News Stay informed about the latest enterprise technology news and product updates.

Not many making the LEAP to PEAP

Many companies have turned to authentication for wireless network security. Cisco's LEAP protocol is a leader of this pack, but it's proprietary. A certificate approach to authentication called PEAP may yet hurdle LEAP.

Wireless security is a muddle of proprietary and standardized approaches, many of which fall short of their goals and, when it comes to authentication, the situation is no less clear-cut.

Since standardized approaches to wireless security like wireless equivalent privacy (WEP) have proved to be easy to crack, many have begun turning toward authentication -- where users log on with a name and a password that is verified -- as a means of further securing wireless networks.

One popular authentication approach is known as LEAP, short for lightweight extensible authentication protocol. LEAP was developed by San Jose, Calif.-based Cisco Systems Inc. and is proprietary. However, to help grow the market, Cisco has been licensing LEAP for free to vendors to allow them to integrate the protocol into their clients and authentication servers, said Shripati Acharya, a senior product marketing manager with Cisco's wireless unit.

LEAP has been popular with Cisco's customers, said Craig Mathias, a principal with FarPoint Group, a Framingham, Mass.-based research firm. LEAP works across a number of operating systems, making it a flexible system on the client end. However, it only works with Cisco access points, said Chris Kozup, senior research analyst with Stamford, Conn.-based research firm Meta Group

LEAP is popular today and likely to be around for some time, said Kozup. But it is already facing a challenge from a standards-based approach called PEAP, or protected extensible authentication protocol.

PEAP was developed by Cisco, Microsoft Corp. and RSA Security Inc., the Bedford, Mass., security systems vendor. PEAP uses a certificate approach to authentication, where a user's identity is verified through a digital certificate. Some businesses shy away from this approach because it can require more client management than they would like to put into their wireless systems, said Mathias.

While this approach is standards-based, it has not yet been ratified. So today there are still problems with interoperability. For example, Microsoft's variant of PEAP is different from Cisco's, Kozup said. Additionally, since PEAP is relatively new, it only works with Windows 2000 and Windows XP. That has also limited its deployment, said Kozup.

Symbol Technologies Inc., a Holtsville, N.Y.-based wireless systems vendor, sells mobile devices that can be as small and limited in function as hand scanners. Devices like that cannot support sophisticated clients. When faced with providing greater wireless security for its customers, Symbol turned to an open-source approach called Kerberos from the Massachusetts Institute of Technology.

Kerberos is more compatible with the limited memory of many of Symbol's devices and does not have problems with latency, said Phil Ballai, director of product marketing for Symbol. Users need to set up their own inexpensive Kerberos server on-site for authentication.

PEAP today is in its infancy. Once it is standardized and available for more operating systems, Kozup expects that it will take off. In the meantime, Acharya does not expect Cisco to stop selling products with LEAP any time soon.


The Best Web Links on standards and protocols

Expert weighs in on LEAP and PEAP

Popular protocols for securing 802.11 networks

Dig Deeper on Wireless LAN (WLAN)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.