White Papers: Security

For access to the latest information, white papers, product information and more, please visit

Wi-Fi Security and PCI DSS

For most of today's retailers, solid Wi-Fi client device security is essential for compliance with the latest version of the Payment Card Industry Data Security Standard (PCI DSS), version 1.2. Such security can be achieved by following three best practices identified in the paper:

  • Ensure that a Wi-Fi client device can gain access to your wireless LANs (WLANs) only using WPA2-Enterprise with a strong EAP type.
  • Configure every trusted Wi-Fi client device to connect only to trusted APs.
  • Use ongoing monitoring to demonstrate the effectiveness of your WLAN security approach.

PCI DSS v1.2 classifies both WPA and WPA2 as sufficient replacements for WEP, which must be phased out of existing WLANs by mid-2010. Researchers have reported that a vulnerability in the WPA encryption method of TKIP may enable attackers to decrypt TKIP-encrypted data, but those researchers have provided no evidence that a practical tool for cracking an actual TKIP key or deciphering TKIP-encrypted data packets is imminent. Still, because the TKIP vulnerability does not exist with the WPA2 encryption method of AES-CCMP, retailers should plan now to phase out client devices that do not support WPA2.

Download the white paper.

Wi-Fi® Client Device Security & HIPAA Compliance

Even though Wi-Fi offers many potential benefits, a hospital will not rely on Wi-Fi unless the hospital has confidence that its Wi-Fi networks and devices will protect sensitive information, including electronic medical records (EMRs), that are transmitted over Wi-Fi or stored on networks that can be accessed through Wi-Fi. Hospitals have that confidence when their Wi-Fi networks and devices are compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The HIPAA Security Rule establishes a national set of security standards for protecting health information that is held or transferred in electronic form. To satisfy the requirements of the HIPAA Security Rule, a hospital Wi-Fi system needs strong, mutual authentication between every authorized Wi-Fi client device and a hospital network where sensitive information is housed and strong encryption of sensitive information that is transmitted over Wi-Fi.

This white paper provides a set of security best practices to ensure that Wi-Fi client devices are HIPAA-compliant.

Download the white paper.

FIPS 140-2 and Wi-Fi Client Devices

FIPS 140-2 defines the U.S. federal government standard for modules that protect sensitive but unclassified information through cryptography, or encryption and decryption. Even though FIPS 140-2 is for the federal government, many enterprises and other non-governmental organizations are interested in FIPS 140-2 because it is a robust and well-defined standard for security. Given the many threats to Wi-Fi® security that exist, requiring FIPS 140-2 validation for Wi-Fi client devices may not be a bad idea.

AES-CCMP, the Wi-Fi standard for encryption and decryption, is approved for FIPS 140-2. Nearly every Wi-Fi chip supports AES-CCMP in hardware. So why are only a handful of Wi-Fi client devices validated for FIPS 140-2?

The answer is that most Wi-Fi chips for client devices lack support for a test mechanism that is required for FIPS 140-2 validation. To achieve FIPS 140-2 validation for a Wi-Fi client device, you must replace chip-based AES-CCMP with software cryptography at Layer 2 or Layer 3. Software cryptography, however, is less than ideal for some client devices.

A new white paper from Laird Technologies presents the pros and cons of requiring FIPS 140-2 validation for Wi-Fi client devices. Once you read the white paper, you will understand why an organization considering FIPS 140-2 for Wi-Fi client devices should determine whether or not WPA2™-Enterprise provides sufficient security.

Download the white paper.

White Papers: 802.11n, 5 GHz, and Bluetooth

Click on a white paper topic below to read an overview of the topic and reveal a link to download the white paper.

Bluetooth Smart and Bluetooth Smart Ready

Present in nearly all wireless phones and an ever-growing number of wireless devices, Bluetooth technology has become an exceptional performer for audio and data transmission. Bluetooth 4.0 introduces Bluetooth Low Energy (BLE), a new protocol that allows for long-term operation of Bluetooth devices in low-volume data transmission. BLE enables smaller form factors, better power optimization, and power cells that last for years on a single charge.

Download the white paper.

Understanding Range for RF Devices

Understanding how environmental factors can affect range is one of the key aspects to deploying a radio frequency (RF) solution. This paper will provide a high-level overview of the factors that can affect RF range, including hardware selection, environmental factors, frequency ranges, and proper implementation.

