manualshive.com logo in svg

Compaq Evo Desktop Series, Manual

The Compaq Evo Desktop Series offers exceptional performance and reliability for business and personal use. Download the free user manual from our website to unlock the full potential of your Evo Desktop. Discover the seamless integration of cutting-edge technology and user-friendly interface, providing an unparalleled computing experience.

Share
Download
background image

Wireless Security White Paper 

24 

 

Infowave further notes that the engineering effort required to perform the above attack is 
prohibitive. It is not sufficient to just capture data and analyze it. The attacker would need to 
build working versions of both the IStack transport layer (Infowave proprietary) and the WBE 
authentication and session protocols (also Infowave proprietary) in order to carry out this attack. 
One of these servers would be required for each client impersonated, since the WBE server only 
supports one connection for each IP address. This attack would also require re-configuring the 
client to communicate with the attacking server, or alternatively impersonating this IP address on 
the Internet. 

Access Points 

The third key juncture in the pipe, after mobile access devices and wireless connectivity 
technologies, consists of access points.  

The term “access point” is used to describe the point in the pipe where the data leaves the 
connectivity medium (WLAN and WWAN) and reaches the point at which data travels to the 
wired lines or Internet. In the case of WLANs, for example, the Access Point is a piece of 
hardware, a hub, which transfers data to the local area network via an Ethernet connection in an 
office building. In the case of WWANs, the Access Point is the telecommunications company 
which routes the data to the phone line which enters the corporate data network and/or the 
Internet. 

WLAN Access Points 

Certain weaknesses of Wired Equivalent Privacy (WEP)

6

 will be remedied in IEEE extensions to 

the WEP specification that include 802.11i and 802.1x. 802.1x can be included in any access 
point and will permit authentication to any authentication database (EAP RADIUS server). The 
802.11i Security Subgroup is working to specify stronger encryption algorithms for future use in 
802.11 networks. Compaq is an active participant in this effort. In the current draft specification, 
a strengthened version of the RC-4/per-frame IV encryption algorithm, and a 128-bit AES 
encryption algorithm are proposed. Per-user authentication eliminates the WEP key-distribution 
problem (mentioned further below). The 801.11i standard ratified in 2001 will be the future 
encryption standard. A fully secure solution will involve the use of 802.11i with its AES-based 
encryption algorithm along with 802.1x as the key distribution and network access mechanism. 

802.1x is not limited to wireless networks. It can be used to authenticate user access to any closed 
network. For example, a company may have a private network, which should be accessible only 
to employees, with more public segments that can also be made available to customers. Without 
802.1x it would be necessary to isolate these two networks, which could lead to significant 
duplication of effort and equipment. 

                                                            

6

 Wired Equivalent Privacy (WEP) is an optional IEEE 802.11b feature used to provide data security equivalent to that of a wired 

LAN without privacy-enhancing encryption techniques. According to the 802.11b standard, WEP data encryption is used to prevent 
access to the network by intruders using similar WLAN equipment and to prevent capture of WLAN traffic through eavesdropping. 

Summary of Contents for Evo Desktop Series

Page 1: ... edge Market researcher Cahners In Stat estimates that 6 2 million wireless devices will be shipped worldwide this year 2001 and double that in two years This paper looks at the pieces of the pipe of access from the device to the corporate firewall in an attempt to bring an awareness to both the user and the corporate IT manager as to where the security vulnerabilities lie and what can be done to ...

Page 2: ...ional warranty This publication does not constitute an endorsement of the product or products that were tested The configuration or configurations tested or described may or may not be the only available solution This test is not a determination of product quality or correctness nor does it ensure compliance with any federal state or local requirements Compaq the Compaq logo Deskpro and Evo are tr...

Page 3: ...e corporate firewall in an attempt to bring an awareness to both the user and the corporate IT manager as to where the security vulnerabilities lie and what can be done to improve security Many of the vulnerabilities can be alleviated easily by implementing policies for users and adding security layers to the pipe To put the subject of wireless security into context the paper is organized as follo...

Page 4: ...se while making sure it cannot be abused or used to hide criminal activity These essential elements should be the result of any combination of security implementations from the device across the pipe to the corporate firewall and servers The next section describes aspects of securing the pipe the security issues that may arise with wireless networks at critical junctures along the pipe and measure...

Page 5: ...red in planning security models Each element of the pipe along with the security problems and solutions associated with it is discussed in the next five subsections Device Security Despite the growing popularity of handheld PCs PDAs and cellular telephones the truly ubiquitous mobile computing device in the United States is still the notebook computer in Europe it is the mobile telephone Notebook ...

Page 6: ...bile devices employing a cellular service are used more frequently in public places hotel lobbies airplanes and the like than desktop devices which makes it harder to prevent strangers from peering over the shoulders of mobile device users If permitted to observe the user s computing activity for any period of time the curious stranger may be able to read and record or remember sensitive informati...

