Compaq Armada e500 Wireless Security

Compaq Armada e500 - Notebook PC Manual

Get Compaq Armada e500 - Notebook PC PDF manuals and user guides View all Compaq Armada e500 manuals
Add to My Manuals
Save this manual to your list of manuals

Compaq Armada e500 manual content summary:

  • Compaq Armada e500 | Wireless Security - Page 1
    White Paper December 2001 Prepared by: Access Business Group Compaq Computer Corporation Contents Introduction 3 Security in General 3 to the corporate firewall in an attempt to bring an awareness to both the user and the corporate IT manager as to where the security vulnerabilities lie and what
  • Compaq Armada e500 | Wireless Security - Page 2
    logo, Deskpro, and Evo are trademarks of Compaq Information Technologies Group, L.P. in the U.S. and/or other countries. Intel, Pentium, and Celeron are trademarks of Intel Corporation in the U.S. and/or other countries. Microsoft and Windows are trademarks of Microsoft Corporation in the U.S. and
  • Compaq Armada e500 | Wireless Security - Page 3
    the wireless networks in operation today have no security whatsoever. This is so in part because many users are not aware of specific security vulnerabilities network security. For complete wireless and mobile security solutions, please contact Compaq Global Services at http://www.compaq.com/services
  • Compaq Armada e500 | Wireless Security - Page 4
    This quality makes electronic transactions legally binding. Non-repudiation is supported by digital signatures and trusted timestamps. • System Management -- by creating a secure pipe from the mobile user's access device (the client) across various networks (air, broadband, dial-up) to the point
  • Compaq Armada e500 | Wireless Security - Page 5
    but a wired one.) Figure 1 illustrates the pipe. Figure 1: The Network Pipe The vertical yellow lines in Figure 1 represent the pivotal points of security models. Each element of the pipe, along with the security problems and solutions associated with it, is discussed in the next five subsections
  • Compaq Armada e500 | Wireless Security - Page 6
    Compaq notebook computers, see http://www.compaq specific to mobile access devices, the first link in the pipe on the client side, and possible solutions to those problems. Usage in Public Mobile devices employing a cellular service only way for users to minimize this and private networks in order
  • Compaq Armada e500 | Wireless Security - Page 7
    when paired with a personal identification number (PIN). Whereas a stolen smart card can be used just like a stolen password, the association with a PIN presents thieves with a further barrier to obtaining access to a wireless network, even with the card. Smart card readers offer different levels of
  • Compaq Armada e500 | Wireless Security - Page 8
    to log on to the network. The information is then extracted and compared to information on the computer. If the comparison is a sufficient match, the user is allowed to log in. Where mobile devices are concerned, Compaq FIT is currently available only for Compaq Armada and Evo notebook computers
  • Compaq Armada e500 | Wireless Security - Page 9
    external authenticator may be implemented as a key fob, smart card, or software token. It generates a unique code every sixty seconds in strict synchronicity with the server. The user's login password combines the SecurID code with his or her PIN. RSA Security did not develop a Pocket PC client, but
  • Compaq Armada e500 | Wireless Security - Page 10
    a desktop computer without cables to synchronize data or gain access to a wireless connection. Wireless personal area networks (WPANs) facilitate such connections between devices. • External users increasingly want corporate connectivity anywhere at any time. For example, they can send and receive
  • Compaq Armada e500 | Wireless Security - Page 11
    11 Wireless Personal-area Networks Wireless personal-area networks (WPANs) can use Bluetooth, a radio frequency (RF) specification for point-to Wireless Personal-area Network Wireless Wide-area Networks Historically, wireless wide-area networks (WWANs) have been used to support voice transmission
  • Compaq Armada e500 | Wireless Security - Page 12
    enabling technologies, airtime provided by carriers, area network coverage, and optimized features. Compaq WWANs using CDPD and GSM technologies are possible theft of information violates privacy. Gaining access to corporate passwords, logging on to servers, and taking over a website (impersonation
  • Compaq Armada e500 | Wireless Security - Page 13
    in the pipe. For example, it may be necessary to load software on the device and on the server, as well, to better secure Networks (VPNs). Popular PKI vendors like Baltimore Technologies, Inc. and Entrust do not have PKI support for access devices. Smaller companies have point solutions to specific
  • Compaq Armada e500 | Wireless Security - Page 14
    Wireless Security White Paper 14 Core elements of a PKI are: • Asymmetric keys • Digital certificates • Digital signatures The following paragraphs describe and illustrate these elements. A "key" is a numeric value of variable length that an encryption algorithm uses to convert unencrypted text
  • Compaq Armada e500 | Wireless Security - Page 15
    15 Digital Certificates Digital certificates are electronic files that can be used as unique identifiers for people and resources over networks. A digital certificate binds a user's identity to a public key, thus establishing trust. Digital certificates can also be used to help secure confidential
  • Compaq Armada e500 | Wireless Security - Page 16
    . The hash value is then converted into a digital signature by the user's private key. The digital signature is sent to the recipient for verification The original data along with the digital signature is sent over the network to the recipient, who decrypts the digital signature using the public key
  • Compaq Armada e500 | Wireless Security - Page 17
    that addresses are kept private. • Data Encryption. The VPN must encrypt information transmitted on the public network. • Key Management. The VPN must generate and refresh encryption keys for the client and server. • Multiprotocol Support. The VPN must handle common protocols used on the public
