Firmware Pages and Descriptions

EAP Security’s Using Server Certificates - Overview

The following EAP types all support a server certificate:

EAP-PEAP

EAP-TTLS

EAP-TLS

All three of these certificate-using security methods are documented in the following sections. EAP Authentication goes a step beyond just encrypting data transfers, but also requires that a set of credentials be validated before the client (panel) is allowed to connect to the rest of the network (FIG. 108). Below is a description of this process. It is important to note that there is no user intervention necessary during this process. It proceeds automatically based on the configuration parameters entered into the panel.

LAN

802.1x

(EAP over Wireless)

Client - Panel

Authenticator

Authentication Server

(RADIUS Server)

(supplicant)

(Wireless Access Point)

 

FIG. 108 EAP security method in process

 

 

A server certificate file uses a certificate that is installed in a panel so that the RADIUS server can be validated before the panel tries to connect to it. The field name associated with this file is Certificate Authority.

If a server certificate is used, it should first be downloaded into the panel and the Certificate Authority field should then be set to the name of that certificate file. No file path should be used for this setting as all certificates are stored in a specific directory that the user cannot control or change. The most secure connection method uses a server certificate.

If no server certificate will be used then, this field should be left blank. If the field contains a file name, then a valid certificate file with the same file name must be previously installed on the panel. Otherwise the authentication process will fail.

Wireless Settings Page - Security Options - EAP-PEAP

EAP (Extensible Authentication Protocol) is a Enterprise authentication protocol that can be used in both a wired and wireless network environment. EAP requires the use of an 802.1x Authentication Server, also known as a Radius server. Most of the configuration fields described below take variable length strings as inputs. Whenever these fields are selected, an on-screen keyboard appears which allows the string to then be entered.

PEAP (Protected Extensible Authentication Protocol) was developed by both Cisco© Systems and Microsoft® as a way to securely transmit authentication information, such as passwords, over a wireless network environment. PEAP uses only server-side public key certificates and therefore does not need a client (panel) certificate which makes the configuration and setup easier.

124

7" Modero Widescreen Touch Panels

Page 134
Image 134
AMX CV7 manual EAP Security’s Using Server Certificates Overview, Wireless Settings Page Security Options EAP-PEAP