Cisco Offers New WLAN Security Protocol
Cisco Systems has released EAP-FAST, a new WLAN authentication protocol that uses protected access credentials to establish a tunnel between a client and server.Cisco Systems Inc. on Tuesday released a new protocol for authentication in an effort to help protect customers from security deficiencies in existing protocols, chiefly one developed years ago by Cisco. Known as EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling), the new protocol differs from Ciscos LEAP (Lightweight Extensible Authentication Protocol) in that it doesnt use digital certificates for authentication. Instead, EAP-FAST uses protected access credentials to establish an authenticated tunnel between a client and a server. Once the tunnel is in place, the client sends a username and password to the server to identify and authenticate itself.
This system is designed to guard against a variety of common attacks during the authentication process, including dictionary attacks and man-in-the-middle attacks, which are commonly used against networks employing LEAP.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: