Compaq 470012-741 - Armada 110 - Celeron 700 MHz Manual
Wireless security
Hide thumbs
Also See for 470012-741 - Armada 110 - Celeron 700 MHz:
- Frequently asked questions manual (8 pages) ,
- Maintenance and service manual (153 pages) ,
- Hardware manual (76 pages)
Table of Contents
Advertisement
Quick Links
White Paper
December 2001
Prepared by:
Access Business Group
Compaq Computer Corporation
Contents
Introduction................................. 3
Security in General ..................... 3
Security ..................................... 4
Security and the Pipe ................. 4
Device Security ......................... 5
Connectivity Technologies ........ 9
Access Points.......................... 24
Corporate Firewalls ................. 27
Conclusion ................................ 29
Bibliography.............................. 30
Wireless Security
Abstract: People and corporations are using wireless technologies
at astonishing rates to take advantage of the benefits of wireless-
enabled productivity to gain and maintain a competitive edge.
Market researcher Cahners In-Stat estimates that 6.2 million wireless
devices will be shipped worldwide this year (2001), and double that
in two years.
This paper looks at the pieces of the "pipe" of access from the device
to the corporate firewall in an attempt to bring an awareness to both
the user and the corporate IT manager as to where the security
vulnerabilities lie and what can be done to improve security. Many
of the vulnerabilities can be alleviated easily by implementing
policies for users and adding security layers to the pipe. To put the
subject of wireless security into context, the paper is organized as
follows: First, securing wireless systems in general is discussed, then
securing each point along the access pipe is discussed.
Advertisement
Table of Contents
Related Manuals for Compaq 470012-741 - Armada 110 - Celeron 700 MHz
Summary of Contents for Compaq 470012-741 - Armada 110 - Celeron 700 MHz
-
Page 1: Table Of Contents
December 2001 Wireless Security Prepared by: Access Business Group Compaq Computer Corporation Abstract: People and corporations are using wireless technologies at astonishing rates to take advantage of the benefits of wireless- Contents enabled productivity to gain and maintain a competitive edge. - Page 2 PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION), EVEN IF COMPAQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The limited warranties for Compaq products are exclusively set forth in the documentation accompanying such products. Nothing herein should be construed as constituting a further or additional warranty.
-
Page 3: Introduction
A significant part of wireless network security overlaps with security designed for wired networks. This is particularly so where firewalls, virtual private networks, and corporate servers are concerned. Please see the Compaq Technical Guide titled “Safe Computing and E-Business: Protecting the Enterprise to Assure E-Business Success”... -
Page 4: Essential Elements Of Security
Wireless Security White Paper Essential Elements of Security The essential elements of security as it applies to wireless networks are: • Privacy — assuring that only people who have permission to do so can view information and transactions. Privacy is preserved through a process that authorizes identified persons to see protected information and engage in transactions. -
Page 5: Device Security
Wireless Security White Paper – (This aspect of security is not covered in this paper, since securing data from unauthorized access behind the firewall is not a wireless security concern, but a wired one.) Figure 1 illustrates the pipe. Figure 1: The Network Pipe The vertical yellow lines in Figure 1 represent the pivotal points of data transfer. - Page 6 Companies treat the devices as critical resources by defining usage and security policies and by instituting measures to protect the hardware and the data that the devices hold. For information on Compaq notebook computers, see http://www.compaq.com/showroom/notebooks.html.
- Page 7 Wireless Security White Paper Available Device-specific Security Measures Many security measures are available for mobile access devices. Some of these are outlined in the subsections below. For various reasons they are often not fully implemented. Passwords Mobile devices, especially handhelds, have small user interfaces and keypads, leading many users to choose simpler passwords.
- Page 8 The information is then extracted and compared to information on the computer. If the comparison is a sufficient match, the user is allowed to log in. Where mobile devices are concerned, Compaq FIT is currently available only for Compaq Armada and Evo notebook computers. For more information on Compaq FIT, http://www.compaq.com/products/notebooks/security.html...
-
Page 9: Connectivity Technologies
Automatic encryption at power-off • Key recovery ensures that corporate data is not lost if the pass-phrase is forgotten Compaq iPAQ Pocket PC’s ship with F-Secure today. For more information on F-Secure products see http://www.fsecure.com. SecurID SecurID is a two-factor authentication technique that combines a user's PIN with the operations of an external authenticator device to produce a secure user login. - Page 10 Wireless Security White Paper • Individual users can connect between various personal devices wherever they are, such as from a cell phone to a handheld to a desktop computer without cables to synchronize data or gain access to a wireless connection. Wireless personal area networks (WPANs) facilitate such connections between devices.
- Page 11 Wireless Security White Paper Wireless Personal-area Networks Wireless personal-area networks (WPANs) can use Bluetooth, a radio frequency (RF) specification for point-to-multipoint voice and data transfer. They can also use infrared technology. A WPAN permits personal devices such as handheld PCs to connect wirelessly to peripheral devices such as printers or other personal devices.
- Page 12 Wireless Security White Paper Compaq provides turnkey solutions: clients with enabling technologies, airtime provided by carriers, area network coverage, and optimized features. Compaq WWANs using CDPD and GSM technologies are available now. WWAN via CDPD, for example, provides packet-switched connections to the Internet, Internet e-mail, enterprise intranet and corporate e-mail. Compaq offers an optimized MS Exchange e-mail solution with InfoWave.
- Page 13 Wireless Security White Paper The discussion that follows concentrates on the segment of the network pipe in which information must travel over public highways and suffer the potential for exposure. Transmission via one of several connectivity technologies from the access device to the carrier (or WWAN access point) is dependent to a certain degree on the type of network used in WWAN connectivity.
