Deploying Secure Wireless Networks

Deploying Secure Wireless Networks

Intel Information Technology White Paper

Wireless networks, security

Deploying Secure

Wireless Networks

Intel’s strategies to minimize WLAN risk

Intel’s mobility team has developed a global framework for deploying, securing and supporting wireless LAN installations to its sites around the world. In this paper, we’ll detail how we’ve developed our WLAN strategy to reduce implementation costs and minimize the potential security risks of WLAN deployment around the world.

May 2003

Introduction

At Intel, our global enterprise infrastructure supports about 80,000 employees and many contractors around the world. As part of our strategy to mobilize our workforce, we’ve begun deploying wireless local area networks (WLANs) and making them a part of that enterprise. We chose the 802.11b wireless standard because the technology provides seamless wireless connectivity that promises to improve network access, improve decision making, and boost productivity company-wide. We’re using 802.11b to fulfill employees’ needs for seamless, roaming network access.

Nonetheless, we’re not replacing our wired networks with wireless ones. Instead, we’re using WLANs to supplement, expand, and enhance our employees’ network reach. One reason for the dual networks:

Today’s wireless networks offer shared 11 megabits per second (Mbps) of throughput, a good deal slower than the 100-Mbps switched wired LAN currently in place in most of our network environments.

Currently we have deployed more than 100 wireless networks, now in various stages of completion, in 18 countries throughout Europe, Asia, and the Americas. This “anytime, anywhere” access becomes more and more valuable as employees take mobile PCs with them into meetings and elsewhere on Intel campuses.

By maximizing computing mobility and communications options, we’ve found that we’ve also increased employee productivity. The 802.11b wireless standard provides seamless integration and reasonable data rates, relatively inexpensively, making it an excellent choice for an enterprise such as ours. By themselves,

802.11b security standards aren’t enough to create secure and robust wireless LAN networks. We use a combination of security measures, including virtual private networks (VPNs), in conjunction with existing

802.11b security, to minimize the risk of attack on both our wired and wireless networks.

Deploying a VPN solution across an enterprise requires careful planning and management, but our experience indicates that the payoff is significant and well worth the effort. In this white paper, we’ll outline what we’ve learned when deploying and securing WLANs on medium- to large-sized enterprise networks.

And we’ll share some of the best practices and guidelines we’ve developed for planning and maintaining those networks.

Table of Contents

Introduction............................................................................................................................................2

Taking Advantage of Wi-Fi’s Evolving Standards ..................................................................................3

WLAN Design Goals .............................................................................................................................4

Wireless LAN Connectivity ....................................................................................................................5

Installing Wireless LAN .........................................................................................................................5

Step 1: Conduct a site survey .......................................................................................................................5

Step 2: Select the type of WLAN access points ............................................................................................6

Step 3: Connect wireless to wired.................................................................................................................8

Security Risks of 802.11b WLAN ..........................................................................................................9

Eavesdropping ..............................................................................................................................................9

Illegal access ................................................................................................................................................9

Denial of service ...........................................................................................................................................9

Protecting the WLAN...........................................................................................................................10

Securing the WLAN with Virtual Private Networks..............................................................................10

Authentication and authorization using RADIUS .........................................................................................11

Planning for New 802.11 Technologies ..............................................................................................11

2

Taking Advantage of

Wi-Fi’s Evolving Standards

As we plan the future growth and expansion of wireless

LAN, we will take advantage of new standards and Wi-Fi products. The current market offers capability that allows increased density and security with improved performance.

Mass deployment of 802.11b will continue to dominate the market but WLAN technologies are evolving in the enterprise, taking advantage of combined Wi-Fi radios offered in dual or tri-mode access point configurations.

802.11b (single band) is the current standard –

Analogy:10-Mbps Ethernet*

802.11g (single band) is a new, faster-performing standard, which is backwards compatible to 80211b –

Analogy: 100-Mbps Ethernet

802.11a (single band) is shipping in limited quantities world-wide – Analogy:100-Mbps Ethernet

Dual-band technology enables support of 802.11b

(2.4 GHz) and 802.11a (5 GHz) on the same NIC or

AP – Analogy:10/100 Fast Ethernet

Tri-mode is a variation on dual-band that adds 802.11g

(2.4 GHz) to provide three operating modes: 802.11

a/b/g (often referred to as 802.11 a/g)

This combination of radio technologies allows for overall growth in coverage and density (increased numbers of

WLAN users and locations) as well as increased performance (more bandwidth) required for additional network applications.

