Chapter 7 - Securing Wireless Devices; Wireless Local Area Networks (Wlan) And Access Points (Aps) Security; Secure Wireless Ap Configuration; Secure Dolphin 70E Black Wlan Configuration - Honeywell dolphin 70e black Network And Security Manual

7
Securing Wireless Devices

Wireless Local Area Networks (WLAN) and Access Points (APs) Security

All Dolphin 70e Black models are equipped with an 802.11a/b/g/n Wireless Local Area Network (WLAN) radio. The radio is
interoperable with other 802.11a/b/g/n, Wi-Fi compliant products, including access points (APs), workstations via PC card
adapters, and other wireless portable devices.
When the Dolphin 70e Black device connects through a wireless access point (AP) to an organization's server on a wired
network, specific security precautions are required to mitigate the significant security risk the WLAN wireless AP connection
represents for the servers and devices on the wired network.
Non-Dolphin 70e Black wireless devices (e.g., laptops and printers) should either be on a separate WLAN with different security
profiles or the wireless AP should, at a minimum, support multiple service set identifiers (SSIDs). Devices on one WLAN should
not be able to use the WLAN to connect to devices on another of the organization's WLANs. Isolation of different networks helps
protect the Dolphin 70e Black system and the organization's other networks and devices from unauthorized access.

Secure Wireless AP Configuration

Honeywell recommends the following when configuring a wireless AP:
• Configure a unique SSID. Do not use the default SSID.
• Disable SSID broadcast.
• Configure authentication for EAP authentication to the network. PEAP is preferred.
• Configure the RADIUS server address.
• Configure for WPA2 Enterprise.
• Change the WAP RADIUS password. Do not use the default password.
• Configure 802.1x authentication.
• Enable MAC filtering and enter the MAC addresses for all the wireless devices. This prevents any unauthorized
devices from connecting to the wireless network.
For detailed configuration information refer to the setup instructions from the wireless AP supplier.

Secure Dolphin 70e Black WLAN Configuration

Honeywell recommends the following when configuring the Dolphin 70e Black for WLANs:
• Configure the proper SSID.
• Configure 802.1x authentication.
• Configure Protected EAP authentication.
Note: TLS, EAP-PEAP-TLS and EPA-PEAP-MSCHAP are supported.
• Configure the 802.1x supplicant (client) to prompt for the password needed by EAP-PEAP/MSCHAP, EAP-TTLS/
MSCHAP.
• If EAP-TLS or EAP-PEAP-TLS are in use, a client certificate must be available on the Dolphin 70e Black device.
Bluetooth™ Wireless Technology Security
All Dolphin 70e Black models are equipped for short-range wireless communication using Bluetooth wireless technology.
Follow the security recommendations and precautions listed below:
• Set the Dolphin 70e Black stack to non-discoverable.
• Set the Dolphin 70e Black stack to stop arbitrary pairings.
• On the Dolphin 70e Black, disable unused Bluetooth profiles.
• Use a strong PIN or Password.
• If possible, pair devices ONLY when in a physically secure area.

Wireless Wide Area Network (WWAN) Security

Follow the security recommendations and precautions listed below for WWAN security.
• Use HTTPS with Web applications with a locked down browser that allows access to only specified URLs. Make sure that
the client is configured to validate the server certificate and uses sufficiently secure cipher suites.
• Use a secure Virtual Private Network (VPN) for remote access to the WWAN.
7 - 1