manualshive.com logo in svg

Compaq Evo Desktop Series, Manual

The Compaq Evo Desktop Series offers exceptional performance and reliability for business and personal use. Download the free user manual from our website to unlock the full potential of your Evo Desktop. Discover the seamless integration of cutting-edge technology and user-friendly interface, providing an unparalleled computing experience.

Share
Download
background image

 

White Paper 

  

 

December 2001 
 
Prepared by: 
Access Business Group 
Compaq Computer Corporation 

Contents 

Introduction................................. 3

 

Security in General ..................... 3

 

Essential Elements of 
Security ..................................... 4

 

Security and the Pipe ................. 4

 

Device Security ......................... 5

 

Connectivity Technologies ........ 9

 

Access Points.......................... 24

 

Corporate Firewalls ................. 27

 

Application and Data Servers.. 28

 

Conclusion ................................ 29

 

Bibliography.............................. 30

 

 

Wireless Security 

Abstract:   People and corporations are using wireless technologies 
at astonishing rates to take advantage of the benefits of wireless-
enabled productivity to gain and maintain a competitive edge. 
Market researcher Cahners In-Stat estimates that 6.2 million wireless 
devices will be shipped worldwide this year (2001), and double that 
in two years. 

This paper looks at the pieces of the “pipe” of access from the device 
to the corporate firewall in an attempt to bring an awareness to both 
the user and the corporate IT manager as to where the security 
vulnerabilities lie and what can be done to improve security. Many 
of the vulnerabilities can be alleviated easily by implementing 
policies for users and adding security layers to the pipe. To put the 
subject of wireless security into context, the paper is organized as 
follows: First, securing wireless systems in general is discussed, then 
securing each point along the access pipe is discussed. 

 

 

Summary of Contents for Evo Desktop Series

Page 1: ... edge Market researcher Cahners In Stat estimates that 6 2 million wireless devices will be shipped worldwide this year 2001 and double that in two years This paper looks at the pieces of the pipe of access from the device to the corporate firewall in an attempt to bring an awareness to both the user and the corporate IT manager as to where the security vulnerabilities lie and what can be done to ...

Page 2: ...ional warranty This publication does not constitute an endorsement of the product or products that were tested The configuration or configurations tested or described may or may not be the only available solution This test is not a determination of product quality or correctness nor does it ensure compliance with any federal state or local requirements Compaq the Compaq logo Deskpro and Evo are tr...

Page 3: ...e corporate firewall in an attempt to bring an awareness to both the user and the corporate IT manager as to where the security vulnerabilities lie and what can be done to improve security Many of the vulnerabilities can be alleviated easily by implementing policies for users and adding security layers to the pipe To put the subject of wireless security into context the paper is organized as follo...

Page 4: ...se while making sure it cannot be abused or used to hide criminal activity These essential elements should be the result of any combination of security implementations from the device across the pipe to the corporate firewall and servers The next section describes aspects of securing the pipe the security issues that may arise with wireless networks at critical junctures along the pipe and measure...

Page 5: ...red in planning security models Each element of the pipe along with the security problems and solutions associated with it is discussed in the next five subsections Device Security Despite the growing popularity of handheld PCs PDAs and cellular telephones the truly ubiquitous mobile computing device in the United States is still the notebook computer in Europe it is the mobile telephone Notebook ...

Page 6: ...bile devices employing a cellular service are used more frequently in public places hotel lobbies airplanes and the like than desktop devices which makes it harder to prevent strangers from peering over the shoulders of mobile device users If permitted to observe the user s computing activity for any period of time the curious stranger may be able to read and record or remember sensitive informati...

Page 7: ... passwords private keys digital certificates and cryptographic algorithms can be stored Simply keeping the smart card separate from the device in a wallet for example adds a level of security to the device in the event of theft Moreover a person attacking a smart card must not only possess the card but also have sophisticated tools and expertise There are two main types of smart cards contact and ...

Page 8: ...not the actual fingerprint is then encrypted and stored within the network The user places a registered finger on the reader attached to his or her PC in order to log on to the network The information is then extracted and compared to information on the computer If the comparison is a sufficient match the user is allowed to log in Where mobile devices are concerned Compaq FIT is currently availabl...

Page 9: ...3 Device Specific Firewalls Industry best practices dictate the use of a device mounted firewall when connecting to the Internet especially through a wireless VPN connection Software based firewalls are available from third party providers One such product is Black Ice available from Network ICE Corporation Notwithstanding the protection offered such firewalls are often not incorporated into the a...

