User's Manual
34
Authentication Server during the second phase. A certificate is only
required at the Authentication Server. PEAP also supports identity hiding
where the Authenticator is only aware of the anonymous username used to
establish the TLS channel during the first phase but not the individual user
authenticated during the second phase.
SSID: Name of wireless network.
TLS: TLS is an EAP-Type for authentication based upon X.509 certificates.
Because it requires both the Supplicant and the Authentication Server to
have certificates, it provides explicit Mutual Authentication and is resilient
to man-in-the-middle attacks. After successful authentication a secure TLS
link is established to securely communicate a unique session key from the
Authentication Server to the Authenticator.
TTLS: Tunneled TLS is an EAP-Type for authentication that employs a two-phase
authentication process. In the first phase the Authentication Server is
authenticated to the Supplicant. Using TLS, a secure channel is established
through which the Supplicant can be authenticated to the Authentication
Server using legacy PPP authentication protocols such as PAP, CHAP, and
MS-CHAP. TTLS has the advantage over TLS that it only requires a
certificate at the Authentication Server. It also makes possible forwarding
of Supplicant requests to a legacy RADIUS server. TTLS also supports
identity hiding where the Authenticator is only aware of the anonymous
username used to establish the TLS channel during the first phase but not the
individual user authenticated during the second phase.
WPA: Wi-Fi Protected Access is a replacement security standard for WEP. It is a
subset of the IEEE 802.11i standard being developed. WPA makes use of
TKIP to deliver security superior to WEP. 802.1X access control is still
employed. The Authentication Server provides the material for creating the
keys.