- Page 14 Wireless Security White Paper Core elements of a PKI are: • Asymmetric keys • Digital certificates • Digital signatures The following paragraphs describe and illustrate these elements. A "key" is a numeric value of variable length that an encryption algorithm uses to convert unencrypted text into encrypted text.
- Page 15 Wireless Security White Paper Digital Certificates Digital certificates are electronic files that can be used as unique identifiers for people and resources over networks. A digital certificate binds a user’s identity to a public key, thus establishing trust. Digital certificates can also be used to help secure confidential communication between two parties.
- Page 16 Wireless Security White Paper Digital Signatures Digital signatures are intended to be the legal equivalent of handwritten signatures. The signer generates a “hash value” or “digital fingerprint” of the document or message to be signed. hash value is unique to the document or message. The hash value is then converted into a digital signature by the user’s private key.
- Page 17 Wireless Security White Paper Virtual Private Networks Virtual Private Networks (VPNs), also known as "tunnels" and commonly used over the Internet for wired networks, can keep a wireless network hidden from prying eyes. Security experts recommend that companies use an additional authentication system such as a VPN before allowing data to cross from a wireless network to an intranet or other corporate system.
- Page 18 Wireless Security White Paper Several VPN protocols are available. They include the Point-to-Point Tunneling Protocol (PPTP) from Microsoft, the Layer Two Tunneling Protocol (L2TP), the Layer Two Forwarding protocol (L2F) from Cisco Systems, and the Internet Protocol Security protocol (IPSec). The PPTP protocol lets corporations extend their corporate network through private "tunnels"...
- Page 19 Wireless Security White Paper The following VPN products, however, are available from third parties for the Compaq iPAQ Pocket PC: movianVPN by Certicom: • Based on IPSec • Uses Certicom ECC for IKE • Connects to back-end VPN products from: Alcatel, Check Point, Cisco, Intel, Nortel,...
- Page 20 Wireless Security White Paper Code Division Multiple Access (CDMA) and Time Division Multiple Access (TDMA) use the Cellular Message Encryption Algorithm (CMEA) specified by the Telecommunications Industry Association (TIA). The encryption techniques used by WWANs have proven to be effective but not infallible. Both GSM and CMEA algorithms have reportedly been cracked.
- Page 21 Wireless Security White Paper Figure 10 illustrates the wireless access protocol. The “WAP GAP” Mobile Device Web Server WTLS GATEWAY ƒ Security protocol must be translated from WAP “WTLS” to standard Internet “TLS” ƒ Data is unencrypted for a brief period of time Figure 10: Wireless Access Protocol (WAP) WAP does not provide end-to-end encryption between the wireless client and the application server.
- Page 22 Wireless Security White Paper Infowave Infowave provides an encrypted end-to-end security model from the mobile user through the wireless data network and Internet to the corporate server. Infowave is a gateway solution that controls all traffic to and from wireless users. Infowave requires that a single configurable port be opened in the firewall and set up as follows: •...
- Page 23 Wireless Security White Paper Authentication Infowave uses NTLM challenge/response authentication. Infowave sends no user information over the link other than the encrypted NTLM token. Authorization Once it has authenticated the user, the Infowave server determines what resources the user is authorized and licensed to access.
-
Page 24: Access Points
802.11i Security Subgroup is working to specify stronger encryption algorithms for future use in 802.11 networks. Compaq is an active participant in this effort. In the current draft specification, a strengthened version of the RC-4/per-frame IV encryption algorithm, and a 128-bit AES encryption algorithm are proposed. - Page 25 Wireless Security White Paper The fundamental approach used by 802.1x is to authenticate users at the edge of the private network. It would be conceivable to perform this processing at other points within the core of the network, for example using MAC addresses. However, it would be difficult to protect all authenticated end stations from unauthenticated stations, since intruders could bypass authentication at least on their own segments.
- Page 26 Wireless Security White Paper • For security reasons, the authentication information must be cryptologically secure. This implies that the Authenticator cannot decrypt the credentials. • The model must be extensible to new authentication mechanisms as they are invented and implemented. In order to ensure that the Authenticator can always identify and interpret new authentication mechanisms, any authentication types must be encapsulated using the Extensible Authentication Protocol (EAP) as specified in RFC 2284.
-
Page 27: Corporate Firewalls
Wireless Security White Paper This does not mean that there is no longer a need for WEP in an 802.11b LAN. As mentioned above, 802.1x only provides authentication. It does not encrypt the over-the-air transmission. It is therefore still possible for hackers to eavesdrop on conversations and intercept sensitive information. -
Page 28: Application And Data Servers
Wireless Security White Paper Figure 12 (next page) illustrates a corporate network with firewalls. Figure 12: Corporate Network with Firewalls "On its own, a firewall is a particularly dangerous single point of failure for network protection. Intrusion Detection Systems (IDS) provides an effective secondary protection measure to prevent security policy failure. -
Page 29: Conclusion
See “Safe Computing and E-Business: Protecting the Enterprise to Assure E-Business Success” ) the http://activeanswers.compaq.com/ActiveAnswers/Render/1,1027,1317-6-100-225-1,00.html Compaq technical guide cited at other places in this paper, for detail on security measures recommended for corporate servers. Conclusion Pre-wireless technologies such as networked desktop computers, extranets, firewalls, and virtual private networks (VPNs) all have certain vulnerabilities to intrusion and attack. -
Page 30: Bibliography
PowerPoint Presentation, January 25, 2001). Grupposo, Diana, "Business Value of Security Solutions" (Compaq White Paper, November 2000). Hayes, Quentin, "Elements of Security for Clients and Servers: A Technology Paper," (Compaq White Paper, December 18, 2000). Hunt, Steve, "Wireless Security Risks are Manageable" (IntraGiga, February 26, 2001).