All ORiNOCO indoor access points support the following enhanced security features that enable you to prevent unauthorized access or damage to the wireless network.

Wired equivalent privacy provides confidentiality for network traffic by encrypting the data portion of each packet exchanged in the 802.11 network by using an encryption key .When encryption is initiated, the two devices must have the same encryption keys and both devices must be configured to use the WEP encryption, in order to communicate

WPA is a replacement for the WEP .WPA uses the temporal key integrity protocol for key management and offers a choice of either the 802.1x authentication framework together with extensible authentication protocol (EAP) for enterprise WLAN security (enterprise mode) or simple pre-shared key (PSK ) authentication for the home and small office that typically don’t have an authentication server.

WPA2 is more secure protocol than the WPA that complies completely with the IEEE 802.11i standard specifying security mechanisms for wireless networks. The higher security of WPA2 is essentially derived from its encryption algorithm AES (advanced encryption standard) that essentially works with more numbers and more complex when compared to the RC4 encryption algorithm that is implemented in the WPA standard.

It is not uncommon for attackers and unauthorized users to exploit management interfaces in order to penetrate into ones network. Proxim ensures complete security over all its management interface types by encrypting them with secure 128 bit key encryption standards between the management device and the radio.

Unlike the older versions of Simple network management protocol versions (SNMPv1 and SNMPv2) that supports only simple passwords sent in clear text to provide authentication. SNMPv3 provides secure access to radios by authenticating using extra security parameters and encrypting data packets. Leveraging the strengths of SNMPv3, Proxim network management software PVES provides the following features:

• Authentication- To verify the identity of the associating clients.
• Encryption- To turn the original message in a form that can be deciphered by using only when you have a key that is received when a device passes through the authentication process.
• Message integrity—ensuring that the message sent is the same when received in other words that the message has not been tampered while transmitting.

The HTTP interface provides an easy access to configuration settings and network statistics from any computer on the network. Proxim ensures complete security between the device and the HTTP client with the latest SSL standards that are implemented at both server and the client-side. A secure socket layer essentially allows users to access radios via a secure tunnel that is encrypted with a 128-bit key.

Proxim’s devices support the latest SSH version that allows users to securely access Proxim’s radios via CLI or telnet. SSH not only provides strong encryption of data but also ensures secure communications between the client devices and the telnet server with strong authentication systems. The SSH server hosts a pair of asymmetric keys (a private key that resides on the device) and a public key that is distributed to radios. In order to communicate, the radios need to be first verified with the SSH server.

Management Access Control feature prevents management interface attacks, in other words it blocks unauthorized usage of the management host computer that centrally controls and monitors all the radios. The Management Access Control feature allows network administrators to authorize upto five different nodes that can act as management nodes.

By definition, Remote Authentication Dial In User Service (RADIUS) is a protocol that provides Authentication, Authorization, and Accounting (AAA) management for client stations (laptops, tablets, computers, mobile phones etc) to connect to a network.

Authentication: To verify the identity of the associating clients (laptop, computer etc).
Authorization: To provide specific resources dependent on the client’s permission/access levels.
Accounting: Track and record the client stations (laptop, computer etc) activity and data usage.

Enterprises involving a large number of employees generally use RADIUS servers to provide AAA. From a network management perspective RADIUS server help network administrators to dynamically generating as well as allotting security parameters (example username, password) to client stations. Thereby not only saving the hassle of manually configuring the systems but also ensuring much higher security measures.

802.1x Authentication using RADIUS: provides an authentication framework for wireless networks, allowing a user/subscriber unit to be authenticated by a central authority server. 802.1X use the extensible authentication protocol that is also used for other wired and wireless LANS for message exchange during authentication process.

In a wireless network with 802.1X, a supplicant (user/subscriber unit) requests access to an authenticator (base station unit/access point). The authenticator forces the supplicant in unauthorized state that allows the supplicant to send only an EAP start message .The authenticator returns an EAP message requesting the supplicant’s identity. The supplicant returns the identity which is forwarded by the authenticator to the authentication server (RADIUS server/authentication server),which uses an algorithm to authenticate the supplicant and then returns an accept or reject message back to the authenticator. In the event the server accepts the requests, the authenticator changes the supplicant’s state to authorized.

RADIUS Accounting: By using an external RADIUS server, the central device (access points) can track and record the length of the client (client stations such as laptops, phones etc) sessions. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an “Accounting Start” request from the central device to the RADIUS server. Similarly when the wireless client session ends, an “Accounting Stop” request is sent to the RADIUS server. Few of the many attributes that can be granularly tracked are:

• The number of packets that have been sent from the client device
• The number of packets that have been received by the client device
• Total time in seconds, the user has received service from the network