Ckip, Eap-fast – Intel 3945ABG User Manual

Page 139

Advertising
background image

Centralized Key Management (CCKM), an access point configured to provide Wireless

Domain Services (WDS) takes the place of the RADIUS server and authenticates the client

without perceptible delay in voice or other time-sensitive applications.

CKIP

Cisco Key Integrity Protocol (CKIP) is Cisco proprietary security protocol for encryption in

802.11 media. CKIP uses the following features to improve 802.11 security in infrastructure

mode:

Key Permutation (KP)

Message Sequence Number

802.11b and 802.11g Mixed Environment Protection Protocol

Some access points, for example Cisco 350 or Cisco 1200, support environments in which

not all client stations support WEP encryption; this is called Mixed-Cell Mode. When these

wireless networks operate in "optional encryption" mode, client stations that join in WEP

mode, send all messages encrypted, and stations that use standard mode send all messages

unencrypted. These access points broadcast that the network does not use encryption, but

allow clients that use WEP mode. When

Mixed-Cell

is enabled in a profile, it allows you to

connect to access points that are configured for "optional encryption."

EAP-FAST

EAP-FAST like EAP-TTLS and PEAP, uses tunneling to protect traffic. The main difference is

that EAP-FAST does not use certificates to authenticate. Provisioning in EAP-FAST is

negotiated solely by the client as the first communication exchange when EAP-FAST is

requested from the server. If the client does not have a pre-shared secret Protected Access

Credential (PAC), it is able to initiate a provisioning EAP-FAST exchange to dynamically

obtain one from the server.

EAP-FAST documents two methods to deliver the PAC: manual delivery through an out-of-

band secure mechanism and automatic provisioning.

Manual delivery mechanisms are any delivery mechanism that the administrator of the

network feels is sufficiently secure for their network.

Automatic provisioning establishes an encrypted tunnel to protect the authentication

of the client and the delivery of the PAC to the client. This mechanism, while not as

secure as a manual method may be, is more secure than the authentication method

used in LEAP.

The EAP-FAST method is divided into two parts: provisioning and authentication. The

provisioning phase involves the initial delivery of the PAC to the client. This phase only

needs to be performed once per client and user.

Advertising
Popular Brands
Popular manuals