Lightweight Extensible Authentication Protocol


Lightweight Extensible Authentication Protocol

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked).

Some 3rd party vendors also support LEAP through the Cisco Compatible Extensions Program. [citeweb|title=Cisco Compatible Extensions Program|url=http://www.cisco.com/web/partners/pr46/pr147/partners_pgm_concept_home.html|publisher=cisco.com|accessdate=2008-02-22]

Security Considerations

LEAP uses a modified version of MS-CHAP, an authentication protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a salt to strengthen the credentials against eavesdropping during the authentication process. Cisco's response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated passwords or move to another authentication protocol also developed by Cisco, EAP-FAST, to ensure security. [citeweb|title=Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability|url=http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml|publisher=cisco.com|accessdate=2008-02-22] Automated tools like ASLEAP demonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations. [citeweb|title=asleap|url=http://asleap.sourceforge.net/|publisher=sourceforge.net|accessdate=2008-02-22]

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Lightweight Extensible Authentication Protocol — Das Lightweight Extensible Authentication Protocol (LEAP) ist eine proprietäre Methode von Cisco Systems, mit der es möglich ist, eine Authentifizierung für Wireless Clients zu integrieren. Ein interessantes Merkmal ist die Möglichkeit, mehrere… …   Deutsch Wikipedia

  • Extensible Authentication Protocol — Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point to Point connections. It is defined in RFC 3748, which has been updated by RFC 5247. Although the EAP protocol is… …   Wikipedia

  • Extensible Authentication Protocol — Pour les articles homonymes, voir EAP. Extensible Authentication Protocol (EAP) est un mécanisme d identification universel, fréquemment utilisé dans les réseaux sans fil (ex : de type Wi Fi) et les liaisons point à point. Sommaire 1… …   Wikipédia en Français

  • Protected Extensible Authentication Protocol — PEAP is also an acronym for Personal Egress Air Packs. Protected Extensible Authentication Protocol, Protected EAP, or simply PEAP (pronounced peep ), is a method to securely transmit authentication information, including passwords, over wired or …   Wikipedia

  • Lightweight Directory Access Protocol — (LDAP) est à l origine un protocole permettant l interrogation et la modification des services d annuaire. Ce protocole repose sur TCP/IP. Il a cependant évolué pour représenter une norme pour les systèmes d annuaires, incluant un modèle de… …   Wikipédia en Français

  • Lightweight directory access protocol — (LDAP) est à l origine un protocole permettant l interrogation et la modification des services d annuaire. Ce protocole repose sur TCP/IP. Il a cependant évolué pour représenter une norme pour les systèmes d annuaires, incluant un modèle de… …   Wikipédia en Français

  • Lightweight Directory Access Protocol — The Lightweight Directory Access Protocol (LDAP;  /ˈɛld …   Wikipedia

  • Point-to-Point Protocol — Internet protocol suite Application layer BGP DHCP DNS FTP HTTP …   Wikipedia

  • Simple Authentication and Security Layer — SASL (англ. Simple Authentication and Security Layer  простой уровень аутентификации и безопасности)  это фреймворк (каркас) для предоставления аутентификации и защиты данных в протоколах на основе соединений. Он разделяет… …   Википедия

  • Simple Mail Transfer Protocol — This article is about the Internet standard for electronic mail transmission. For the email delivery company, see SMTP (company). Internet protocol suite Application layer …   Wikipedia