User's Manual Part 1
Chapter 2: Basic Checkout
SCU Security Capabilities
24 WORKABOUT PRO G2 Hand-Held With Windows Embedded CE 5.0 User Manual
A foundational element of the IEEE 802.11i WLAN security standard is IEEE
802.1X and a critical application on a mobile device is an 802.1X supplicant. This
supplicant provides an interface between the radio and the operating system and
supports the authentication and encryption elements required for 802.11i, also
known as Wi-Fi Protected Access 2 (WPA2), as well as predecessors such as WPA
and WEP. Summit software includes an integrated supplicant that supports a broad
range of security capabilities, including:
• 802.1X authentication using pre-shared keys or an EAP type, required for
WPA2 and WPA.
• Data encryption and decryption using WPA2 AES, WPA TKIP or WEP.
Common EAP types include:
• EAP-TLS: Uses the same technology as a follow-on to Secure Socket
Layer (SSL). It provides strong security, but relies on client certificates for
user authentication.
• PEAP: Provides secure user authentication by using a TLS tunnel to
encrypt EAP traffic. Two different inner methods are used with PEAP:
• EAP-MSCHAPV2, resulting in PEAP-MSCHAP: This is appropriate
for use against Windows Active Directory and domains.
• EAP-GTC, resulting in PEAP-GTC: This is for authentication with one-
time passwords (OTPs) against OTP databases such as SecureID.
• LEAP: Is an authentication method for use with Cisco WLAN access
points. LEAP does not require the use of server or client certificates. LEAP
supports Windows Active Directory and domains but requires the use of
strong passwords to avoid vulnerability to offline dictionary attacks.
• EAP-FAST: Is a successor to LEAP and does not require strong passwords
to protect against offline dictionary attacks. Like LEAP, EAP-FAST does
not require the use of server or client certificates and supports Windows
Active Directory and domains.
Note: PEAP and EAP-TLS require the use of Windows facilities for the configu-
ration of digital certificates.