As Table 1 demonstrates, we’ve found a wide diversity in the key characteristics of the Wi-Fi standards. The spectrum

2.4 GHz is common between 802.11b and 802/11g and is therefore backwards compatible between 2011b and 2011g clients, but 802.11a (5.2 GHz) networks require 2011a clients. Performance ranges from 11 Mbps to 54 Mbps, depending on distance and density per access point.

We currently deliver a WLAN service performance level of 1.5 Mbps for 20 simultaneous connections to each

802.11b access point. In the future, we plan to increase performance to 26 Mbps for 20 simultaneous connections, using tri-mode (802.11a/b/g) access points.

Table 1. Comparison of Wireless LAN Standards

Characteristic

Spectrum type

Spectrum congestion

Radio type

Performance

Maximum throughput

Cost

Non-overlapping channels

Coverage

1 Direct sequence spread spectrum (DSSS)

2 Orthogonal frequency-division multiplexing (OFDM)

802.11b

2.4 GHz

High

DSSS

1

11 Mbps

6 Mbps

Low

3

100 meters

802.11g

2.4 GHz

High

OFDM

2

54 Mbps

22 Mbps

Low

3

100 meters

802.11a

5.2 GHz

Low

OFDM

2

54 Mbps

30-35 Mbps

Moderate

12

50 meters

3

4

WLAN Design Goals

As we’ve gained experience in wireless implementation, we’ve developed a set of design goals that optimize new WLAN deployments.

Technology

802.11b wireless LAN (today), moving to either

802.11a or 802.11g

10/100-Mbps links between access points and access switches

100/1000-Mbps uplinks from access switches to access points to distribution/routing switch

Architecture

Keep it as simple as possible

Use the existing wired LAN design as a starting point for the WLAN implementation, and make the wireless LAN a secondary, supplemental network

■ Support at least 500 wireless clients on a single logical IP network (up to 3,000 to 4,000 total clients)

Attempt to enable an entire building with a single logical IP network (virtual floor-to-floor roaming)

Where the network spans multiple buildings in a campus, employ switches that support

Layer 3 routing

Design for seamless transition between IP subnets (as products are available)

Use switches supporting inline power over

Ethernet, where available, to minimize use of power injectors

Use multiple virtual LAN (VLAN) capability, if available, to support multiple networks over the same AP infrastructure

Security

Implement wireless LAN with virtual private networking (VPN) to ensure data security

■ Place dynamic IP assignment pool on the

“red side” of the VPN client pool

■ Design for high-availability VPN servers (as product becomes available)

■ Avoid intermixing wired LAN and wireless LAN traffic on the same infrastructure when possible

■ Employ access lists, when possible, to limit mobile unit (MU) access to anything except the DHCP server and the VPN gateways

Use multiple VLAN support, if available, to separate the AP management traffic from the user traffic

Wireless LAN Connectivity

We began deployment of our 802.11b network by installing access point (AP) devices throughout WLAN-designated areas. These APs are radio base stations that link client systems to the network, and they are physically connected to the wired network.

One access point provides coverage over a maximum radius of 100 meters but—depending on the intervening walls and floors—performance degrades when the client moves farther than 30 to 35 meters from the AP. Mobile

PCs equipped with standards-compliant wireless network interface cards (NICs), as well as other devices such as handhelds (personal digital assistants or PDAs), can connect wirelessly to the network through these access points, as shown in Figure 1.

Installing Wireless LAN

As we’ve rolled out each new WLAN implementation, we’ve found that a strategy of surveying the site, matching equipment to environmental conditions and user requirements, and pre-planning for eventual scaling of the

WLAN provide the most consistent, satisfactory results.

Step 1: Conduct a site survey

No one can tell exactly how wireless equipment will operate in every situation; at Intel, we’ve found that a site survey is vital for successful, secure WLAN deployment.

A wireless survey enables us to analyze the conditions required to provide an optimal radio link between access point and client.

