Basic Security Configurations - Avery Dennison MONARCH 9493 System Administrator Manual

B a s i c S e c u r i t y C o n f i g u r a t i o n s
There are two main decisions to be made when choosing wireless security: encryption method
and authentication protocol. The encryption method determines the algorithm used to encrypt
the message. The authentication type specifies how users are identified and verified on a
network. Is the device seeking connection what (and who) it claims to be?
Select an Encryption Method from the following table:
Type Algorithm
WEP RC4
WPA RC4
WPA2 AES
* Dynamic WEP cannot be selected directly, so select 128 for the encryption mode and select an
authentication mode from one of the following: LEAP, PEAP, EAP-FAST, TLS, or TTLS.
Type
Enterprise LEAP
PEAP*
TLS
TTLS
EAP-FAST
Personal PSK
*PEAP
This is only for server-side certificates.
Leaving the Certificate Root Key and the Certificate CN (common) names blank, no
*Optional
validation of the host certificate is performed. The values are set to "null" and all host
certificates are accepted.
*Required The Print Server comes with a default Private Key Information File. You can
either download that file from the print server and add it to the TLS
authentication server, or overwrite a new one on the print server.
*PAC EAP-FAST does not use certificates to authenticate, but a PAC (Protected
Access Credential), which is managed dynamically by the server. The PAC is
distributed one at a time to the client manually or automatically.
EAP-FAST has an optional feature called "auto-provisioning", which allows a
client to receive the original PAC file wirelessly from the authentication server.
However, this method is less secure and is not supported by Monarch portable
printers.
4-16 System Administrator's Guide
Encryption Method
Size (bits) Description
64/128 This is the 64 or 128 bit WEP Key that must match other nodes'
encryption keys in order to communicate. The user can only
define 10 hex characters (40 bits) for 64 bit WEP or 26
characters (104 bits) for 128 bit WEP.
64/128 Improves on WEP by using TKIP* (Temporal Key Integrity
Protocol), which dynamically changes the encryption key and
MIC (Message Integrity Code), which replaces CRC.
128 Improves on WPA by replacing RC4 with AES (Advanced
Encryption Standard) for encryption. The user can only define
26 characters (104 bits) for 128 bit
WPA2.
Authentication Protocol
RADIUS Server User ID &
Protocol Password
PAP or
Required
MSCHAPv2
N/A
Certificate
No N/A
N/A
Optional*
Required*
N/A
PAC* N/A
Private Key Info File