Keyguard-mcm support, Wireless protected access (wpa) – Symbol Technologies WS 2000 User Manual

Page 17

Advertising
background image

KeyGuard-MCM Support

When a Kerberos-enabled mobile unit (MU) authenticates with WS 2000 Wireless through
an Access Port, the switch initially performs Kerberos authentication, even though the
Kerberos server exists as a separate entity on the wired LAN. On initial request from a
Kerberos-enabled MU, the WS 2000 Wireless Switch acts as a proxy to the external KDC.
The switch passes initial Kerberos authentication information to the external KDC until the
MU authenticates in the manner described in this section. Once authenticated, the user
maintains access to the wired network for the allotted time provided by the session ticket
(TK-TS).

Once an administrator enables Kerberos on a device, the device must pass authentication
before wireless access via the device is permitted to the wired LAN.

KeyGuard-MCM Support

KeyGuard-MCM (Mobile Computing Mode) is Symbol Technologies’ security
enhancement algorithm based on the Temporal Key Integrity Protocol (TKIP) from the
forthcoming IEEE 802.11i standard. KeyGuard-MCM provides an enhanced solution for
protecting data transfer over a Wireless LAN (WLAN) by using a proprietary algorithm to
encrypt, decrypt, and transmit network packets.

KeyGuard-MCM leverages existing WEP encryption hardware by providing per-packet key
mixing, a message integrity check, and a re-keying mechanism, which changes the security
key set by the administrator when KeyGuard-MCM recognizes a potential compromise of
network security.

KeyGuard-MCM works with all Symbol Technologies’ mobile units that support 128-bit
WEP. KeyGuard-MCM is fully compatible with other network security protocols, including
RADIUS and Kerberos.

The WS 2000 Wireless Switch fully supports KeyGuard-MCM.

Wireless Protected Access (WPA)

WEP uses a key, or string of case-sensitive characters, to encrypt and decrypt data packets
transmitted between a mobile unit (MU) and the WS 2000 Wireless Switch. The
administrator configures mobile units (MUs) and the WS 2000 Wireless Switch to use the
same key.

WPA specifies the use of the TKIP, and optionally, 802.1x for encryption.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

17

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

Advertising
Popular Brands
Popular manuals