Schweitzer Engineering Laboratories SEL-3022 Instruction Manual page 86

C.4 Wireless Operator Interface Security
Wireless Interface Security Overview
➤
➤
➤
➤
SEL-3022 Transceiver
Preliminary Copy
or stolen maintenance PC, this feature gives the system security
officer time to change the cryptographic security parameters on the
network.
Wireless Port Timeouts: The SEL-3022 will not allow another
wireless connection for a short period of time after any failed
authentication attempt. This significantly reduces the rate at which a
malicious individual can apply a brute force cryptographic key or
password guessing attack.
Network Reconnaissance Protection: The SEL-3022 will not reply
to any network traffic that fails authentication. Because of this lack of
response to unauthenticated network traffic, the SEL-3022 is not
susceptible to ping sweeps and other network mapping techniques.
Single Active Session: The SEL-3022 allows only a single active
session and rejects attempts to establish a second wireless connection.
This feature ensures that only one user can change settings at any
given time.
No Default Settings: The SEL-3022 will remain in an initialization
mode when any of the critical security parameters are set to the
default, zeroized values. During this initialization mode, the
SEL-3022 will disable the wireless port and force the user to enter the
initial encryption keys, authentication keys, and password values via
a direct serial connection. This functionality ensures that critical
security parameters are never transmitted over the 802.11b radio
channel protected by insecure, factory default keys.
Instruction Manual
Cryptographic Manual—Do Not Copy
Date Code 20050615