ZyXEL Communications AG-200 EAP-MD5 Message-Digest Algorithm, EAP-TLS Transport Layer Security

Page 59

ZyXEL AG-200 User’s Guide

Appendix A

Types of EAP Authentication

This appendix discusses the five popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. The type of authentication you use depends on the RADIUS server. Consult your network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may access the password file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.

Appendix A

i

Page 58 Page 60
Image 59
Page 58 Page 60
Contents ZyXEL AG-200 Trademarks Copyright 2004 by ZyXEL Communications CorporationDisclaimer Online Registration ZyXEL Limited WarrantyFCC Statement Customer Support Table of Contents ZyXEL AG-200 User’s Guide User Guide Feedback About This Users GuideSyntax Conventions Related DocumentationGraphics Icons Key Page About Your ZyXEL AG-200 ZyXEL AG-200 Hardware and Utility InstallationUsing the ZyXEL Utility to Configure Your Network ZyXEL AG-200 User’s Guide Network Add ProfileZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide Properties RemoveApply Each page in Properties is explained below ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide Security Mode ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide ZyXEL AG-200 User’s Guide Strong Scan Site SurveyRefresh Detail Info Add to profile ConnectAuto-Profile Selection OptionsLaunch at windows startup Auto Dhcp renewalZyXEL AG-200 User’s Guide Getting Started Version Page Channel Wireless Network ApplicationOverview SsidBSS Example Ad-Hoc IbssInfrastructure Network Example RoamingRoaming Example Wireless LAN Security3 WPA EAP AuthenticationData Encryption with WEP IeeeEncryption User AuthenticationWPA-PSK Application Example WPA with Radius Application Example WPA-PSK AuthenticationRTS/CTS Threshold Fragmentation ThresholdRTS Threshold Authentication TypeZyXEL AG-200 User’s Guide Version Screen Chapter MaintenanceAbout Uninstalling the ZyXEL UtilityUpgrading the ZyXEL Utility Page Configuring WEP Configuring SecurityZyXEL AG-200 User’s Guide Configuring WPA-PSK Configuring 802.1x EAP-MD5 Configuring WPAConfiguring Configuring 802.1x EAP-PEAP Configuring 802.1x EAP-LEAPZyXEL AG-200 User’s Guide Configuring 802.1x EAP-TLS ZyXEL AG-200 User’s Guide Configuring 802.1x EAP-TTLS ZyXEL AG-200 User’s Guide Troubleshooting Link Quality Problems Starting the ZyXEL Utility ProgramProblem with the Link Status Troubleshooting Starting ZyXEL Utility ProgramTroubleshooting Communication Problems Problems Communicating With Other ComputersPeap Protected EAP EAP-TTLS Tunneled Transport Layer ServiceEAP-MD5 Message-Digest Algorithm EAP-TLS Transport Layer SecurityLeap Comparison of EAP Authentication Types
Related manuals
Manual 2 pages 60.26 Kb
Top Page Image Contents