Appendix B: Wireless Technology
136
MVP-5200i Modero® ViewPoint® Touch Panel with Intercom - Instruction Manual
EAP Authentication
EAP
(Extensible Authentication Protocol) is an Enterprise authentication protocol that can be used in both a wired and wireless
network environment. EAP requires the use of an 802.1x Authentication Server, also known as a RADIUS server. Although over 40
different EAP methods are currently defined, the current internal Modero 802.11g wireless card and accompanying firmware only
support the following EAP methods (
listed from simplest to most complex
):
EAP-LEAP (Cisco Light EAP)
EAP-FAST (Cisco Flexible Authentication via Secure Tunneling, a.k.a. LEAPv2)
The following use certificates:
EAP-PEAP (Protected EAP)
EAP-TTLS (Tunneled Transport Layer Security)
EAP-TLS
(Transport Layer Security)
EAP requires the use of an 802.1x authentication server (also known as a RADIUS server). Sophisticated Access Points (such as
Cisco) can use a built-in RADIUS server. The most common RADIUS servers used in wireless networks today are:
Microsoft Sever 2003
Juniper Odyssey (once called Funk Odyssey)
Meetinghouse AEGIS Server
DeviceScape RADIUS Server
Cisco Secure ACS
Terminology - Wireless Technology (Cont.)
WPA2
Also know as IEEE 802.11i, this is an amendment to the 802.11 standard specifying security mechanisms
for wireless networks. The 802.11i scheme makes use of the Advanced Encryption Standard (AES) block
cipher; WEP and WPA use the RC4 stream cipher. The 802.11i architecture contains the following
components: 802.1X for authentication (entailing the use of EAP and an authentication server), RSN for
keeping track of associations, and AES-based CCMP to provide confidentiality, integrity and origin
authentication.
WPA2 implements the full standard, but will not work with some older network cards. Both provide good
security, with two significant issues:
• either WPA or WPA2 must be enabled and chosen in preference to WEP. WEP is usually presented as the first
security choice in most installation instructions.
• in the "Personal" mode, the most likely choice for homes and small offices, a passphrase is required that, for full
security, must be longer than the typical 6 to 8 character passwords users are taught to employ.
With the RC4 released to the general public, the IEEE implemented the Advanced Encryption Standard (AES)
as the cipher engine for 802.11i, which the Wi-Fi Alliance has branded as WPA2:.