Wireless LAN Security Framework
-
Upload
callum-holman -
Category
Documents
-
view
22 -
download
1
description
Transcript of Wireless LAN Security Framework
Wireless LAN Security Wireless LAN Security FrameworkFramework
Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos
TLS LEAP TTLS PEAPMD5
VPN
EAP
PPP802.3 802.5 802.11
802.1x
EAP API
NDIS API
IEEE 802.1X IEEE 802.1X authenticationauthentication
Performs authentication in a layer Performs authentication in a layer above the IEEE 802.11 MAC layerabove the IEEE 802.11 MAC layer
Removes all authentication Removes all authentication processing from the IEEE 802.11 processing from the IEEE 802.11 MACMAC
802.1X can use any EAP method 802.1X can use any EAP method installed on the client and AAA serverinstalled on the client and AAA server Methods in common use include TLS, Methods in common use include TLS,
Cisco LEAP (based on MS-CHAPv1), and Cisco LEAP (based on MS-CHAPv1), and Funk's Tunneled TTLS (TTLS)Funk's Tunneled TTLS (TTLS)
Common EAP MethodsCommon EAP Methods EAP-TLSEAP-TLS
TLS handshake is used to mutually TLS handshake is used to mutually authenticate a client and serverauthenticate a client and server
EAP-TTLS extends thisEAP-TTLS extends this Uses the secure connection established by Uses the secure connection established by
the TLS handshake to perform additional the TLS handshake to perform additional authenticationauthentication
PEAPPEAP Similar to EAP-TTLS but only allows EAP for Similar to EAP-TTLS but only allows EAP for
authenticationauthentication Also has key exchange, session resumption, Also has key exchange, session resumption,
fragmentation and reassemblyfragmentation and reassembly