Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Network + Systems Infrastructure
W O R K S H O P  
The New Face of Authentication

  May 15, 2003
  By By Dilip Advani


>> continued from previous page

The Alphabet Soup of Authentication

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Wirelessness
arrow
 The Alphabet Soup of Authentication

If you're taking the leap into 802.1x authentication, beware: The options can be overwhelming. There's LEAP, PEAP, TLS and TTLS, among others. So which protocol does what?

LEAP is Cisco's proprietary version of EAP (Extensible Authentication Protocol), and it uses strong challenge-password hash exchange instead of digital certificates. But Cisco has hedged its bets and joined forces with Microsoft and RSA Security to develop PEAP (Protected EAP), best known for helping prevent an attacker from injecting his or her own data or capturing clear-text user information for future attacks during the 802.1x EAP authentication process.

PEAP works in two steps. After the initial handshake between the client and access point, a TLS (Transport Layer Security) channel is created between the client and authentication server. All messages get encrypted, and the RADIUS server then authenticates the client using an EAP method--EAP-TLS or EAP-MS-CHAP (Challenge Handshake Authentication Protocol) v2.

With TTLS (Tunneled Transport Layer Security), a TLS tunnel is established and the client authentication parameters get exchanged. TLS has existed longer than TTLS, but its usage has waned because it requires extra certificates on each client.

TTLS and PEAP are similar in concept, but there are important differences: TTLS supports other EAP authentication methods and also PAP, CHAP, MS-CHAP and MS-CHAPv2, whereas PEAP can tunnel only EAP-type protocols such as EAP-TLS, EAP-MS-CHAPv2 and EAP-SIM. TTLS requires installation of client software, whereas PEAP comes ready to run in XP Service Pack 1 on the client device, for instance. TTLS is widely available and implemented, while PEAP is still new. But given PEAP's backing from Cisco, Microsoft and RSA, it's likely to emerge as the de facto authentication mechanism for 802.1x.


start top  Wirelessness The Alphabet Soup of Authentication

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Data Centers Gone Wild
February 22, 2010
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll