Dynamic Wep Key Exchange - ZyXEL Communications FSG1100HN User Manual

Wireless active fiber router

Hide thumbs Also See for FSG1100HN:

Quick start manual (18 pages)

Specifications (2 pages)

Quick start manual (16 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

Table of Contents

However, MD5 authentication has some weaknesses. Since the

authentication server needs to get the plaintext passwords, the passwords

must be stored. Thus someone other than the authentication server may

access the password file. In addition, it is possible to impersonate an

authentication server as MD5 authentication method does not perform mutual

authentication. Finally, MD5 authentication method does not support data

encryption with dynamic session key. You must configure WEP encryption

keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the

wireless stations for mutual authentication. The server presents a certificate to

the client. After validating the identity of the server, the client sends a different

certificate to the server. The exchange of certificates is done in the open

before a secured tunnel is created. This makes user identity vulnerable to

passive attacks. A digital certificate is an electronic ID card that authenticates

the sender's identity. However, to implement EAP-TLS, you need a Certificate

Authority (CA) to handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses

certificates for only the server-side authentications to establish a secure

connection. Client authentication is then done by sending username and

password through the secure connection, thus client identity is protected. For

client authentication, EAPTTLS supports EAP methods and legacy

authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a

secure connection, then use simple username and password methods

through the secured connection to authenticate the clients, thus hiding client

identity. However, PEAP only supports EAP methods, such as EAP-MD5,

EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client

authentication. EAP-GTC is implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco

implementation of IEEE 802.1X.