How 802.1x authentication works
Computerworld - Benefits of WLAN
Wireless LANs offer two things central to the adoption of communications technologies: reach and economy. Scalable end-user reach is gained without stringing wires, and the users themselves often feel empowered by their unfettered Internet access. In addition, IT managers find the technology a means to possibly stretch scarce budgets.
However, without stringent security to protect network assets, a WLAN implementation could offer a false economy. With Wired Equivalent Privacy (WEP), the old 802.1x WLAN security feature, networks could be easily compromised. This lack of security caused many to realize that WLANs could cause more problems than they were worth.
Overcoming the inadequacies of WEP
WEP, a data privacy encryption for WLANs defined in 802.11b, didn't live up to its name. Its use of rarely changed, static client keys for access control made WEP cryptographically weak. Cryptographic attacks allowed attackers to view all data passed to and from the access point.
WEP's weaknesses include the following:
- Static keys that are rarely changed by users.
- A weak implementation of the RC4 algorithm is used.
- An Initial Vector sequence is too short and "wraps around" in a short time, resulting in repeated keys.
Solving the WEP problem
Today WLANs are maturing and producing security innovations and standards that will be used across all networking mediums for years to come. They have learned to harness flexibility, creating solutions that can be quickly modified if weaknesses are found. An example of this is the addition of 802.1x authentication to the WLAN security toolbox. It has provided a method to protect the network behind the access point from intruders as well as provide for dynamic keys and strengthen WLAN encryption.
802.1X is flexible because it's based on Extensible Authentication Protocol. EAP (IETF RFC 2284) is a highly pliable standard. 802.1x encompasses the range of EAP authentication methods, including MD5, TLS, TTLS, LEAP, PEAP, SecurID, SIM and AKA.
More advanced EAP types such as TLS, TTLS, LEAP and PEAP provide mutual authentication, which limits man-in-the-middle threats by authenticating the server to the client, in addition to just the client to the server. Furthermore, these EAP methods result in keying material, which can be used to generate dynamic WEP keys.
The tunneled methods of EAP-TTLS and EAP-PEAP actually provide mutual authentication to other methods that utilize the familiar user ID/password methods, i.e. EAP-MD5, EAP-MSCHAP V2, in order to authenticate the client to the server. This method of authentication occurs through a secure TLS encryption tunnel that borrows techniques from the time-tested secure Web connections (HTTPS) used in online



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Digital Transformation: Creating New Business Models Where Digital Meets Physical
- Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
- Empowering Your Mobile Worker
- Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
- An Interactive Guide: Bring Your Own Device
- BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
- Calculating ROI for Mobile Client Acceleration
- As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper...
- Tablet Computing Without Compromise
- This paper provides an overview of how and why that migration-from any old tablet to Windows tablets-came to be. All Mobile and Wireless White Papers
- Live Webcast
North Pole to South Seas: Overcoming the Pitfalls of remote Performance - In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
- Supporting Mobile Productivity With A Limited IT Budget
- Join us and hear from Kaseya mobile IT management experts as we discuss core strategies for supporting the mobile revolution on a shoestring...
- North Pole to South Seas: Overcoming the Pitfalls of remote Performance
- In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
- Unified Communications 101
- What's the best way to implement a unified communications solution for your organization?
- QNX® and BlackBerry® PlayBook™ Tablet.
- RIM's multi-processor, multi-tasking BlackBerry PlayBook runs a new Tablet OS powered by QNX, a bullet-proof microkernel operating system. This track will take a...
- A Close Look at Tablets
- Learn More All Mobile and Wireless Webcasts