Compaq Evo n800c Wireless Security - Page 22

Wireless Security White Paper 22 Infowave Infowave provides an encrypted end-to-end security model from the mobile user through the wireless data network and Internet to the corporate server. Infowave is a gateway solution that controls all traffic to and from wireless users. Infowave requires that a single configurable port be opened in the firewall and set up as follows: • The port must allow only User Datagram Protocol (UDP) traffic.5 • The port must admit traffic only to the machine that is running the Wireless Business Engine (the Wireless Business Engine is the only software listening to the port). In addition, incoming packets must be encrypted with the server's public key, and must contain a valid logon packet with NTLM logon credentials to be processed. Otherwise, the packets are discarded. The Infowave security model is based on the following elements: • Authentication - proves the identity of the user • Authorization - determines what the user is allowed to do • Encryption - assures the privacy of transmissions • Data Integrity - assures that the information has not been altered • Non-Repudiation - prohibits the user from denying the transmission after the fact Figure 11 illustrates the Infowave security flow. Client E ncrypt DE S X S es s ion Key, NT LM T oken, Configuration Information Authenticate NT LM T oken 2, Key, S end NT LM T oken 3 Authentication Complete, R eady to S end Data S end and R eceive S es s ion Data E CC DE S X DE S X DE S X DE S X S erver Decrypt DE S X S es s ion Key, NT LM Authentication Call, S end NT LM T oken2 Authenticate NT LM T oken 3, S end S ucces s or F ailure S tatus S end and R eceive S es s ion Data Figure 11: Infowave Security Flow More detail on each element of the security model follows. 5 UDP is an alternative to Transmission Control Protocol -- TCP, and does not provide the service of dividing messages into packets and reassembling them at the receiving end. It is useful when very small messages are exchanged.