Page 10: ...and wireless wide area networks WWANs facilitate this usage A brief description of these connectivity technologies follows and detailed papers that exist on each technology are referenced below The following three subsections comment briefly on the three types of wireless networks and provide an illustration of each type Wireless Local area Networks A wireless local area network WLAN is a type of ...

Page 11: ...ireless Wide area Networks Historically wireless wide area networks WWANs have been used to support voice transmission for mobile telephones WWANs use one of three digital wireless telephone technologies GSM CDMA and TDMA The Global System for Mobile communication GSM developed in Europe is the most widely used of the three digital wireless telephone technologies Code Division Multiple Access CDMA...

Page 12: ...ed with InfoWave Figure 4 illustrates a WWAN Figure 4 Wireless Wide area Network Whether it is a WLAN a WPAN or a WWAN a wireless network uses radio waves to transmit information Radio waves travel over an unshielded medium which is air Because all wireless networks operate on the same frequency and with the same equipment and because it is difficult to control how far radio waves travel hackers c...

Page 13: ...ravels by making it unreadable and thus unusable to casual or not so casual observers It is necessary at this juncture however to be clear that technologies used to secure one piece of the pipe may need to be deployed across multiple points in the pipe For example it may be necessary to load software on the device and on the server as well to better secure the connectivity channel Eavesdropping To...

Page 14: ...vate key The public key is distributed widely The private key is always kept secret Data encrypted with the public key can be decrypted only with the private key Conversely data encrypted with the private key can be decrypted only with the public key Most asymmetric encryption uses the RSA algorithm developed in 1977 by Rivest Shamir and Adleman or derivatives of that algorithm Figure 6 illustrate...

Page 15: ... can be used to encrypt sensitive information for the certificate holder The name of the Certification Authority CA that issued the certificate A serial number The validity period or lifetime of the certificate a start and end date When the issuing CA creates the certificate it digitally signs the information on the certificate The CA s signature on the certificate is like a tamper detection seal ...

Page 16: ...igital signature is through a Certification Authority CA A CA is usually a trusted third party able to verify that the private key used to generate the digital signature belongs to the signer and that the public key is indeed associated with the digitally signed document or message Figure 8 illustrates digital signatures In Figure 8 the original data is hashed using a one way algorithm The hash is...

Page 17: ...VPN must verify the user s identity and restrict VPN access to authorized users The VPN must also provide audit and accounting records to show who accessed what information and when Address Management The VPN must assign a client s address on the private network and assure that addresses are kept private Data Encryption The VPN must encrypt information transmitted on the public network Key Managem...

Page 18: ...performance of the computer it runs on because of the high CPU overhead associated with the encryption and decryption algorithms The greater speeds of new generations of processors will reduce the toll that IPSec takes on machine performance IPSec is especially well suited for implementing VPNs and for remote user access through dial up connection to private networks IPSec supports two encryption ...

Page 19: ...he subscriber identification key When the user makes a connection with a mobile base station a session key is negotiated and all transmissions both voice and data are encrypted GSM documents specify the rough functional characteristics of its protocols including the secure encryption of transmitted digital messages However apart from the protocols details of the algorithms are kept secret Most sec...

Page 20: ...S is based on Transport Layer Security TLS a security layer used on the Internet and equivalent to Secure Socket Layer SSL WTLS was developed to solve problems specific to mobile network devices including their limited processing power memory capacity and bandwidth WTLS is designed to provide adequate authentication data integrity and privacy protection WTLS offers three classes of authentication ...

Page 21: ...ristic is often called the WAP gap The newest ratified version of WAP is 2 0 June 2001 WAP 2 0 is radically different from previous versions and represents a strong flow of convergence with the IETF and W3C The WAP gateway is optional and WAP has now adopted the Internet standards TCP HTTP and TLS with wireless specific profiles Similarly WML is effectively a profile of XHTML Much work has been do...

Page 22: ...s Authentication proves the identity of the user Authorization determines what the user is allowed to do Encryption assures the privacy of transmissions Data Integrity assures that the information has not been altered Non Repudiation prohibits the user from denying the transmission after the fact Figure 11 illustrates the Infowave security flow Figure 11 Infowave Security Flow More detail on each ...

Page 23: ...s a DESX symmetric key pair on each client every time the client logs on This key pair is used to encrypt session traffic Data Integrity Infowave compresses encrypts and delivers data using its wireless protocol The Infowave server analyzes the data to determine the best compression algorithm The combination of encryption and compression ensures that data cannot be altered during transmission If d...

