Wireless Authentication via EAPFAST

1
Wireless Authentication via EAP-FAST
MSIT 458 Security (Professor Chen)

• Party of Five
• Brandon Hoffman
• Kelly Koenig
• Azam Masood
• Phil Nwafor

2
Hacking it Out

• Overview
• What are we solving?
• The solution in brief
• Technical details/Diagrams
• Q A

3
Overview

• Wireless security appears at the forefront of IT
  departmental problems as wireless continues its
  growth. When working in a security rich
  environment, the wireless system is required to
  follow suit. Many considerations need to be made
  to ensure the system is

• Effective
• Efficient
• Easy for end users and administrators

4
Whats the problem?
The current wireless security implementation is
effective but manually intensive. The system
requires tweaking or redesign to retain
effectiveness but reduce the man hours required
to maintain and operate the system. Key issues
are highlighted below.

• Wireless users need to have an account created
  manually
• The accounts expire and need manual attention
• The credentials for wireless require a PAC
  (certificate) to access the system that must be
  manually installed
• The wireless users authenticate to an island as
  opposed to the enterprise Identity Vault

5
EAP-FAST

• EAP-FAST is a Cisco proprietary 802.1x
  authentication scheme. It contains a feature
  called automatic PAC that allows the system to
  manage and maintain the user certificates. The
  mechanism boasts the following features

• Utilizes a series of secure tunnels for
  credential transport
• Leverages existing user credentials and
  authentication back-end (Radius AAA, and
  LDAP/IdM3)
• Encrypts wireless data with leading edge
  encryption methods such as WPA2 AES-CCMP
• EAP-FAST is a triple phase authentication
  mechanism

6
Q A

• QUESTIONS?