Networking Fundamentals, 3rd Edition page 469

Copyright Goodheart-Willcox Co., Inc. 469 Chapter 15 Network Security impossible for someone to intercept it. Instead, the username is sent. Th e server then looks up the stored hash of that password and uses the hash as an encryption key to encrypt data and send it back to the client. Th e client then takes the password the user entered and uses that as a key to decrypt the data. If the user entered the wrong password, then it will never get decrypted. Th is is a clever way to verify the password without it ever being transmitted. Extensible Authentication Protocol (EAP) Extensible Authentication Protocol (EAP) is an Internet Engineering Task Force (IETF) standard used for network access and authentication in a client/server envi- ronment when IP is not available. For example, a dial-up connection to an Internet service provider uses a telephone line to make the connection using the Point-to- Point Protocol (PPP). Th ere is no existing network. EAP was originally developed for use with PPP. Later EAP was adopted for use with wireless connections. Microsoft used EAP for applications such as PPP and dial-up, VPN, and site-to-site and remote access connections. EAP is also used for 802.1x wireless connections and for access and authentication to network switches. Th ere are numerous variations of the original EAP standard, such as EAP-MD5, EAP-TLS, EAP-IKEv2, EAP-AKA, EAP-FAST, and EAP-SIM. In this text, coverage is limited to only the most commonly encountered variations: PEAP and LEAP. Protected Extensible Authentication Protocol (PEAP) Protected Extensible Authentication Protocol (PEAP) is a proprietary protocol developed jointly by Cisco Systems and Microsoft. PEAP is an extension to the orig- inal EAP. EAP sends clear text messages, which can be intercepted. PEAP is an en- hanced version of EAP, which fi rst establishes a secure connection using Transport Layer Security (TLS). TLS provides encryption for the EAP connection and ensures data integrity. Lightweight Extensible Authentication Protocol (LEAP) Lightweight Extensible Authentication Protocol (LEAP) is a proprietary authen- tication system developed by Cisco Systems for its line of wireless access points. Cisco released this improved EAP standard before the IETF completed the 802.11i standard for wireless network security. One of the major improvements of Cisco LEAP security is the periodical reauthorization of the LEAP wireless connection, thus ensuring that the client is still the original authenticated client and that the connection has not been hijacked by an unauthorized person. Security Implementations Th is section covers the various ways an administrator can implement network secu- rity. Several recommended security practices for new network installations include installing the latest software updates and patches, setting up an account for daily administrative tasks, and changing the default administrator’s name. A network ad- ministrator constantly needs to educate system users in routine security practices. Yearly seminars, e-mail alerts, and reminders at department meetings are all good eff orts. An administrator should add software or hardware devices that block open ports or fi lter incoming and outgoing traffi c to secure the network. Physically se- curing the server and other vulnerable points of the network, such as wiring closets, hubs, and router, should also be seriously considered. 4.3 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 469 (491 of 720)

Resources and Downloads

Help