User guide

ManualsBrandsAtrust ManualsComputer equipmentM320

111

112

113

114

115

116

117

118

119

120

802.1X Authentication  101

Network Security Concepts

Mutual Authentication

EAP-TTLS, EAP-PEAP, EAP-TLS, and EAP-FAST provide mutual authentication of the

user and the network and produce dynamic keys that can be used to encrypt

communications between the client device and access point. With mutual

authentication, the network authenticates the user credentials and the client

software authenticates the network credentials.

Requiring mutual authentication is an important security precaution to take when

using wireless networking. By verifying the identity of the authentication server,

mutual authentication provides assurance that you connect to your intended

network and not to some access point that is pretending to be your network.

You can authenticate the network with Odyssey Access Client when you configure it

to validate the certificate of the authentication server using EAP-TTLS, EAP-PEAP, or

EAP-TLS. If the certificate identifies a server that you trust and if the authentication

server can prove that it is the owner of that certificate, then you can safely connect

to this network. These are the strongest authentication methods available and,

consequently, it is highly recommended that you use these methods for network

authentication within your enterprise wireless network.

Certificates

Certificates are based on public/private key cryptography (or asymmetric

cryptography). Public/private key cryptography is used to secure banking

transactions, online Web commerce, email, and many other types of data exchange.

Prior to the use of modern cryptographic techniques for networking, if two people

wanted to communicate securely, they had to share the same secret key. This one

secret key had to be used to both encrypt and decrypt data. Sharing keys, however,

is limiting. The more people with whom you share your key, the more likely it

becomes that your key can be revealed.

With public/private key cryptography, there are two keys that have different values

but work together:

 A public key

 A private key

You keep your private key secret, but reveal your public key to the whole world.

Anyone can encrypt data using your public key with the certain knowledge that

only your private key can decrypt it. Furthermore, only you can encrypt data with

your private key and anyone can use your public key to decrypt the data.

A certificate is a piece of cryptographic data that guarantees that a particular public

key is associated with the private key of a particular entity. This entity can be an

individual or a computer. A certificate contains many pieces of information that are

used in mutual authentication, including a public key and the name of the entity

that owns the certificate.

Your enterprise certificate authority might issue certificates to smart cards. Odyssey

Access Client supports all types of user certificates, including smart card certificates.