Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 - ADMINISTRATION Administration Manual page 107

It's important to note that the end user never sees the Novell signal strength thresholds; this
information is merely provided to show the difference between what the user may see through Zero
Config and what is actually occurring behind the scenes.
Because both signal strength and encryption type (see
determine the order in which access points are attempted, you must select the preferred method. For
example, if signal strength is the preference, then the strongest signal is given the preference when
connecting. If WEP 64 is the encryption requirement and encryption is the preference, then access
points with the highest encryption strength are given preference over all others.
Managed Access Points
ZENworks Endpoint Security Management provides a simple process to automatically distribute
and apply Wired Equivalent Privacy (WEP) keys without user intervention (bypassing and shutting
down the Microsoft Zero Configuration manager), and protects the integrity of the keys by not
passing them in the clear over an e-mail or a written memo. In fact, the end user never needs to know
the key to automatically connect to the access point. This helps prevent possible re-distribution of
the keys to unauthorized users.
Due to the inherent security vulnerabilities of Shared WEP Key Authentication, Novell supports
only Open WEP Key Authentication. With Shared Authentication the client/AP key validation
process sends both a clear text and encrypted version of a challenge phrase that is easily sniffed
wirelessly. This can give a hacker both the clear and encrypted versions of a phrase. Once they have
this information, cracking the key becomes trivial.
Managed Access Points Control
Figure 6-23
Enter the following information for each access point:
SSID: Identify the SSID number. The SSID number is case sensitive.
MAC Address: Identify the MAC Address (recommended, due to the commonality among
SSIDs. If not specified, it is assumed there are multiple access points beaconing the same SSID
number).
Key: Specify the WEP key for the access point (either 10 or 26 hexadecimal characters).
Key Type: Identify the encryption key index by selecting the appropriate level from the drop-
down list.
Beaconing: Check if the defined access point is currently broadcasting its SSID. Leave un-
checked if this is a non-beaconing access point.
The Endpoint Security Client attempts to first connect to each beaconing access point listed in the
policy. If no beaconing access is located, the Endpoint Security Client then attempts to connect to
any non-beaconing access points (identified by SSID) listed in the policy.
When one or more access points are defined in the Managed Access Points list, the Signal Strength
switching for the Wi-Fi adapter can be set (see
"Wi-Fi Security" on page
"Wi-Fi Signal Strength Settings" on page
Creating and Distributing Security Policies 107
108) are used to
105).