User's Manual

Table Of Contents

SEL-3022 Transceiver Instruction Manual Date Code 20050615

Wireless Operator Interface Security

Wireless Interface Security Overview

C.4

Cryptographic Manual—Do Not Copy

or stolen maintenance PC, this feature gives the system security

officer time to change the cryptographic security parameters on the

network.

➤ Wireless Port Timeouts: The SEL-3022 will not allow another

wireless connection for a short period of time after any failed

authentication attempt. This significantly reduces the rate at which a

malicious individual can apply a brute force cryptographic key or

password guessing attack.

➤ Network Reconnaissance Protection: The SEL-3022 will not reply

to any network traffic that fails authentication. Because of this lack of

response to unauthenticated network traffic, the SEL-3022 is not

susceptible to ping sweeps and other network mapping techniques.

➤ Single Active Session: The SEL-3022 allows only a single active

session and rejects attempts to establish a second wireless connection.

This feature ensures that only one user can change settings at any

given time.

➤ No Default Settings: The SEL-3022 will remain in an initialization

mode when any of the critical security parameters are set to the

default, zeroized values. During this initialization mode, the

SEL-3022 will disable the wireless port and force the user to enter the

initial encryption keys, authentication keys, and password values via

a direct serial connection. This functionality ensures that critical

security parameters are never transmitted over the 802.11b radio

channel protected by insecure, factory default keys.

Preliminary Copy