Cisco Offers New WLAN Security Protocol

Cisco Systems Inc. on Tuesday released a new protocol for authentication in an effort to help protect customers from security deficiencies in existing protocols, chiefly one developed years ago by Cisco. Known as EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling), the new protocol differs from Cisco's LEAP (Lightweight Extensible Authentication Protocol) in that it doesn't use digital certificates for authentication. Instead, EAP-FAST uses protected access credentials to establish an authenticated tunnel between a client and a server. Once the tunnel is in place, the client sends a username and password to the server to identify and authenticate itself.

This system is designed to guard against a variety of common attacks during the authentication process, including dictionary attacks and man-in-the-middle attacks, which are commonly used against networks employing LEAP.

LEAP is used mainly to authenticate users on wireless LANs, where the wireless access point serves as the RADIUS server.