The complexity of the survey depends on the nature of the proposed network and the physical characteristics of its environment. If the LAN is bridged to the outside we also analyze the number of sites, the distance between sites, and the characteristics of the intervening terrain.

Wireless Access Point

Network

Figure 1. Simple wireless access point deployment

5

Limited channels. 802.11b offers only three nonoverlapping channels. To avoid interference, no two adjacent APs can use the same channel allocation. This means a good survey must include the channel settings for all access points unless a management entity is in place that can automatically assign the channels. The channel issue may be of even greater concern in some countries; in Israel, for example, regulatory policies may limit availability to only one or two channels.

Risk identification. Our survey takes into account other tenants in the building, and the possibility that those outside the building may be able to see into the WLAN.

Unlike the wired network attacker, who must physically connect and place a monitoring agent on a compromised system, a wireless attacker need only be in range of the access point—within about 300 feet for 802.11b—to intercept a WLAN signal.

Basic 802.11b access points encompass a circle 300 feet in diameter, to reach the corners of a rectangular room; therefore, coverage almost certainly will extend outside the walls, and possibly past the floor or ceiling in multistory buildings. Directional antennas may reduce RF leakage and minimize the risk, but will not eliminate it.

We’ve found that directional antennas can also greatly increase the transmission or reception range of an 802.11b

device, something that must be noted when we design security for our WLAN. Access point and antenna placement, which take their cue from our site survey, can significantly reduce our risk of inadvertently extending the

WLAN into uncontrolled areas. But we never consider the risk eliminated; even the most carefully placed access points and antennae may still be vulnerable to attackers. Attackers may, for example, employ high-gain antennae to sniff wireless traffic significantly beyond the advertised range.

RF interference. We note where specific RF reflectance or impedance may be an issue, carefully detailing potential multi-path or other interference. Several common building elements can interfere with an access point’s signal, so we examine the following (or similar situations) carefully:

Boiler rooms with air conditioners and large engines

Microwave ovens

Diesel engines

Fluorescent light diffusers

Elevator motors

Metal, concrete, or other dense materials in buildings that create problems with radio penetration

In some cases, we can eliminate potential interference by moving equipment (such as a mobile phone) to a different frequency spectrum, for example, to 900 MHz or 5 GHz.

Step 2: Select the type of WLAN access points

When we choose WLAN access points, we take a number of factors into account. Practically speaking, we can choose from the two primary standards for wireless access points mentioned earlier: 802.11a and 802.11b. In our experience, fewer vendors actually offer 802.11a. We have found that 802.11b works in most cases.

We make sure, however, that the 802.11b vendors we choose offer a migration path to 802.11g for future scalability. We also look for support of the 802.11i security standard and the cost implication of starting its use. In general, no radio currently sold can support the 802.11i

standard due to the greater computing demand involved.

We check to see whether the change will mandate replacing the whole access point or require just a field upgrade of the radio.

Firmware upgrades. WLAN standards will continue to evolve rapidly for the next few years, so it’s important that the access point supports upgrades through firmware. We prefer equipment that permits firmware upgrades from a central location, which automatically distributes the upgrade to all access points.

Some vendors allow a single AP to act as that distribution agent. Others use management software, and still others take a different approach and move most of the elements from the AP to an infrastructure switch, allowing firmware changes to take place on that back-end device rather than on the access points themselves.

6

Wi-Fi. To maximize interoperability, we’re generally careful to choose products with the Wireless Ethernet

Compatibility Alliance (WECA)’s Wi-Fi certification. We’ve found that Wi-Fi devices offer the best chance of crossvendor interoperability.

Local regulations. Before they can be offered for sale, vendors must certify their access points with a country’s appropriate regulatory body, which can be a slow and tedious process. We prevent delays later on by ensuring that the vendor offers products approved for use in all intended target locations before we finalize the selection.

Security. 802.11 offers wired equivalent privacy (WEP) technology for encrypting data sent between wireless stations. However, WEP has been shown to be vulnerable, so many vendors offering enterprise-grade access points generally include enhanced security features, such as

IEEE 802.1X with dynamic key allocation and management.

We carefully examine these enhanced features and factor them into our selection. Eventually, the 802.11i standard and advanced encryption standard (AES) will answer the problems of 802.11 vulnerability.