Download the white paper.

IEEE 802.11n

Boasting throughput 10 times greater than that available with previous wireless LAN (WLAN) standards, the IEEE 802.11n standard is the buzz of the Wi-Fi industry, and Wi-Fi infrastructure vendors are promoting little but their latest 802.11n products. The great performance of 802.11n is the result of enhancements that also yield improved quality of service, greater range, and improved predictability of coverage.

When you deploy 802.11n infrastructure, all 802.11n benefits except greater throughput accrue to client devices that use pre-802.11n radios. Because business-critical mobile devices such as mobile computers and medical devices run primarily data applications and not multimedia applications, those devices tend to have relatively modest throughput requirements. The primary benefit of deploying 802.11n on those devices will be to enable other devices, such as laptops, to gain the full throughput benefits of 802.11n.

Download the white paper.

802.11n for Medical Devices

With throughput much greater than that available with previous wireless local area networking (WLAN) standards, the IEEE 802.11n standard has had a significant impact on the WLAN, or Wi-Fi, industry. Most of today’s WLAN infrastructure products support 802.11n, and support on client devices is growing.

The throughput of 802.11n is the result of enhancements that include packet aggregation, block acknowledgement, wider channels, decreased spacing between sent packets, and multiple input/multiple output (MIMO) technology. These enhancements not only boost throughput but also increase range, improve predictability of coverage, and improve quality of service.

To achieve a significant throughput boost from 802.11n, both sides of the Wi-Fi link – the client and the infrastructure – must support 802.11n with more than one data stream. When the infrastructure supports 802.11n but clients do not, those clients still receive the non-throughput benefits of 802.11n. With 802.11n infrastructure devices rivaling pre-802.11n infrastructure devices in price, hospitals should give 802.11n serious consideration when deploying a new infrastructure or refreshing an existing one.

Putting 802.11n on laptops and other general-purpose client devices makes sense if those devices need a throughput boost. Most medical devices don’t need higher throughput. Because those devices may be used for five years or longer, consider dual-band 802.11n for them now if you can get it for a modest price premium.

Download the white paper.

Optimizing Operation at 5 GHz

The 5 GHz operating band presents greater challenges to networking professionals than does the 2.4 GHz band in areas such as range and mobility. The 5 GHz band is attractive, however, because it offers greater network capacity and relatively uncluttered airwaves. The need to incorporate 5 GHz operation into industrial Wi-Fi networks will increase over time as the 2.4 GHz band becomes more overused by a variety of devices.

When utilizing the 5 GHz band, do the following:

  • Position APs to ensure that all clients receive data rates of at least 6 Mbps, with higher data rates ensured where applications demand them.
  • If APs support 802.11a but not 802.11a, then set spacing between APs based on 5 GHz requirements, not 2.4 GHz requirements.
  • Upgrade to dual-band 802.11n infrastructure so that dual-band client radios, including those that support 802.11a/b/g but not 802.11n, receive the benefits of more reliable connectivity and greater range.
  • Minimize the use of DFS channels for highly mobile clients.

Download the white paper.

Optimizing the 5 GHz Band in a Hospital

As the traditional 2.4 GHz operating band for Wi-Fi becomes more crowded, network administrators increasingly look to the less crowded 5 GHz operating band to improve or maintain network performance and reliability. The 5 GHz band is especially attractive in hospitals, where the 2.4 GHz band often is overcrowded. But hospitals present challenges to reliable connectivity in both bands.

This document contrasts the key physical, regulatory, and interference characteristics of the 2.4 GHz and 5 GHz bands and how these characteristics impact critical Wi-Fi operational aspects such as performance and reliability. The document also provides recommendations for optimal dual-band deployments in hospitals.

Download the white paper.

Bluetooth and Wi-Fi Coexistence

Bluetooth is a wireless technology designed for short-range wireless connections between devices in a Wireless Personal Area Network (WPAN). 802.11-compliant Wi-Fi technology connects devices and an infrastructure in a Wireless Local Area Network (WLAN). Bluetooth and Wi-Fi transmit in different ways using differing protocols; because Bluetooth and 802.11b, 802.11g, and 802.11n-compliant devices operate in the same 2.4 GHz frequency band, they are mutual interferers. Bluetooth and Wi-Fi radios often operate in the same physical area and many times in the same device; this interference can impact the performance and reliability of both wireless interfaces.