Page 7: ... passwords private keys digital certificates and cryptographic algorithms can be stored Simply keeping the smart card separate from the device in a wallet for example adds a level of security to the device in the event of theft Moreover a person attacking a smart card must not only possess the card but also have sophisticated tools and expertise There are two main types of smart cards contact and ...

Page 8: ...not the actual fingerprint is then encrypted and stored within the network The user places a registered finger on the reader attached to his or her PC in order to log on to the network The information is then extracted and compared to information on the computer If the comparison is a sufficient match the user is allowed to log in Where mobile devices are concerned Compaq FIT is currently availabl...

Page 9: ...3 Device Specific Firewalls Industry best practices dictate the use of a device mounted firewall when connecting to the Internet especially through a wireless VPN connection Software based firewalls are available from third party providers One such product is Black Ice available from Network ICE Corporation Notwithstanding the protection offered such firewalls are often not incorporated into the a...

Page 10: ...and wireless wide area networks WWANs facilitate this usage A brief description of these connectivity technologies follows and detailed papers that exist on each technology are referenced below The following three subsections comment briefly on the three types of wireless networks and provide an illustration of each type Wireless Local area Networks A wireless local area network WLAN is a type of ...

Page 11: ...ireless Wide area Networks Historically wireless wide area networks WWANs have been used to support voice transmission for mobile telephones WWANs use one of three digital wireless telephone technologies GSM CDMA and TDMA The Global System for Mobile communication GSM developed in Europe is the most widely used of the three digital wireless telephone technologies Code Division Multiple Access CDMA...

Page 12: ...ed with InfoWave Figure 4 illustrates a WWAN Figure 4 Wireless Wide area Network Whether it is a WLAN a WPAN or a WWAN a wireless network uses radio waves to transmit information Radio waves travel over an unshielded medium which is air Because all wireless networks operate on the same frequency and with the same equipment and because it is difficult to control how far radio waves travel hackers c...

Page 13: ...ravels by making it unreadable and thus unusable to casual or not so casual observers It is necessary at this juncture however to be clear that technologies used to secure one piece of the pipe may need to be deployed across multiple points in the pipe For example it may be necessary to load software on the device and on the server as well to better secure the connectivity channel Eavesdropping To...

Page 14: ...vate key The public key is distributed widely The private key is always kept secret Data encrypted with the public key can be decrypted only with the private key Conversely data encrypted with the private key can be decrypted only with the public key Most asymmetric encryption uses the RSA algorithm developed in 1977 by Rivest Shamir and Adleman or derivatives of that algorithm Figure 6 illustrate...

Page 15: ... can be used to encrypt sensitive information for the certificate holder The name of the Certification Authority CA that issued the certificate A serial number The validity period or lifetime of the certificate a start and end date When the issuing CA creates the certificate it digitally signs the information on the certificate The CA s signature on the certificate is like a tamper detection seal ...

Page 16: ...igital signature is through a Certification Authority CA A CA is usually a trusted third party able to verify that the private key used to generate the digital signature belongs to the signer and that the public key is indeed associated with the digitally signed document or message Figure 8 illustrates digital signatures In Figure 8 the original data is hashed using a one way algorithm The hash is...

Page 17: ...VPN must verify the user s identity and restrict VPN access to authorized users The VPN must also provide audit and accounting records to show who accessed what information and when Address Management The VPN must assign a client s address on the private network and assure that addresses are kept private Data Encryption The VPN must encrypt information transmitted on the public network Key Managem...

Page 18: ...performance of the computer it runs on because of the high CPU overhead associated with the encryption and decryption algorithms The greater speeds of new generations of processors will reduce the toll that IPSec takes on machine performance IPSec is especially well suited for implementing VPNs and for remote user access through dial up connection to private networks IPSec supports two encryption ...

Page 19: ...he subscriber identification key When the user makes a connection with a mobile base station a session key is negotiated and all transmissions both voice and data are encrypted GSM documents specify the rough functional characteristics of its protocols including the secure encryption of transmitted digital messages However apart from the protocols details of the algorithms are kept secret Most sec...

Page 20: ...S is based on Transport Layer Security TLS a security layer used on the Internet and equivalent to Secure Socket Layer SSL WTLS was developed to solve problems specific to mobile network devices including their limited processing power memory capacity and bandwidth WTLS is designed to provide adequate authentication data integrity and privacy protection WTLS offers three classes of authentication ...

Page 21: ...ristic is often called the WAP gap The newest ratified version of WAP is 2 0 June 2001 WAP 2 0 is radically different from previous versions and represents a strong flow of convergence with the IETF and W3C The WAP gateway is optional and WAP has now adopted the Internet standards TCP HTTP and TLS with wireless specific profiles Similarly WML is effectively a profile of XHTML Much work has been do...

