User's Manual Part 3

ManualsBrandsIntermec Technologies ManualsElectronicsCN3

Table Of Contents

Chapter 5 — Network Support

CN3 Mobile Computer User’s Manual - PRELIMINARY 129

Each wireless network is assigned a name (or Service Set Identifier - SSID)

to allow multiple networks to exist in the same area without infringement.

Intermec recommends using security measures with wireless networks to

prevent unauthorized access to your network and to ensure your privacy of

transmitted data. Authentication (cryptographically protected) by both the

network and the user, transmitted data, and encryption are required ele-

ments for secure networks. There are schemes available for implementing

these features.

Encryption

AES (Advanced Encryption Stan-

dard)

A block cipher, a type of symmetric key cipher that uses groups of bits of a fixed

length - called blocks. A symmetric key cipher is a cipher using the same key for

both encryption and decryption.

As implemented for wireless, this is also known as CCMP, which implements

AES as TKIP and WEP are implementations of RC4.

CKIP (Cisco Key Integrity Proto-

col)

This is Cisco's version of the TKIP protocol, compatible with Cisco Aironet

products.

TKIP (Temporal Key Integrity

Protocol)

This protocol is part of the IEEE 802.11i encryption standard for wireless

LANs., which provides per-packet key mixing, a message integrity check and a

re-keying mechanism, thus overcoming most of the weak points of WEP. This

encryption is more difficult to crack than the standard WEP. Weak points of

WEP include: No Initiation Vector (IV) reuse protection, weak keys, no protec-

tion against message replay, no detection of message tampering, and no key

updates.

WEP (Wired Equivalent Privacy)

encryption

With preconfigured WEP, both the client CN3 Computer and access point are

assigned the same key, which can encrypt all data between the two devices. WEP

keys also authenticate the CN3 Computer to the access point - unless the CN3

Computer can prove it knows the WEP key, it is not allowed onto the network.

WEP keys are only needed if they are expected by your clients. There are two

types available: 64-bit (5-character strings, 12345) (default) and 128-bit (13-

character strings, 1234567890123). Enter these as either ASCII (12345) or Hex

(0x3132333435).

Key Management Protocols

WPA (Wi-Fi Protected Access) This is an enhanced version of WEP that does not rely on a static, shared key. It

encompasses a number of security enhancements over WEP, including improved

data encryption via TKIP and 802.11b/g authentication with EAP. WiFi Alli-

ance security standard is designed to work with existing 802.11 products and to

offer forward compatibility with 802.11i.

WPA2 (Wi-Fi Protected Access) Second generation of WPA security. Like WPA, WPA2 provides enterprise and

home Wi-Fi users with a high level of assurance that their data remains protected

and that only authorized users can access their wireless networks. WPA2 is based

on the final IEEE 802.11i amendment to the 802.11 standard ratified in June

2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption

and is eligible for FIPS (Federal Information Processing Standards) 140-2 com-

pliance.