As a stopgap measure, the Wi-Fi alliance certified the Wi-Fi protected access (WPA) standard, which incorporates additional encryption-key protection measures. WPA was intended to strongly increase the level of data protection and access control for existing and future wireless LAN systems. It is available through firmware upgrades in many types of access points.

If Intel had begun implementing wireless networks today,

WPA would have been a good starting point for security.

However, when WPA appeared on the scene, our wireless implementations were relatively mature, and as a result we've chosen to implement 802.11i as soon as it's available.

Installation and support tools. These tools can be one of our best ways to minimize deployment and maintenance headaches. Most access points provide several configuration and management methods, such as

Telnet and HTTP.

But some access point vendors make our installers’ lives much easier by offering automatic radio channel selection.

Without it, a technician installing multiple access points within close proximity must carefully choose channels to minimize inter-access point interference that can degrade

WLAN performance. When automatic, the access point will sense the presence of other access points and self-adjust to a quieter channel.

Transmission power. Most access points transmit at different power levels, such as 30 milliWatts (mW) or 100 mW. When we need to deploy access points close together to enable higher capacity in densely populated environments, units that output at higher levels can cause problems.

Antennas. The antenna is a passive but vital element of the access point. Some have non-removable antennas; others let us replace the antenna with one that better suits our needs. We find the latter to be most flexible for our applications. However, U.S. FCC regulations mandate the use of a fixed antenna in the band used by 802.11a.

Proprietary extensions. We may consider access points with extra capabilities, such as VLAN or trunk support, or built-in capabilities for rogue access point detection. Such extensions may have a substantial impact on our ability to supply flexible services or enhance the security level of the wireless environment. However, proprietary extensions lock you to a single vendor implementation and make it very difficult to change vendors later on.

7

Step 3: Connect wireless to wired

When we bring WLAN into a wired network, security quickly becomes one of the most important considerations.

A wireless signal cannot be fully contained, so it is wise to assume that external parties will likely be able to receive the signal. Therefore, we must regard the wireless network as insecure.

As a result, we place our wireless access points on an entirely separate segment of the network. We permit access from this isolated segment to the wired network only through a VPN connection. As an added security measure, we try to place the VPN gateway itself in a

“demilitarized zone” (DMZ) environment, preferably using a different external firewall and, if possible, a different internal firewall than the VPN.

As an added security measure, we limit users’ mobile units

(MUs) to accessing only the VPN gateways and DHCP server, as shown in Figure 2. We do allow a small amount of AP management traffic through to the AP.

Access switch. We require the network switch connecting the WLAN to the wired network to support simple network management protocol (SNMP) for ease in managing the network. We ensure that the switch can support multiple

VLANs in the same chassis. The switch should support both 10BASE-T and 100BASE-T Ethernet connections with a 1-Gbps and 100-Mbps uplink port. We prefer switches that provide for future port expansion through the addition of cards or interconnected chassis.

DHCP Server

VLAN

Figure 2. A simple wireless LAN network with DHCP server

8

Security Risks of

802.11b WLAN

The existing 802.11 standard includes two basic techniques to secure wireless access:

Media access control (MAC) address filtering

Wired equivalent privacy (WEP)

In addition, network managers sometimes use different service set identifiers (SSIDs), making sure, as an additional security measure, that the SSIDs are not broadcast in the AP beacon. However, we’ve found this to be less effective protection.

Each of these solutions has proven vulnerable to attack to some degree. SSIDs, for example, segment a WLAN into multiple networks with individual identifiers. To access one of the multiple networks within the wireless LAN, client and access point devices must be configured with the appropriate

SSID. But SSID does not provide any data privacy functions, nor does it truly authenticate the client to the access point.

Even if SSIDs aren’t broadcast, a client requesting the identity of the SSID will be answered by the AP.

Access points may be configured for MAC filtering, so that only clients with authorized MAC addresses are permitted through. However, an attacker may be able to identify

MAC addresses on the network and configure his own device to match, defeating the filter.

WEP is the encryption and authentication portion of the standard, based on 40- or 128-bit keys. The client’s WEP key must match the WEP key of the access point before it can be admitted into the network. Unfortunately there are a number of freely available tools that will break the WEP key in a short span of time.

