Wireless security guide: introduction to leap authentication
Wireless security guide: introduction
The LEAP (Lightweight Extensible Authentication Protocol) is a communications protocol that was developed by Cisco for use in point-to-point connections and wireless networks. However, its security flaws became obvious and people quickly came to prefer alternatives.
In this article, we take a look at how this protocol works, the commonly-known issues with it, how it contrasts with other authentication protocols and what you must consider for the security of your organization’s authentication protocols.
Wireless Security and Network Management
Today’s advancements in technology have led to the decrease in electronic device sizes. These smaller devices are now portable and need to remain connected online for users on the move. This has introduced the need for secure authentication protocols that can enable employees to sign into their workplaces remotely and securely.
Today’s wireless security protocols are quite secure. However, there are some ancient ones which have long been known to be vulnerable yet are still in use. In this section, we’ll discuss network management, access controls and some commonly-used protocols.
What Is Wireless Network Management?
Wireless network management allows your organization to continue running as it scales upwards without choking the information technology infrastructure. In fact, there are already various discussions on what the next generation of wireless security will likely look like. Third parties have even come up with solutions that assist in managing your network by providing the following:
Centralized management dashboards
Enhanced service levels
Streamlined branch expansions and more
Cisco has developed a solution that can offer you this kind of service, known as Cisco Prime Infrastructure. More about it can be found here.
What Is Network Access Control?
Over the years, there have been various protocols implemented for wireless communication security. Even though a number of them have been phased out due to their security issues, there is still a huge chance that some organizations still have one or two implementations of these. Some of the well-known protocols include:
Password Authentication Protocol (PAP)
CHAP operates by letting the server initiate the authentication request. The server sends the client a random string, which the client then uses together with the password as parameters for an MD5 hash function. The result is sent to the server along with the username in plaintext. The server uses the username and same string it initially sent the client to compute its hash, then compares the two hashes in order to determine a successful or unsuccessful authentication.Lightweight Extensible Authentication Protocol (LEAP)
LEAP was introduced by Cisco Systems back in the year 2000. The aim of this was to counter some of the earlier vulnerabilities suffered by previous authentication technologies (CHAP and PAP). Even though attacks against the LEAP protocol were previously known, Cisco maintained for a long time that the protocol was secure if users could implement complex passwords. However, much safer protocols were introduced that included EAP-TLS, EAP-TTLS, and PEAP.
Extensible Authentication Protocol (EAP)
This is an authentication framework that is widely used in point-to-point and wireless networks. EAP defines message formats that protocols use. In Wi-Fi networks, for instance, the WPA and WPA2 standards have implemented about one hundred EAP types as being the official authentication mechanisms. Wireless security guide security-wise, basic EAP was built with the assumption that the communication channel implementing it would be secure — an assumption that time proved wrong. Since there were no facilities in place to safeguard EAP conversations, the Protected Extensible Authentication Protocol (PEAP) was developed. Wireless security guide: introduction
There are three subtypes of EAP that are more secure than basic EAP. They are:
EAP-TLS (Transport Layer Security) works in such a way that it does not rely on user passwords and is thus entirely password-cracking-resistant. Instead, EAP-TLS works by having digital certificates on BOTH the server and client for secure key exchange and authentication. Wireless security guide
EAP-TTLS (Tunneled Transport Layer Security) works in a similar way as EAP-TLS, except that it does away with requiring the installation of digital certificates on the client’s end.
Protected Extensible Authentication Protocol (PEAP)
PEAPv0 and PEAPv1 handle outer authentication (used during the creation process of the secure TLS) and EAP-MSCHAPv2 and EAP-GTC handle inner authentication (used for user and device authentication).Understanding How LEAP Works and Its Importance
How does LEAP work?
LEAP works by implementing security techniques such as dynamic WEP keys. This allows the client to authenticate multiple times to a RADIUS server. This is done to prevent an attacker from cracking the security key and using it long-term. The authentication (challenge/response) is done in a modified version of MS-CHAPv2, but this transaction transmits the username in cleartext, and an attacker is able to obtain it. Some third parties used to be able to support LEAP via what was known as the Cisco Compatible Extensions Program.
Why should you use LEAP?
LEAP was made by Cisco as a proprietary solution to be implemented in Access Points. At that time, it was Cisco’s intention to dominate much of the access point market share, so they worked on EAP and closed it down, naming it Cisco EAP or LEAP. LEAP’s mutual authentication capabilities also meant that it was a more secure alternative to previous security protocols.
How does LEAP compare to PEAP?
Wireless technologies have gone through massive security changes over the years in the quest for both the most efficient security algorithms and the most secure transmission channels. You need to make sure that your organization’s authentication protocols are properly secured in order to keep away unauthorized individuals. Wireless security guide: introduction
What are authentication protocols?
Stealing someone’s identity on the Internet today is unimaginably easy. Authentication protocols need to be
What is the best authentication protocol for enterprise use?
Deciding on the best authentication protocol for enterprise use can be a very tricky affair. There are a number of things that should be considered. First of all, as has been seen above, insecure protocols such as LEAP and EAP-MD5 must be avoided due to their vulnerabilities. How, then, do we decide what to implement from the remaining protocols? It comes down to the following two major points: Client compatibility: Some operating systems might not be able to make use of certain protocols, so you need
Authentication server compatibility: The same is true here. For instance, PEAPv0 only authenticates users with MS-CHAPv2, while EAP/TLS entirely depends on client-side digital certificates for authentication