60 likes | 82 Views
Wireless Authentication via EAP-FAST. MSIT 458: Security (Professor Chen). Party of Five Brandon Hoffman Kelly Koenig Azam Masood Phil Nwafor. Hacking it Out. Overview What are we solving? The solution in brief Technical details/Diagrams Q & A. Overview.
E N D
Wireless Authentication via EAP-FAST MSIT 458: Security (Professor Chen) Party of Five Brandon Hoffman Kelly Koenig Azam Masood Phil Nwafor
Hacking it Out • Overview • What are we solving? • The solution in brief • Technical details/Diagrams • Q & A
Overview Wireless security appears at the forefront of IT departmental problems as wireless continues its growth. When working in a security rich environment, the wireless system is required to follow suit. Many considerations need to be made to ensure the system is: • Effective • Efficient • Easy for end users and administrators
What’s the problem? The current wireless security implementation is effective but manually intensive. The system requires tweaking or redesign to retain effectiveness but reduce the man hours required to maintain and operate the system. Key issues are highlighted below. • Wireless users need to have an account created manually • The accounts expire and need manual attention • The credentials for wireless require a PAC (certificate) to access the system that must be manually installed • The wireless users authenticate to an island as opposed to the enterprise Identity Vault
EAP-FAST EAP-FAST is a Cisco proprietary 802.1x authentication scheme. It contains a feature called “automatic PAC” that allows the system to manage and maintain the user certificates. The mechanism boasts the following features: • Utilizes a series of secure tunnels for credential transport • Leverages existing user credentials and authentication back-end (Radius AAA, and LDAP/IdM3) • Encrypts wireless data with leading edge encryption methods such as WPA2 AES-CCMP • EAP-FAST is a triple phase authentication mechanism
Q & A QUESTIONS?