Several methods of interference mitigation through temporal, special, and frequency isolation have been developed and are described in this document. While each is effective, all come at the cost of some performance reduction. Migrating Wi-Fi operation to the 5 GHz band eliminates Bluetooth/Wi-Fi mutual interference while providing increased network capacity.

Download the white paper.

White Papers: Other Topics

Click on a white paper topic below to read an overview of the topic and reveal a link to download the white paper.

Wi-Fi Mobility

A Wi-Fi client connects to a network through an infrastructure endpoint device such as an access point (AP). When the client moves to a position where its connection to that AP becomes suboptimal, the client will try to switch to an AP that provides better connectivity. The process of switching from one AP to another is called roaming.

The challenge is to maintain an active network connection while you roam. Many business-critical applications require a persistent network connection, and a disruption of as little as 100 milliseconds can cause an application to fail, resulting in lost data and lost productivity.

To roam effectively, a client must recognize when its current connection is suboptimal, scan the airwaves for a better AP, select the best AP, roam to it, and reauthenticate to the network. Many client devices do a poor job of selecting an AP and take a long time to reauthenticate to the network, especially when using Extensible Authentication Protocol (EAP) methods with IEEE 802.11i, the ratified standard for Wi-Fi security. Organizations should strive to use clients with proven capabilities for fast and secure roaming in any environment.

Download the white paper.

Wi-Fi® Mobility in Hospitals

In today’s hospitals, computing devices and, increasingly, medical devices need to connect to hospital networks without having to “plug in” to wired, or Ethernet, network ports. Wi-Fi is a popular choice for wireless network connections. A mobile device needs to stay connected to a Wi-Fi network as that device moves throughout the area for which Wi-Fi access is provided. When a device's connection to its current infrastructure endpoint, or access point (AP), becomes tenuous, then the device must move, or roam, to an AP that offers a better connection.

Effective roaming is roaming that minimizes disruptions to network connectivity, thereby providing applications with the near equivalent of a persistent network connection. When a mobile computing device runs applications that require a persistent connection, effective roaming is essential.

How roaming is done is determined by the software for the Wi-Fi radio in a client device. In general, Wi-Fi software that was written for consumer devices does not roam effectively. Wi-Fi solutions from Summit Data Communications provide the effective mobility required by medical devices and other devices that operate in hospitals. The secure and reliable mobility of Summit solutions has been proven on nearly one million devices, many of which operate in the most challenging environments on the planet.

Download the white paper.

Cisco Compatible Extensions

IEEE and industry standards define how a Wi-Fi radio interoperates with a wireless LAN infrastructure, and the Wi-Fi CERTIFIED™ seal ensures interoperability. For many organizations that rely on mobile devices, however, Wi-Fi CERTIFIED is not enough. These organizations need assurance that their mobile devices will interoperate with a Cisco wireless LAN (WLAN) infrastructure and support Cisco WLAN innovations for enhanced security, mobility, quality of service, and network management. The Cisco Compatible seal, earned through the Cisco Compatible Extensions (CCX) program, gives organizations the assurance that they seek. Because the CCX specification is a superset of that used for Wi-Fi certification, CCX encompasses standards in addition to Cisco innovations.

CCX has been an overwhelming success in the laptop world, where a few silicon providers do all of the work in their reference designs for radios. Reference designs are insufficient for business-critical mobile devices, however, and the task of modifying reference-design software to support all required CCX features is too much for most mobile device vendors. An attractive option is to use Wi-Fi solutions from Summit Data Communications, because Summit solutions already are certified for CCX.

Download the white paper.

Cisco Compatible Extensions and Medical Devices

Hospitals rely on medical devices for patient care and patient safety. When a medical device is designed to connect to a wireless LAN, the Wi-Fi radio in that device must provide a reliable network connection.

IEEE and industry standards define how a Wi-Fi radio interoperates with a wireless LAN infrastructure, and the Wi-Fi CERTIFIED seal ensures interoperability. For many hospitals, however, Wi-Fi CERTIFIED is not enough. These hospitals need assurance that their medical devices have been tested to interoperate with a Cisco wireless LAN infrastructure and support Cisco wireless LAN innovations for enhanced security, mobility, quality of service, and network management. The Cisco Compatible seal gives hospitals the assurance that they seek.

Download the white paper.