Table of Contents
Advertisement
based on a computer's hardware-specific MAC
address, which is relatively simple to be sniffed out
and stolen. EAP is built on a more secure public-key
encryption system to ensure that only authorized
network users can access the network.
To encrypt a network with WPA Personal/PSK you provide
your router not with an encryption key, but rather with a
plain-English passphrase between 8 and 63 characters
long. Using a technology called TKIP (for Temporal Key
Integrity Protocol), that passphrase, along with the
network SSID, is used to generate unique encryption keys
for each wireless client. And those encryption keys are
constantly changed. (Although WEP also supports
passphrases, it does so only as a way to more easily
create static keys, which are usually comprised of the hex
characters 0-9 and A-F).
The 802.1X standard is designed to enhance the security
of wireless local area networks (WLANs) that follow the
IEEE 802.11 standard. 802.1X provides an authentication
framework for wireless LANs, allowing a user to be
authenticated by a central authority. The actual algorithm
that is used to determine whether a user is authentic is left
open and multiple algorithms are possible.
802.1X uses an existing protocol, the extensible
authentication protocol (EAP, RFC 2284), that works on
Ethernet, Token Ring, or wireless LANs, for message
exchange during the authentication process.
In a wireless LAN with 802.1X, a user (known as the
supplicant) requests access to an access point (known as
the authenticator). The access point forces the user
(actually, the user's client software) into an unauthorized
state that allows the client to send only an EAP start
message. The access point returns an EAP message
requesting the user's identity. The client returns the identity,
which is then forwarded by the access point to the
authentication server, which uses an algorithm to
154
Hide quick links:
Advertisement
Table of Contents
