Personal Versus Enterprise Modes (Lightweight EAP (LEAP) (Note that PEAP,…
Personal Versus Enterprise Modes
Adding an 802.1x server can be expensive and is sometimes not a feasible option. Organizations can use captive portals as an alternative. It requires users to authenticate before granting them access.
Free Internet access.
Paid Internet access.
forces clients using web browsers to complete a specific process before it allows them access to the network.
WTLS and ECC
Smaller wireless devices such as PDAs and cell phones don’t have the same processing power as servers and desktop ,can't handle protocols liek WPA2
Many smaller wireless devices use WTLS or ECC
elliptic curve cryptography (ECC)
Wireless Transport Layer Security (WTLS)
WTLS is a wireless implementation of TLS
Lightweight EAP (LEAP)
Note that PEAP, EAP-TTLS, and EAP-TLS all use digital certificates. certificates help provide strong authentication and encryption services. However, a certificate authority (CA) must issue certificates, so an organization must either purchase certificates from a public CA, or implement a private CA within the network.
Cisco recommends using stronger protocols, instead of LEAP.
Most wireless devices support LEAP,
does not require a digital certificate.
Cisco created LEAP using a modified version of the Challenge Handshake Authentication Protocol (CHAP)
EAP, PEAP, and LEAP
Requires certificates on the 802.1x
server and on each of the wireless clients.
This is one of the most secure EAP standards and is widely implemented
EAP-Tunneled TLS (EAP-TTLS)
It requires a certificate on the 802.1x server but not the clients.
allowing systems to use some older authentication methods such as Password Authentication Protocol (PAP)
This is an extension of PEAP
Protected EAP (PEAP)
PEAP requires a certificate on the server,but not the clients. A
common implementation is with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2).
encapsulates and encrypts the EAP conversation in a Transport Layer Security (TLS) tunnel
PEAP protects the channel, as designer thought EAP will have physical security
Extensible Authentication Protocol (EAP)
Both TKIP or AES-based CCMP use this key
Systems then use this key to encrypt all data transmitted between the devices
provides a method for two systems to create a secure encryption key, also known as a Pairwise Master Key (PMK).
The Extensible Authentication Protocol (EAP)
802.1x servers typically use one of these methods(EAP,PEAP,LEAP) to increase the level of security during the authentication process.
An authentication framework that provides general guidance for authentication methods.
WPA and WPA2 Enterprise mode
Regular WEP & WPA users access the wireless network anonymously with a Preshared key (PSK)
802.1x server has a certificate on it to secure the authentication process.
Enterprise mode uses an 802.1x server, often implemented as a RADIUS server, which accesses a database of accounts.
forces users to authenticate with unique credentials before granting them access
Both operate in either Personal or Enterprise modes