Client side authentication with RADIUS server from Microsoft MS-CHAP v2 client with username and password encrypted credentials
Wireless Client EAP Network Authentication Process
1. Client associates with access point
2. Access point allows 802.1x traffic
3. Client authenticates RADIUS server certificate
4. RADIUS server sends username with password encrypted request to client
5. Client sends username with password encrypted to RADIUS server
6. RADIUS server and client derive WEP key. RADIUS server sends WEP key to access point
7. Access point encrypts 128 bit broadcast key with that dynamic session key. Sends to client.
8. Client and access point use session key to encrypt/decrypt packets
WPA-PSK
WPA pre-shared keys use some features of static WEP keys and dynamic key protocols. Each client and access point is configured with a specific static passcode. The passcode generates keys that TKIP uses to encrypt data per session. The passcode should be at least 27 characters to defend against dictionary attacks.
WPA2
The WPA2 standard implements the WPA authentication methods with Advanced Encryption Standard (AES). This encryption method is deployed with government implementations etc. where the most stringent security must be implemented.
Application Layer Passcode
SSG uses a passcode at the application layer. Client can’t authenticate unless they know the passcode. SSG is implemented in public places such as hotels where the client pays for the password allowing access to the network.
VLAN Assignments
As noted companies will deploy access points with SSID assignments that define logical wireless networks. The access point SSID will then be mapped to a VLAN on the wired network that segments traffic from specific groups as they would with the conventional wired network. Wireless deployments with multiple VLANs will then configure 802.1q or ISL Trunking between access point and Ethernet switch.
Miscellaneous Settings
Anti Theft Option
Some access points have an anti theft option available using padlock and cabling to secure equipment while deployed in public places. This is a key feature with public implementations where access points can be stolen or there is some reason why they must be mounted below the ceiling.
Security Attacks
No comments:
Post a Comment