
	Home > Ask the Networking Experts > Questions & Answers > Popular protocols for securing 802.11 networks

Ask The Networking Expert: Questions & Answers

EMAIL THIS

Popular protocols for securing 802.11 networks

EXPERT RESPONSE FROM: Lisa Phifer

		Pose a Question

		Other Networking Categories

		Meet all Networking Experts
		Become an Expert for this site

QUESTION POSED ON: 25 June 2002
What will the most popular protocols for securing 802.11 networks be in 2003? Will LEAP still be popular? Will 802.1x fulfill promises of security?

802.1x is an extensible authentication framework for port-based access control. This framework can be used with a number of authentication methods, including:

EAP-TLS (Transport Layer Security) - RFC 2716, implemented in Windows XP, requires mutual certificate-based authentication.

EAP-TTLS (Tunneled Transport Layer Security) - An Internet draft, implemented by Funk Odyssey, that extends TLS to securely tunnel further information - notably, client sub-authentication based on legacy passwords.

LEAP (Lightweight EAP) - Cisco's own variation on EAP, implemented by AiroNet products, that provides mutual authentication based on password challenge-response.

PEAP (Protected EAP Protocol) - A new Internet draft designed to overcome some of the vulnerabilities that exist in other EAP methods, providing secure mutual authentication and legacy subauthentication.

In a recent INT Media Research survey of 300 companies with active WLANs, less than a quarter of those surveyed expect to deploy 802.1x by the end of 2003. WEP shared key authentication and higher-layer (VPN or SSL) authentication are being used far more often than 802.1x. From this, I conclude that 802.1x and related EAP methods have not yet matured to the point where consumers can plan to use it.

Nonetheless, 802.1x plays a central role in emerging IEEE 802.11i standards for enhanced WLAN security, enabling authentication and key distribution. Key vendors like Cisco and Microsoft have announced intent to support 802.1x with PEAP in future WLAN products. If PEAP materializes, I expect LEAP to fade away. But this race is still a bit early to call.

There is another critical ingredient in WLAN security: confidentiality. The IEEE 802.11i fix for WEP-based products, known as the Temporal Key Integrity Protocol (TKIP), should begin appearing in firmware upgrades by the end of 2002. In 2003, a more robust AES-based Wireless Robust Authenticated Protocol (WRAP) will emerge in next generation WLAN hardware. TKIP fixes the most glaring weaknesses in WEP, while WRAP provides a stronger, faster privacy solution from scratch.

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Expert networking advice and tips for IT professionals

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2000 - 2009, TechTarget \| Read our Privacy Policy