Peap; Tls; Wep; Then And Now-Hp Ipaq Pocket Pc Wireless Implementation - HP iPAQ H4100 series User Manual

A LEAP-based network authenticates user credentials before allowing access to the network; inner
and outer authentications are not required. While this does reduce the overall infrastructure load,
there are some security concerns surrounding this implementation.

PEAP

PEAP uses digital certificates for network server authentication and passwords for client
authentication. PEAP requires an EAP user name, EAP password, and a Certificate of Authority
(CA). Dynamic encryption keys are also used in this authentication type.
802.1X EAP types: Protected EAP (PEAP)
Microsoft, Cisco, and RSA Security created this EAP type to reduce the certificate requirements
found in EAP-TLS. This EAP type uses a root server certificate in setting up the secure tunnel to the
authentication server. This allows user credentials to then be obtained and transmitted to the
authentication server. Unlike EAP-TLS, this protocol will authenticate the user, but not necessarily
the device.

TLS

TLS ensures Internet privacy between communicating applications and their users. When a server
and user communicate, TLS prevents a third party from eavesdropping or tampering with the
transmissions. TLS connection security uses an encryption method. TLS allows the server and user
to authenticate each other and to negotiate for an encryption algorithm and cryptographic keys
before data is exchanged.
802.1X EAP type: Transport Layer Security (EAP-TLS)
EAP-TLS utilizes a certificate pair for authentication. This EAP type was originally developed by
Microsoft and is used as a core component for the other EAP types listed below as a first line
authentication. This system uses a public/private key infrastructure to setup a secure conduit to
exchange the encryption keys. The exchange is very similar to the exchange used in a secure
web site (HTTPS.) The disadvantage to this protocol is the requirement for extensive certificate
management; this EAP type does not authenticate the user as much as it authenticates the device.

WEP

WEP encrypts data immediately before wireless transmissions are sent, and decrypts data it
receives. WEP security is considered the first significant line of defense against casual
eavesdroppers. If WEP uses a secret key, which is considered similar to a password, then the key
must be available on all of the network's wireless devices.
Temporal Key Integrity Protocol (TKIP) technology improves WEP by using a per-packet key
mechanism, in which the base key is modified for each packet sent over the network. The overall
key length is extended to 256-bits for encryption.
NOTE: For additional information about the LEAP authentication protocol, refer to the Cisco
www.cisco.com
website:
The following table lists HP iPAQ Pocket PC-supported wireless authentication protocols.
Then and now—HP iPAQ Pocket PC wireless
implementation
HP iPAQ Pocket PCs are designed to increase productivity by giving customers the ability to continue
working, even when their work takes them away from the office. Whether meeting in an office on the
The Wireless LAN and HP iPAQ Pocket PCs 9