Spec Sheet
8
With support for the wireless security standards of today, and the ability
to easily upgrade to tomorrow’s standards, the WS5000 is the wireless
gatekeeper for your enterprise network.
9
802.1x/Extensible Authentication Protocol (EAP)
802.1X and Extensible Authentication Protocol (EAP) work hand-in-
hand, providing the infrastructure for robust authentication and
dynamic key rotation and distribution. EAP provides a means for
mutual authentication. Authorized users identify themselves to the
wireless network, and the wireless network identifies itself to the
user—ensuring that unauthorized users cannot access your
network, and authorized users do not inadvertently join a rogue
network. A wide variety of authentication types can be used—from
user name and password to voice signatures, public keys, biometrics,
with the ability to upgrade to support future authentication types. And
dynamic key rotation and distribution provides a new encryption key
per user per session, greatly increasing the strength of the chosen
encryption algorithm (WEP or TKIP) used to encode data. The WS5000
supports a variety of EAP methods, including Microsoft®—TLS, Funk
Software® —TTLS, and WPA—PEAP.
Kerberos
The industry-standard Kerberos v5 protocol meets all of the requirements
for scalable, effective security in a mobile environment. Kerberos
features mutual authentication and end-to-end encryption. All traffic
is encrypted and security keys are generated on a per-client basis,
keys are never shared or reused, and are automatically distributed in
a secure manner. The Kerberos ticket-based security mechanism
enables fast roaming, even with the highest levels of security.
Certificate Based Public Key Infrastructure (PKI)
PKI, used in conjunction with the AES-based VPN transport, uses
secure digital certificates to provide robust authentication capabilities
including verification of identity as well as integrity of data (ensuring
that tampering or corruption has not occurred), and authorization for
network access.
Encryption
Encryption ensures that data privacy is maintained while in
transmission. As a rule of thumb, the stronger the encryption, the
more complex and expensive it is to implement and manage. The
WS5000 supports a range of encryption options that provide basic
to strong encryption techniques, providing the flexibility to select
the right level for your data.
Wired Equivalent Privacy (WEP)
The 802.11 Wired Equivalent Privacy (WEP) provides static key
encryption—a single key is distributed to all users for encryption
and decryption of data. WEP generates either a 40- or 128-bit key
using the widely used RC-4 encryption algorithm. WEP allows full
interoperability with legacy clients and provides basic over-the-air
security in less-critical environments, such as an open public-
access application.
A range of
encryption
options,
from basic to
strong, provide
the flexibility
to select the
right level
for your data.
Features
Security Elements
Description Benefit
Network based packet filtering or ACLs that limit access based on
MAC and IP addresses, and more
Authenticates users based on application or network-based
packet filtering using TCP/UDP ports
Provides one-way or mutual authentication between the network
and associated mobile clients
Transforms or scrambles data into a form that is unreadable
without the key
Provides automatic distribution and maintenance of encryption
keys
Creates audit logs of who/when/how
Restricts authorized users and devices to specific
resources
Restricts authorized users and devices to specific
applications
Allows control of who and what attaches to your
network
Enables privacy of data to be maintained when sending
data across an insecure network
Reduces management overhead by automating key
distribution and increases security by constantly
changing base keys
Allows tracking of activity and network status
Network Access
Control
Application Access
Control
Device and User
Authentication
Transport Encryption
Encryption Key
Management
Accounting
Control Mechanism Best Used for Securing... Authentication Support Mobility Support Layer of Security
L2-4 Access Control Lists
Firewall
WEP 10/128
KeyGuard-MCM
WPA-PSK
WPA-802.1x
IEEE 802
.11i
Kerberos
WTLS VPN
No
No
No
No
No
Yes
Y
es
Yes
Y
es
Moderate
Moderate
Moderate
Excellent
Poor
Poor
Poor
Excellent
Excellent
Low
Low
Low
Medium
Medium
Medium
Medium
Medium
High
Device Access, Application
Device Access, Application
Transport
Transport
Transport
Transport, User
T
ransport, User
Transport, User
Device, T
ransport, User
Security Mechanisms