Enterprise authentication refers to a method of protecting a Wi-Fi Network. Typically, this is accomplished by the Wi-Fi Alliance WPA2-Enterprise protocol using IEEE 802.1x authentication. The 802.1x standard defines the encapsulation of Extensible Authentication Protocol (EAP) messages over a computer network.
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols developed by the official Wi-Fi Alliance to secure wireless computer networks.
Different WPA protection mechanisms can be distinguished based on the target end-user (according to the method of authentication key distribution).
Here are the three authentication key distribution options:
- WPA-Personal (WPA-PSK, WPA2-PSK) - is designed for home and small offices, it uses a pre-shared key (PSK) instead of an authentication server.
- WPA-Enterprise (WPA, WPA-EAP, WPA2-EAP, WPA-Enterprise, WPA2-Enterprise, and WPA-802.1X ) - is designed for enterprise networks, and requires a RADIUS authentication server. Various types of Extensible Authentication Protocol (EAP) messages are used for authentication.
- Wi-Fi Protected Setup (WPS) - uses a PIN number for simplified security and authentication setup
There are currently about forty different EAP message types. The Komodo Eye Device supports the following:
- TLS - requires a username and X.509 Certificate Authority (CA), private key and public key
- PEAP - chains together multiple EAP mechanisms, and requires specifying the secondary mechanism of either MD5, MSCHAPv2, GTC, or TLS.
- MD5, MSCHAPv2 and GTC require a username and password
- TLS has the same requirements listed above (username, CA, private and public key)
- TTLS - extends TLS making use of a tunnel to the client, and requires specifying a secondary mechanism of either MD5, MSCHAPv2, GTC, or TLS.
- MD5, MSCHAPv2 and GTC require a username and password
- TLS has the same requirements listed above (username, CA, private and public key)
14 Comments