Specifications
12
EAP-
MSCHAP V2
EAP-MS-CHAP-V2 (Microsoft Challenge-Handshake Authentication
Protocol version 2) is a mutual authentication method that supports
password-based user or computer authentication. EAP-MS-CHAP-V2 is
typically used inside a TLS tunnel created by TTLS or PEAP.
EAP-TLS
EAP-TLS (RFC 2716) stands for Extensible Authentication Protocol-
Translation Layer Security. It uses the TLS protocol (RFC 2246)
authentication hand shaking implementation for 802.1x authentication.
TLS provides a way to use certificates for both user and server
authentication and for dynamic session key generation and protection of
the authentication session.
Management
Frame
Protection
A wireless technology enabling one access point to validate a neighboring
Access Point's management frames.
PEAP
Protected Extensible Authentication Protocol, Protected EAP, is a
method to securely transmit authentication information, including
passwords, over wired or wireless networks.
PEAP uses server-side public key certificates to authenticate the server.
It then creates an encrypted SSL/TLS tunnel between the client and the
authentication server. The ensuing exchange of authentication
information to authenticate the client is then encrypted and user
credentials are safe from eavesdropping.
WPA2
Wi-Fi Protected Access
2 TOE Description
This section provides an overview of the Cisco Unified Wireless Network & Wireless
Intrusion Prevention System. This chapter also defines the physical and logical boundaries;
summarizes the security functions; and describes the evaluated configuration.
2.1 TOE Product Type
The Target of Evaluation (TOE) is a Wireless LAN access system (WLAN) with an integrated
Wireless Intrusion Prevention System (wIPS). The Wireless LAN access system defined in
this ST comprises multiple products operating together to provide secure wireless access to a
wired and wireless network. The Wireless Intrusion Prevention System defined in this ST are
the wIPS capabilities defined in this ST including IDS signature detection, rogue AP and
client detection and containment, and 802.11 management frame protection (MFP). This TOE
as identified above is the Cisco Unified Wireless Network & Wireless Intrusion Prevention
System TOE which provides end-to-end wireless encryption, centralized WLAN
management, Authentication, Authorization, and Accounting (AAA) policy enforcement, and
basic Wireless Intrusion Prevention System (wIPS) with support for advanced WiPS and
location tracking when used with the Cisco Mobility Services Engine (MSE). Note that the
TOE does not claim conformance to an IDS/IPS Protection Profile, the wIPS functionality
described in this ST includes detection of wireless intrusion attempts, generation of audit data
related to those events, delivery of that audit data to external components (WCS or NCS,