What Is EAP Authentication?
Extensible Authentication Protocol (EAP) is the mechanism behind Internet and network security. It ensures that computers join certain networks legally, and it also issues passwords for security. Many different EAP methods exist and newer, more efficient ones are being developed also. The EAP process is simple, and EAP can easily be configured by anyone owning a computer.
Other People Are Reading
-
Definition
-
EAP is a framework that enables authentication methods for the Internet, networks and authentication servers. Nowadays with the wide reach of the Internet and with the increased number of computer or network hacking cases, network security has become more important, and that is a reason why EAP is used with many, if not all, wireless networks today. EAP helps keep away intruders from accessing certain networks and connections.
Components
-
Three components make an EAP authentication happen: the EAP initiator, the Authentication Server, and the EAP authenticator.
The EAP initiator is the computer that requests access to a network.
The Authentication Server is the server computer that decides to allow or disallow the initiator access into a network.
The EAP authenticator is the access point in the network. It waits for the authentication server to grant access into the network to the EAP initiator.
-
Process
-
Four steps make an EAP authentication happen. First, the EAP initiator sends a authentication request to the Authentication Server. Then, when that request is received, a reply, or "response packet," is sent back the other way. The initiator then sends another authentication request, and again, a reply will be sent back. Communication between the two sides continues for as long as needed. Finally, one of two things will happen that will stop communication between the two parties. Either a reply of "unacceptable" will be sent to the initiator and the authentication will fail, or the process will succeed and the initiator will be able to access the EAP authenticator.
Methods
-
In general, there are five different EAP methods in use: MD5, LEAP, TLS, PEAP, and EAP-Fast.
MD5 Authentication is the simplest EAP method. However, this is the least secure of all EAP methods, and only the initiator is authenticated.
Lightweight EAP (or LEAP) Authentication is a method is used by Cisco Systems. Both the initiator and the authenticator are authenticated.
Transport Layer Security (TLS) Authentication is the most secure EAP method. Both the initiator and the authenticator are strongly authenticated.
Protected EAP (PEAP) Authentication is a method used by Microsoft. PEAP encrypts the authentication process while providing the security of the TLS method.
EAP-Fast is a newer method still in development at Cisco Systems, it is similar to LEAP but offers a level of security equal to that of PEAP.
Configuration
-
Whether you have a dial-up connection, a Virtual Private Network (VPN), or a wireless connection, EAP can be configured right from your computer in a matter of minutes. Additionally, configuration of a NPS (Network Policy Server) or an IAS (Internet Authentication Server) for use with any EAP method is simple and can be performed by the computer's owner.
-
References
- Photo Credit computer image by blaine stiger from Fotolia.com