Page 24: ...WEP 6 will be remedied in IEEE extensions to the WEP specification that include 802 11i and 802 1x 802 1x can be included in any access point and will permit authentication to any authentication database EAP RADIUS server The 802 11i Security Subgroup is working to specify stronger encryption algorithms for future use in 802 11 networks Compaq is an active participant in this effort In the current...

Page 25: ... scenario sounds simple in principle Where it becomes slightly more complicated is in the actual authentication Conceptually it would be feasible to let the bridge perform the authentication using a cache of authentication information However that would be unnecessary overhead for the bridge and would mean that authentication information would need to be replicated to all bridges which is neither ...

Page 26: ...to wired LANs this is not feasible in a wireless environment It is much more difficult to monitor and enforce the air space around office buildings than the ports and wiring within them This vulnerability is currently addressed using Wired Equivalent Privacy WEP which is available on 802 11b Access Points If WEP is in use then all stations must configure a symmetric passphrase in order to connect ...

Page 27: ...s The fourth key juncture in the pipe after mobile access devices wireless connectivity technologies and access points centers on corporate firewalls A firewall is a set of related programs located at a network gateway server which protects the resources of a private network from users from other networks The term also implies that a security policy is used with the programs An enterprise with an ...

Page 28: ...and firewalls centers on the application and data servers that reside inside corporate firewalls The security vulnerabilities associated with using data servers desktops with hard drives containing data and application security are the same for wired and wireless access Therefore no attempt is made here to explore the security issues associated with internal data control It is important however to...

Page 29: ...lenge that wireless users have benefited from the security lessons learned from wired technologies in the 1990 s Whereas security around new technologies in the nineties traditionally arrived as an afterthought wireless users expect security to be built into the system from the beginning Products without security will not survive This paper has shown however that users of wireless networks are not...

Page 30: ... Enterprise to Assure E Business Success Compaq Technical Guide February 2000 MultiPort Bluetooth Communication Compaq White Paper March 2001 http www compaq com support techpubs whitepapers 14zn 0501a wwen html MultiPort Technology Overview Compaq White Paper March 2001 http www compaq com support techpubs whitepapers 14zm 0501a wwen html MultiPort Wireless Local Area Networking Compaq White Pape...

Reviews:

No comments

Related manuals for Evo Desktop Series

IBM Aptiva Hardware Handbook preview
Aptiva
Brand: IBM Pages: 136
IBM Aptiva Handbook preview
Aptiva
Brand: IBM Pages: 202
IBM ThinkPad G40 Series Hardware Maintenance Manual preview
ThinkPad G40 Series
Brand: IBM Pages: 160
Compal U-BPC User Manual preview
U-BPC
Brand: Compal Pages: 57
ESI S2S Assembly And Operation Instructions Manual preview
S2S
Brand: ESI Pages: 8
Intel Compute Stick STK1A32SC User Manual preview
Compute Stick STK1A32SC
Brand: Intel Pages: 11
IBM 6862 - PC 300 PL User Manual preview
6862 - PC 300 PL
Brand: IBM Pages: 208
Digital Equipment FR-856E*-WB Service Maintenance Manual preview
FR-856E*-WB
Brand: Digital Equipment Pages: 74
Aaeon RTC-700B User Manual preview
RTC-700B
Brand: Aaeon Pages: 64
IBM 7012 300 Series Installation And Service Manual preview
7012 300 Series
Brand: IBM Pages: 148
Dell OptiPlex 9020 Specifications preview
OptiPlex 9020
Brand: Dell Pages: 3
HP 2133 Mini-Note Quickspecs preview
2133 Mini-Note
Brand: HP Pages: 33
HP 280 G5 SFF Business PC Manual preview
280 G5 SFF Business PC
Brand: HP Pages: 19
HP 2133 Mini-Note PC Brochure & Specs preview
2133 Mini-Note PC
Brand: HP Pages: 4
HP 2240 Supplementary Manual preview
2240
Brand: HP Pages: 16
HP 205 G2 AiO Business Product End-Of-Life Disassembly Instructions preview
205 G2 AiO Business
Brand: HP Pages: 13
HP 23-e000 User Manual preview
23-e000
Brand: HP Pages: 60
HP 286 Pro G2 Disassembly Instructions Manual preview
286 Pro G2
Brand: HP Pages: 13

Brands by name

Popular brands

Load more brands