PEAP (Protected EAP): PEAP only requires the server to have the certificate. PEAP encapsulates the EAP communication in a TLS tunnel.
LEAP (Lightweight EAP): Developed by Cisco, does not require a certificate on either the client or server. Cisco recommends using a stronger version such as EAP-FAST, as LEAP has a known weakness.
EAP-FAST (EAP Flexible Authentication via Secure Tunneling): Developed to replace LEAP. The use of certificates is optional.
EAP-TTLS (EAP Tunneled Transport Layer Security): Needs a certificate on the server, but not the client. The username and password are not sent in plain-text as the transmission is in an encrypted tunnel. PAP can be used for authentication due to the use of Tunneled TLS without the credentials being compromised.
802.1x: PEAP, EAP-TLS, and EAP-TTLS all require an 802.1x server. Some refer to the 802.1x as a RADIUS server.
WPA2/WPA Enterprise: This requires a RADIUS/802.1x server. Enterprise mode also requires the use of a certificate on the server. The user will also need a username and password to authenticate.
No comments:
Post a Comment