Page 22: ...s Authentication proves the identity of the user Authorization determines what the user is allowed to do Encryption assures the privacy of transmissions Data Integrity assures that the information has not been altered Non Repudiation prohibits the user from denying the transmission after the fact Figure 11 illustrates the Infowave security flow Figure 11 Infowave Security Flow More detail on each ...

Page 23: ...s a DESX symmetric key pair on each client every time the client logs on This key pair is used to encrypt session traffic Data Integrity Infowave compresses encrypts and delivers data using its wireless protocol The Infowave server analyzes the data to determine the best compression algorithm The combination of encryption and compression ensures that data cannot be altered during transmission If d...

Page 24: ...WEP 6 will be remedied in IEEE extensions to the WEP specification that include 802 11i and 802 1x 802 1x can be included in any access point and will permit authentication to any authentication database EAP RADIUS server The 802 11i Security Subgroup is working to specify stronger encryption algorithms for future use in 802 11 networks Compaq is an active participant in this effort In the current...

Page 25: ... scenario sounds simple in principle Where it becomes slightly more complicated is in the actual authentication Conceptually it would be feasible to let the bridge perform the authentication using a cache of authentication information However that would be unnecessary overhead for the bridge and would mean that authentication information would need to be replicated to all bridges which is neither ...

Page 26: ...to wired LANs this is not feasible in a wireless environment It is much more difficult to monitor and enforce the air space around office buildings than the ports and wiring within them This vulnerability is currently addressed using Wired Equivalent Privacy WEP which is available on 802 11b Access Points If WEP is in use then all stations must configure a symmetric passphrase in order to connect ...

Page 27: ...s The fourth key juncture in the pipe after mobile access devices wireless connectivity technologies and access points centers on corporate firewalls A firewall is a set of related programs located at a network gateway server which protects the resources of a private network from users from other networks The term also implies that a security policy is used with the programs An enterprise with an ...

Page 28: ...and firewalls centers on the application and data servers that reside inside corporate firewalls The security vulnerabilities associated with using data servers desktops with hard drives containing data and application security are the same for wired and wireless access Therefore no attempt is made here to explore the security issues associated with internal data control It is important however to...

Page 29: ...lenge that wireless users have benefited from the security lessons learned from wired technologies in the 1990 s Whereas security around new technologies in the nineties traditionally arrived as an afterthought wireless users expect security to be built into the system from the beginning Products without security will not survive This paper has shown however that users of wireless networks are not...

Page 30: ... Enterprise to Assure E Business Success Compaq Technical Guide February 2000 MultiPort Bluetooth Communication Compaq White Paper March 2001 http www compaq com support techpubs whitepapers 14zn 0501a wwen html MultiPort Technology Overview Compaq White Paper March 2001 http www compaq com support techpubs whitepapers 14zm 0501a wwen html MultiPort Wireless Local Area Networking Compaq White Pape...

Reviews:

No comments

Related manuals for Evo Desktop Series

Layher 3201 Instructions For Assembly And Use preview
3201
Brand: Layher Pages: 6
Zenith Z-100 Series Technical Manual preview
Z-100 Series
Brand: Zenith Pages: 493
Zotac VR GO 2.0 User Manual preview
VR GO 2.0
Brand: Zotac Pages: 37
Aaeon TKS-G50-QM77 Manual preview
TKS-G50-QM77
Brand: Aaeon Pages: 117
Gateway 5694 - GT - 4 GB RAM Reference Manual preview
5694 - GT - 4 GB RAM
Brand: Gateway Pages: 126
IBM NetVista X40 Manual preview
NetVista X40
Brand: IBM Pages: 126
Spectravideo MKI Service – Technical Manual preview
MKI
Brand: Spectravideo Pages: 134
Sony VAIO Digital Studio PCV-RZ54G Specifications preview
VAIO Digital Studio PCV-RZ54G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ46G Specifications preview
VAIO Digital Studio PCV-RZ46G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ49Y Specifications preview
VAIO Digital Studio PCV-RZ49Y
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ44G Specifications preview
VAIO Digital Studio PCV-RZ44G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ36G Specifications preview
VAIO Digital Studio PCV-RZ36G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ34G Specifications preview
VAIO Digital Studio PCV-RZ34G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ32G Specifications preview
VAIO Digital Studio PCV-RZ32G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RX860 Specifications preview
VAIO Digital Studio PCV-RX860
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ16G Specifications preview
VAIO Digital Studio PCV-RZ16G
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RZ30GN2 Specifications preview
VAIO Digital Studio PCV-RZ30GN2
Brand: Sony Pages: 1
Sony VAIO Digital Studio PCV-RX760 Specifications preview
VAIO Digital Studio PCV-RX760
Brand: Sony Pages: 1

Brands by name

Popular brands

Load more brands