In At last, real wireless LAN security, we [ZDNet] discussed the new 802.1x/EAP combination that allows you to manage and distribute encryption keys on a user- and session-level basis. Now we'll describe what it takes to actually . . .
In At last, real wireless LAN security, we [ZDNet] discussed the new 802.1x/EAP combination that allows you to manage and distribute encryption keys on a user- and session-level basis. Now we'll describe what it takes to actually build an 802.1x/EAP solution. Because 802.1x and EAP are open standards, implementation is left to individual vendors. As a result, four types of EAP implementations have emerged as "standards." They all share the same underlying 802.1x and EAP architecture, but the ways they implement the EAP are different.

EAP-MD5 is the least secure version of EAP because it uses user names and passwords for authentication and is vulnerable to dictionary attacks. In addition, EAP-MD5 does not support Dynamic WEP keys, which is a critical liability.

EAP-TTLS (Tunneled Transport Layer Security) is Funk software's version of EAP that uses Funk's Odyssey or Steel-Belted RADIUS Server. It's also supported by third-party client software from vendors, such as MDC. Funk's selling point is that PKI certificates are required only on the authentication server but not on the clients. In general, this is considered almost as secure as EAP-TLS while making deployment simpler.

The link for this article located at ZDNet is no longer available.