802.11b equipment is widely available and relatively inexpensive. Unfortunately, this makes it very easy for any user to plug a WLAN access point into the corporate network, creating a dangerous backdoor entry to the network. This kind of situation is an example of a “rogue”

AP. That term is also used to refer to external, illegal APs masquerading as legitimate ones.

Organizations need to implement policy to ensure secure configuration of access points, plus an ongoing process which scans for the presence of unauthorized devices. A number of companies are providing solutions for rogue AP detection but they tend to be expensive.

In a global enterprise serving more than 80,000 employees, keeping track of every potentially rogue element on the network can be challenging. We’ve instituted stringent policies requiring secure configuration of access points and we regularly scan for unauthorized devices.

We’ve identified several situations in which 802.11b

networks may be vulnerable to attack:

Eavesdropping

Wireless traffic is subject to interception using freely available packet sniffing tools. An attacker can view the intercepted traffic and gain from it both information and, potentially, authentication details. Using WEP does not protect against this, as WEP can be compromised in a number of different ways.

Illegal access

A malicious user can gain access to the network by masquerading as a legal user. Attackers can fool the system by “spoofing” a legal MAC address, breaking the client’s WEP authentication keys, or any of a number of other techniques.

Or the attacker can masquerade as an access point. In so-called “man in the middle” or “honeypot” attacks, the attacker appears to be a legitimate access point to clients, causing them to associate with the illegal AP instead of a legitimate network access point. Once connected, the attacker can eavesdrop on clients, gaining access to the network or hacking the client machine directly.

Denial of service

Wireless is especially susceptible to denial-of-service

(DOS) attacks. A DOS attack can take many forms, including interference on the wireless radio band, blocking users from associating with the AP by sending misleading association refusal signals, trying to overburden the AP, or even exploiting the authentication protocol to cause the AP to refuse service to clients.

9

Protecting the WLAN

At Intel, we’ve developed general guidelines for minimizing security risks in our WLAN deployments. Some are sensible, well-known precautions; others may be less obvious. These methods may not make sense in all situations, but we find this to be a good list of possible precautions.

Do not rely on WEP alone for encryption. WEP is not a complete security solution for wireless LAN, but instead simply provides protection against “casual” attackers. To guard against hackers, we combine WEP with VPNs and other encryption standards for more robust protection.

Segregate wireless networks. A WLAN is not currently as secure as a wired LAN. We don’t allow traffic to pass directly between the wired and wireless environments but, rather, place internal firewalls between the wired LAN and

WLAN, and require authentication and strong encryption before traffic is allowed to pass between the two.

Don’t use descriptive names for SSIDs or access

points. There’s no point in making an attacker’s job easier by identifying the source of the signal and having it broadcast in the header of the data packets.

Hard-code MAC addresses of any NIC permitted into

the access point. While this means maintaining an inventory of authorized cards, it provides a reasonable security enhancement. A hacker could still passively sniff traffic and use MAC spoofing but it would require more effort to break in to the network.

Change WEP encryption keys often. This doesn’t prevent the compromising of WEP keys because an attacker can crack a key within hours; however, frequently changing the encryption key ensures that a compromised network doesn’t stay compromised. Manual key changing is difficult because it requires updating of every access point and wireless NIC. The WPA standard takes care of this key exchange automatically.

Disable beacon packets. Access points can be set to prohibit sending the used SSID on the beacon, but that should not be regarded as a security method; any AP can be forced to announce the used SSID even if it is not broadcast. In addition, the SSID can be easily “sniffed.”

Prevent RF leakage outside the required service area.

When creating the layout of access points within a building, try to ensure that adequate signals reach all necessary areas but, as much as possible, eliminate broadcasting traffic outside that area.

Prevent user access to the AP for management. The access points should be managed from a different network than the one that mobile units are using. Look for an access point that allows Layer 2 separations between user and AP management traffic, using different NICs or VLANs on the same NIC.

Change default passwords and IP addresses. Most access points offer built-in web servers with administration consoles. If the factory defaults are left in, an attacker can access the administration console by simply opening a web browser and pointing it to the access point. Changing default passwords and IP addresses is a good practice even if mobile units are restricted from accessing the AP directly.

