User manual
Security
mySND User Manual 89
Configuring EAP-FAST
Benefits and
Purpose
EAP-FAST (Flexible Authentication via Secure Tunneling) validates
the identity of devices or users before they gain access to network
resources. You can configure the SND Server for the EAP-FAST
network authentication. This makes sure that the SND Server gets
access to protected networks.
Mode of Operation
EAP-FAST uses (as in the case of EAP-TTLS, see Ö86) a channel in
order to protect the data transfer. The main difference is that
EAP-FAST does not require certificates for authentication purposes.
(The use of certificates is optional).
PACs (Protected Access Credentials) are used to build the channel.
PACs are credentials that comprise up to three components.
• A shared secret key that contains the preshared key between the
SND Server and the RADIUS server.
• An opaque part that is provided to the SND Server and presented
to the RADIUS server when the SND Server wishes to obtain
access to network resources.
• Other information that may be useful to the client. (Optional)
EAP-FAST uses two methods to generate PACs:
• The manual delivery mechanism can be every mechanism that
the administrator configures and considers to be safe for the
network.
• In the case of the automatic delivery, an encrypted channel is
established in order to protect the authentication of the SND
Server as well as the delivery of the PACs.
Requirements
; The SND Server is defined as user (with user name and password)
on a RADIUS server.
Proceed as follows:
1. Start the mySND Control Center.