedthedat a.

2. CertificateAuthentication(CA)canbeused,blockingahackerposingasav

aliduser.



Wi‐FiProtected AccesswithEnterpriseServer(WPAEnterprise)

LikeWPAPSK,WPAEnterpriseverifiestheauthenticityoftheAccessPointandclient,butusesan802.1xbackendauthentication

serverhandlingtheauthenticationdecision.ThemostcommonlytypeofauthenticationserverisaRADIUSserver.TheEST

eem

HorizoncanbeconfiguredtooperatewithanestablishedRADIUSserveronthenetwork.



WPAisserver/clientrelationshipfromasoftwaredrive ronacomputer’swirelessLAN(WLAN)cardtoanAccessPoint.Thescope

ofWPAislimitedinusetothisconfigurationonly.TheESTeemHorizoncansupportWPAEnterpri

seandPSKasanAccessPoint,

butthelevelofsecurityontheBridginglayerisconfiguredseparately.

