General Considerations; Necessity; Ipsec - SMC Networks ELITECONNECT SMC2502W User Manual

Wlan security system

Hide thumbs Also See for ELITECONNECT SMC2502W:

Installation manual (104 pages)

Datasheet (2 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

page of 242

/ 242
Contents
Table of Contents
Bookmarks

Table of Contents

3.1.3

IPSec

IPSec is an industry-standard method for encrypting networking communications

that was designed specifically to work with IP networking. IPSec clients are

available from a variety of vendors. Clients known to interoperate with the WLAN

Secure Server IPSec implementation include ones from SafeNet, Netscreen, PGP,

and Certicom/Movian.

The IPSec standard does not include a specification for user-level authentication.

It does provide for machine-to-machine authentication using either certificate-

based or shared secret-based authentication. The WLAN Security System only

supports shared secret IPSec authentication.

IPSec operates in two phases and uses encryption and a secure hash function for

each phase. The first phase, Internet Key Exchange (IKE) sets up a session key used

in the second phase to do the actual encryption. The second phase, Encapsulating

Security Payload (ESP), does the actual data encryption. Both the IKE and ESP

phases can use Data Encryption Standard (DES), Triple DES, Blowfish, or CAST

encryption.

The secure hash used for data integrity in both the IKE and ESP phases can be

either Secure Hash Algorithm 1 (SHA-1) or Message Digest 5 (MD5).

IPSec uses the Diffie-Hellman Public-Key-Interchange (PKI) to generate the per-

session encryption key during the IKE phase. Supported versions of the Diffie-

Hellman key exchange include Group 1, 2, and 5.

In general, the client and the SMC system negotiate the type of hash, encryption,

and key-exchange algorithms. Configuration of IPSec on the WLAN Security

System consists primarily of noting which algorithm the SMC system is prepared

to negotiate. It is up to the client system to propose algorithms, and the SMC server

either agrees or not.

3.1.4