Table of Contents
Advertisement
Glossary
Term
Dynamic WEP
EAP-TLS
EAP-TTLS
ELA (OPSEC)
Encapsulation
ESS
FHSS
310
Explanation
The IEEE introduced the concept of user-based authentication using per-
user encryption keys to solve the scalability issues that surrounded static
WEP. This resulted in the 802.1X standard, which makes use of the IETF's
Extensible Authentication Protocol (EAP), which was originally designed
for user authentication in dial-up networks. The 802.1X standard
supplemented the EAP protocol with a mechanism to send an encryption
key to a Wireless AP. These encryption keys are used as dynamic WEP
keys, allowing traffic to each individual user to be encrypted using a
separate key.
EAP-TLS Extensible Authentication Protocol - Transport Layer Security. A
general protocol for authentication that also supports multiple
authentication methods, such as token cards, Kerberos, one-time
passwords, certificates, public key authentication and smart cards. IEEE
802.1X specifies how EAP should be encapsulated in LAN frames.
In wireless communications using EAP, a user requests connection to a
WLAN through an access point, which then requests the identity of the
user and transmits that identity to an authentication server such as
RADIUS. The server asks the access point for proof of identity, which the
access point gets from the user and then sends back to the server to
complete the authentication.
EAP-TLS provides for certificate-based and mutual authentication of the
client and the network. It relies on client-side and server-side certificates to
perform authentication and can be used to dynamically generate user-
based and session-based WEP keys.
EAP-TTLS (Tunneled Transport Layer Security) is an extension of EAP-TLS
to provide certificate-based, mutual authentication of the client and
network through an encrypted tunnel, as well as to generate dynamic, per-
user, per-session WEP keys. Unlike EAP-TLS, EAP-TTLS requires only
server-side certificates.
(See also PEAP)
Event Logging API (Application Program Interface) for OPSEC, a module
in Check Point used to enable third-party applications to log events into
the Check Point VPN-1/FireWall-1 management system.
See tunnelling.
Extended Service Set (ESS). Several Basic Service Sets (BSSs) can be joined
together to form one logical WLAN segment, referred to as an extended
service set (ESS). The SSID is used to identify the ESS. (See BSS and SSID.)
Frequency-Hopping Spread Spectrum. A transmission technology used in
Local Area Wireless Network (LAWN) transmissions where the data signal
is modulated with a narrowband carrier signal that "hops" in a random but
predictable sequence from frequency to frequency as a function of time
over a wide band of frequencies. This technique reduces interference. If
synchronized properly, a single logical channel is maintained. (Compare
DSSS)
Summit WM User Guide, Software Version 5.3
Advertisement
Table of Contents
