Appendix B: Wireless Technology

EAP Authentication

EAP (Extensible Authentication Protocol) is an Enterprise authentication protocol that can be used in both a wired and wireless network environment. EAP requires the use of an 802.1x Authentication Server, also known as a RADIUS server. Although over 40 different EAP methods are currently defined, the current internal Modero 802.11g wireless card and accompanying firmware only support the following EAP methods (listed from simplest to most complex):

EAP-LEAP (Cisco Light EAP)

EAP-FAST (Cisco Flexible Authentication via Secure Tunneling, a.k.a. LEAPv2)

The following use certificates:

EAP-PEAP (Protected EAP)

EAP-TTLS (Tunneled Transport Layer Security)

EAP-TLS(Transport Layer Security)

EAP requires the use of an 802.1x authentication server (also known as a RADIUS server). Sophisticated Access Points (such as Cisco) can use a built-in RADIUS server. The most common RADIUS servers used in wireless networks today are:

Microsoft Sever 2003

Juniper Odyssey (once called Funk Odyssey)

Meetinghouse AEGIS Server

DeviceScape RADIUS Server

Cisco Secure ACS

EAP characteristics

The following table outlines the differences among the various EAP Methods from most secure (at the top of the list) to the least secure (at the bottom of the list):

EAP Method Characteristics

Method:

Credential Type:

Authentication:

Pros:

Cons:

 

 

 

 

 

EAP-TLS

• Certificates

• Certificate is based on a

• Highest

• Difficult to

 

 

two-way authentication

Security

deploy

 

 

 

 

 

EAP-TTLS

• Certificates

• Client authentication is

• High Security

• Moderately

 

• Fixed Passwords

done via password and

 

difficult to

 

certificates

 

deploy

 

One-time passwords

 

 

• Server authentication is

 

 

 

(tokens)

 

 

 

done via certificates

 

 

 

 

 

 

 

 

 

 

 

EAP-PEAP

• Certificates

• Client authentication is

• High Security

• Moderately

 

• Fixed Passwords

done via password and

 

difficult to

 

certificates

 

deploy

 

One-time passwords

 

 

• Server authentication is

 

 

 

(tokens)

 

 

 

done via certificates

 

 

 

 

 

 

 

 

 

 

 

EAP-LEAP

• Certificates

• Authentication is based on

• Easy

• Susceptible to

 

• Fixed Passwords

MS-CHAP and

deployment

dictionary

 

MS-CHAPv2

 

attacks

 

One-time passwords

 

 

authentication protocols

 

 

 

(tokens)

 

 

 

 

 

 

 

 

 

 

 

EAP-FAST

• Certificates

• N/A

• N/A

• N/A

 

• Fixed Passwords

 

 

 

 

One-time passwords

 

 

 

 

(tokens)

 

 

 

 

 

 

 

 

170

MVP-5200i Modero Viewpoint Widescreen Touch Panel

Page 178
Image 178
AMX MVP-5200i manual EAP Authentication, EAP characteristics, EAP Method Characteristics