  • Compaq Armada e500 | Wireless Security - Page 18
    for wide-area communication. This is the definition of a virtual private network. L2TP is an extension of PPTP that is used by an internet service provider (ISP users. Cisco Systems has been prominent in proposing IPSec as a standard, and includes IPSec support in its network routers. VPN software
  • Compaq Armada e500 | Wireless Security - Page 19
    from third parties for the Compaq iPAQ Pocket PC: movianVPN VPN appliance gateway • Supports many strong, third Specific to WWAN Carrier Technologies All digitized mobile telephone and wireless packet data networks use some form of encryption. GSM uses a smart card to protect its keys. The smart card
  • Compaq Armada e500 | Wireless Security - Page 20
    Paper 20 Code Division Multiple to solve problems specific to mobile network devices, including their limited processing power, memory capacity, which to encrypt a session between the server and client. WAP 1.2 adds support for WTLS client certificates, which authenticate a WTLS client to a WTLS
  • Compaq Armada e500 | Wireless Security - Page 21
    WAP gateway is optional and WAP has now adopted the Internet standards TCP, HTTP, and TLS with wireless-specific profiles. Similarly, WML is effectively a profile of XHTML. Much work has been done, as well, on telephones, since all they would require is a software change rather than new hardware.
  • Compaq Armada e500 | Wireless Security - Page 22
    user through the wireless data network and Internet to the corporate server. Infowave is a gateway solution that controls all traffic to and from wireless users Transmission Control Protocol -- TCP, and does not provide the service of dividing messages into packets and reassembling them at the
  • Compaq Armada e500 | Wireless Security - Page 23
    software falls into unfriendly hands, the attacker can gain knowledge only of the Infowave server public key and the number of the access port. The breach of this information is not critical. Without knowing the user's Windows NT domain name, user ID, and password was made to support server public
  • Compaq Armada e500 | Wireless Security - Page 24
    area network networks. Compaq is an active participant in this effort. In the current draft specification, a strengthened version of the RC-4/per-frame IV encryption algorithm, and a 128-bit AES encryption algorithm are proposed. Per-user authentication eliminates the WEP key-distribution problem
  • Compaq Armada e500 | Wireless Security - Page 25
    White Paper 25 The fundamental approach used by 802.1x is to authenticate users at the edge of the private network. It would be conceivable to perform this processing at other points within the core of the network, for example using MAC addresses. However, it would be difficult to protect all
  • Compaq Armada e500 | Wireless Security - Page 26
    " their WEP key. Another aspect of the problem arises when users connect to multiple different wireless LANs (e.g. in public areas or at customer sites). Current WEP implementations require that the user manually change the WEP key each time a new network is selected, which is tedious and interferes
  • Compaq Armada e500 | Wireless Security - Page 27
    The ideal combination is to use 802.1x for authentication to the network, and WEP to ensure privacy of the transmission. This does not the access device user. Specific security provided for WWAN technologies is described above under the section titled "Security Specific to WWAN Carrier
  • Compaq Armada e500 | Wireless Security - Page 28
    can be both network based and host networking technologies, access points, and firewalls, centers on the application and data servers that reside inside corporate firewalls. The security vulnerabilities associated with using data servers, desktops with hard drives data on users' internal machines
  • Compaq Armada e500 | Wireless Security - Page 29
    ActiveAnswers/Render/1,1027,1317-6-100-225-1,00.html) the Compaq technical guide cited at other places in this paper, for detail on security measures recommended for corporate servers. Conclusion Pre-wireless technologies such as networked desktop computers, extranets, firewalls, and virtual private
  • Compaq Armada e500 | Wireless Security - Page 30
    Compaq White Paper, March 2001), http://www.compaq.com/support/techpubs/whitepapers/14zm-0501a-wwen.html. "MultiPort Wireless Local Area Networking" (Compaq White Paper, May 2001), http://www.compaq.com/support Thorsberg, Frank, "Half of U.S. Broadband Users Unprotected" (PCWorld.com, July 16, 2001
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
White Paper
December 2001
Prepared by:
Access Business Group
Compaq Computer Corporation
Contents
Introduction
.................................
3
Security in General
.....................
3
Essential Elements of
Security
.....................................
4
Security and the Pipe
.................
4
Device Security
.........................
5
Connectivity Technologies
........
9
Access Points
..........................
24
Corporate Firewalls
.................
27
Application and Data Servers.. 28
Conclusion
................................
29
Bibliography
..............................
30
Wireless Security
Abstract:
People and corporations are using wireless technologies
at astonishing rates to take advantage of the benefits of wireless-
enabled productivity to gain and maintain a competitive edge.
Market researcher Cahners In-Stat estimates that 6.2 million wireless
devices will be shipped worldwide this year (2001), and double that
in two years.
This paper looks at the pieces of the “pipe” of access from the device
to the corporate firewall in an attempt to bring an awareness to both
the user and the corporate IT manager as to where the security
vulnerabilities lie and what can be done to improve security. Many
of the vulnerabilities can be alleviated easily by implementing
policies for users and adding security layers to the pipe. To put the
subject of wireless security into context, the paper is organized as
follows: First, securing wireless systems in general is discussed, then
securing each point along the access pipe is discussed.