Finally, wireless infrastructure will be aggregated separately from wired resources to facilitate network management and control through assignment into separate VLANs and IP subnets.
In addition to the features described above, the EAP methods provide the following benefits: Mutual authentication between the wireless client and RADIUS server which helps prevent "Man in the Middle" attacks (in which a third party intercepts communications from both ends, masquerading as the other end to each party.) The encryption process uses secure key derivation - hash values sent over the wire are useful for one-time use only at the start of the authentication process and additionally, the initialization vector is changed on a per-packet basis to prevent attackers from exploiting messages.
Introduction The widespread deployment of IEEE standard 802.11 wireless networks in university environments (including the 11 Mbps 802.11b version in use at Vanderbilt today) has largely left important security questions unanswered, or at a minimum, inadequately addressed.
Currently, enterprise Information Technology (IT) organizations are working to implement security mechanisms with the goal of bringing security levels to those existing today for wired networks.
A back-end server is also used for 802.1x implementations, employing the EAP extensions to RADIUS to allow clients to be verified from a central source.
Microsoft's pre-standard version of EAP is supported directly in its XP operating system but requires extensive public key infrastructure (PKI) support which is not currently in place.
WEP relies on a private key that is shared between a wireless client (e.g., a laptop with a wireless NIC (Network Interface Card)) and an AP which is essentially the bridge between the wired and wireless networks with an RF transceiver and a wired Ethernet port.