User's Manual Part 3
Table Of Contents
Chapter 5 — Network Support
130 PRELIMINARY - CN3 Mobile Computer User’s Manual
Choosing Between Microsoft and Funk Security
Before you can implement a security solution on the CN3 Computer, you
need to choose between Microsoft and Funk security:
• By default, Funk security is enabled. It provides everything you get with
Microsoft security plus the addition of Cisco Compatible Extensions fea-
tures. It also provides additional authentication types like EAP-TTLS,
LEAP, and EAP-FAST. If you want to use Funk security, you can start-
ing configuring your security now. Information starts on the next page.
• If you want to use Microsoft security, you need to select Microsoft secu-
rity as your security choice before you can do configurations. Go to
“Configuring Microsoft Security” on page 148 to begin.
Authentication
EAP (Extensible Authentication
Protocol)
802.11b/g uses this protocol to perform authentication. This is not necessarily an
authentication mechanism, but is a common framework for transporting actual
authentication protocols. Intermec provides a number of EAP protocols for you
to choose the best for your network.
EAP-FAST (Flexible Authentica-
tion via Secure Tunneling)
A publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is
available as an IETF informational draft. An 802.1X EAP type that does not
require digital certificates, supports a variety of user and password database types,
supports password expiration and change, and is flexible, easy to deploy, and easy
to manage.
LEAP (Lightweight Extensible
Authentication Protocol)
Also known as Cisco-Wireless EAP, provides username/password based authenti-
cation between a wireless client and a RADIUS server. In the 802.1x framework,
traffic cannot pass through a wireless network access point until it successfully
authenticates itself.
EAP-PEAP (Protected Extensible
Authentication Protocol)
Performs secure authentication against Windows domains and directory services.
It is comparable to EAP-TTLS both in its method of operation and its security,
though not as flexible. This does not support the range of inside-the-tunnel
authentication methods supported by EAP-TTLS. Microsoft and Cisco both
support this protocol.
EAP-TLS (Transport Layer Secu-
rity)
Based on the TLS (Transport Layer Security) protocol widely used to secure web
sites. This requires both the user and authentication server have certificates for
mutual authentication. While cryptically strong, this requires corporations that
deploy this to maintain a certificate infrastructure for all their users.
EAP-TTLS (Tunneled Transport
Layer Security)
This protocol provides authentication like EAP-TLS (see page 141) but does
not require certificates for every user. Instead, authentication servers are issued
certificates. User authentication is done using a password or other credentials that
are transported in a securely encrypted “tunnel” established using server certifi-
cates.
EAP-TTLS works by creating a secure, encrypted tunnel through which you
present your credentials to the authentication server. Thus, inside EAP-TTLS
there is another inner authentication protocol that you must configure via Addi-
tional TTLS Settings.
Note: Your security choice does not depend on your authentication server.
For example, you can choose Funk security if you use Microsoft Active
Directory® to issue certificates.