Identify and eliminate rogue access points. There’s no denying the great popularity that wireless access enjoys with users. If organizations don’t provide WLAN options for their employees, employees may turn to deploying their own. We employ several methods (such as using a WLAN scanner) to discover these rogues, which are then removed from the network.

Securing the WLAN with

Virtual Private Networks

A virtual private network (VPN) enables users on a public or un-trusted network, such as the Internet or a WEP-based

802.11 WLAN, to establish a secure connection to a private network. The VPN protects the wireless LAN by creating a tunnel that shields data from unauthorized access.

We use VPNs to permit secure remote access to corporate intranets; they enable a high level of trust using standard security technologies, such as Internet protocol security

(IPSec). IPSec uses strong algorithms to authenticate data packets and digital certificates to validate public keys.

We expect that our use of VPNs to minimize WLAN risk will continue until the access points themselves can take over authentication and encryption in a proven way. That will likely happen when the 802.11i standard, with AES encryption, becomes reality.

10

Authentication and authorization using RADIUS

For WLAN client authentication to work, a user’s transmission must pass through a WLAN access point to reach the back-end server actually performing the authentication. The standard way of doing this in both WPA and 802.11i is by using 802.1X authentication on a remote authentication dial-in user service (RADIUS) server.

In a RADIUS scheme, the wireless client contacts the access point, which in turn communicates with the

RADIUS server on the enterprise LAN, as shown in Figure

3. The RADIUS server then verifies the client’s credentials to determine whether the device is authorized to connect.

If the client device is accepted, the RADIUS server sends data, including security keys, to the access point to enable a secure connection with the client.

Planning for New

802.11 Technologies

Although we’ve been able to minimize WLAN security risks with our current VPN-based solutions, we’re watching a number of new wireless security enhancements.

Enhanced data encryption through TKIP. Temporal key integrity protocol (TKIP), a component of WPA, provides important data encryption enhancements including a perpacket key mixing function, message integrity check (MIC) an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. It’s designed to resolve

WEP’s known vulnerabilities.

Enterprise-level user authentication. WEP is weak on user authentication mechanisms. WPA will use two new standards, 802.1x and the extensible authentication protocol (EAP), to offer strong user authentication for wireless users. This framework utilizes a central authentication server, such as a RADIUS server, to authenticate each user on the network before they join it, and also employs "mutual authentication" so that the wireless user doesn’t accidentally join a rogue network that might steal its network credentials.

802.11i. This standard is actually a collection of security enhancements to 802.11. First components of the standard are being released this year. 802.11i will necessitate a hardware change in the radio in most access points because of the higher CPU requirements due to the

AES encryption.

VLAN

Network

Virtual

Private Network

Gateway

DHCP Server

Authentication Server

(RSA, RADIUS)

Figure 3.

WLAN scheme including VLAN, DHCP, VPN, and authentication server

11

Intel around the world

United States and Canada

Intel Corporation

Robert Noyce Bldg.

2200 Mission College Boulevard

P.O. Box 58119

Santa Clara, CA 95052-8119

USA

Phone

General Information: (408) 765-8080

Customer Support: (800) 628-8686

Europe

Intel Corporation (UK) Ltd.

Pipers Way

Swindon

Wiltshire SN3 1RJ

UK

Phone

England: (44) 1793 403 000

France: (33) 1 4694 71701

Germany: (49) 89 99143 0

Ireland: (353) 1 606 7000

Israel: (972) 2 575 441

Italy: (39) 2 575 441

Netherlands: (31) 20 659 1800

Asia-Pacific

Intel Semiconductor Ltd.

32/F Two Pacific Place 88 Queensway,

Central

Hong Kong, SAR

Phone: (852) 2844 4555

Japan

Intel Kabushiki Kaisha

P.O. Box 300-8603 Tsukuba-gakuen

5-6 Tokodai, Tsukuba-shi

Ibaraki-ken 300-2635

Japan

Phone: (81) 298 47 8511

South America

Intel Semicondutores do Brazil

Avenida Dr. Chucri Zaidan, 940,10t

Sao Paulo

Brazil

Phone: (55) 11 3365 5500

For more information

To learn more about [email protected], visit our site on the World Wide Web at: www.intel.com/IT

Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel’s Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of

Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice.

Copyright © 2003 Intel Corporation. All rights reserved.

Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation. 0503/OC/CM/253096-00

2

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project