This paper discusses
???corporate??? security. ???Home user??? security introduces the same security problems present
in WEP and WPA-PSK.
6.5.1 WPA2 and 802.1X
While 802.1X as a standard preceded 802.11i, it is proving to be a key enabler for secure
and flexible wireless networks, allowing for client authentication, wireless network
authentication, key distribution and the pre-authentication necessary for roaming. In using
802.1X in conjunction with 802.11i, it is strongly suggested to use EAP as a framework for
authentication, and use an EAP type for the actual authentication that provides the optimal
balance between cost, manageability and risk mitigation. Most often an 802.1X setup uses
EAP-TLS for authentication between the wireless client (supplicant) and the access point
(authenticator). In theory, several options may replace EAP-TLS, but in practice this is
rare.
The 802.1X authentication protocol as deployed with 802.11i provides a number of
services:
??? Capabilities negotiation between the client and wireless network provider.
??? Client authentication to the wireless network provider.
??? Authentication of the wireless network provider to the client.
Pages:
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373