Differences between version 11 and predecessor to the previous major change of MeetingTopics.2005-08-22.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 11 | Last edited on Tuesday, August 23, 2005 11:26:26 am | by CraigBox | Revert |
Older page: | version 9 | Last edited on Tuesday, August 23, 2005 12:03:45 am | by PerryLorier | Revert |
@@ -32,18 +32,18 @@
[WPA] - Wi-Fi Protected Access
* Wi-Fi Alliance assembled a part of the upcoming [802.11i] standardin 2003
* [TKIP] for encryption
-* per-user, not per-device authentication and key distribution framework ([802.1x
])
+* per-user, not per-device authentication and key distribution framework ([802.1X
])
* Extensible Authentication Protocol ([EAP])
* Can still use Pre-Shared Keys ([PSK])
[TKIP]
* [RC4] based
* Per-packet keying, [IV] changes, broadcast key rotation to get around [WEP] insecurities
* Message Integrity Check ([MIC]) to prevent [MITM] attacks
-[802.1x
]
+[802.1X
]
* [IEEE] standard for port-based authentication
* Strong mutual authentication between client and auth server
* Authenticates a client through user-supplied credentials, rather than a computer
@@ -56,15 +56,15 @@
[EAP]
* Extensible Authentication Protocol
* Allows different auth methods without infrastructure changes
* Originally designed for [PPP] connections, adapted for [LAN] ([EAPOL])
-* Many [EAPOL] auth protocols exist - [MD5], [TLS], [CHAP], [MS-CHAPv2], [SIM] (Subscriber Identify Module), [AKA] (Athentication
and Key Agreement), [GTC] (Generic Token Card)
-* Some methods add a tunnel for authentication information - [PEAP], [EAP-TTLS] (Tunneled [TLS])
+* Many [EAPOL|EAP
] auth protocols exist - [MD5], [TLS], [CHAP], [MS-CHAPv2], [SIM] (Subscriber Identify Module), [EAP-
AKA|EAP
] (Authentication
and Key Agreement), [GTC] (Generic Token Card)
+* Some methods add a tunnel for authentication information - [PEAP], [EAP-TTLS|EAP
] (Tunneled [TLS])
[WPA2]
* Full [IEEE] [802.11i] standard
* Ratified in July 2004
-* [TKIP], [802.1x
]/[EAP]
+* [TKIP], [802.1X
]/[EAP]
* Added [AES] encryption
[AES]
* Counter cipher-block chaining mode ([CBC]), as opposed to [WEP]'s single stream cipher
@@ -119,12 +119,16 @@
* Many [AP]s now support VLAN tagging
* Per-port (per [AP])
* [MAC] address (per physical computer - bad)
* Per [SSID] ([SSID]s are sniffable)
-* Per user (via [802.1x
])
+* Per user (via [802.1X
])
Rogue [AP] detection
* Network only secure as long as you control all aspects of it
* insecure [AP]s without strict security controls can cause major security breaches
-Implementation of WPA-RADIUS with 802.1x
via FreeRadius
+Implementation of WPA-RADIUS with 802.1X
via FreeRadius
+
+See also:
+
+* [How to set up a wireless network using Windows server WPA and RADIUS|http://www.hansenonline.net/Networking/wlanradius.html]