- Access point
- Wireless access point (WAP or AP) is a device that connects
wireless communication devices together to form a wireless network.
The WAP usually connects to a wired network, and can relay data
between wireless devices and wired devices. Several WAPs can link
together to form a larger network that allows "roaming".
- The process of identifying an individual, usually based on a
username and password.
- The process of granting or denying a user access to network
resources once the user has been authenticated through the username
- The process of keeping track of a user's activity while
accessing the network resources. Accounting data is used for trend
analysis, capacity planning, billing, auditing and cost
- Short for Apple Remote Access
Protocol, an Apple authentication protocol which uses
challenges and responses, like CHAP, to avoid sending clear text
passwords through the network.
- A public key certificate (or certificate) is an electronic
document which incorporates a digital signature to bind together a
public key with an identity — information such as the name of a
person or an organization, their address, and so forth. The
certificate can be used to verify that a public key belongs to an
individual without exchanging secret keys. The signatures on a
certificate are of a certificate authority (CA) and attest that the
identity information and the public key belong together.
- Certificate authority (CA) is an entity which issues digital
certificates for use by other parties. There are many commercial
CAs that charge for their services. Companies, institutions and
governments may have their own CAs, and there are also free
A CA issues digital certificates which contain a public key and the
identity of the owner. The CA also attests that the public key
contained in the certificate belongs to the
person/organization/server or other entity noted in the
certificate. A CA's obligation is to verify an applicant's
credentials, so that users and relying parties can trust the
information in the CA's certificates. If the user trusts the CA and
can verify the CA's signature, then they can also verify that a
certain public key does indeed belong to whoever is identified in
- Certificate revocation list
- Certificate revocation list (CRL) is a list of certificates
(their serial numbers) which have been revoked, are no longer
valid, and should not be relied on by any system user.
- Certificate signing request
- A certificate signing request(CSR) is a message sent from an
applicant to a certificate authority (CA) in order to apply for a
digital identity certificate. Before creating a CSR, the applicant
first generates a key pair, keeping the private key secret. The CSR
contains information identifying the applicant and the public key
chosen by the applicant. The corresponding private key is not
included in the CSR, but is used to digitally sign the entire
request. If the request is successful, the certificate authority
will send back an identity certificate that has been digitally
signed with the private key of the certificate authority.
- Short for Challenge Handshake
Authentication Protocol, a type of authentication
in which the authentication agent (typically a network server)
sends the client program a random value that is used only once and
an ID value. Both the sender and peer share a predefined secret.
The peer concatenates the random value (or nonce), the ID and the
secret and calculates a one-way hash using MD5. The hash value is
sent to the authenticator, which in turn builds that same string on
its side, calculates the MD5 sum itself and compares the result
with the value received from the peer. If the values match, the
peer is authenticated.
- Cipher suite
- The TLS protocol that underlies PEAP and EAP-TLS is capable of
using a variety of cryptographic techniques for authentication and
data privacy between client and a RADIUS server. Each of these
techniques is called a cipher suite.
- Set of known RADIUS attribute names and their types.
- A hotspot is a venue that offers Wi-Fi access. Hotspots are
often found at restaurants, train stations, airports, libraries,
coffee shops, bookstores, fuel stations, department stores,
supermarkets and other public places. Many universities and schools
have wireless networks in their campus.
- IEEE 802.1X
- IEEE 802.1X is an IEEE standard for port-based Network Access
Control. It provides authentication to devices attached to a LAN
port, establishing a point-to-point connection or preventing access
from that port if authentication fails. It is used for certain
closed wireless access points, and is based on the EAP.
- Inner identity
- The Wi-Fi authentication protocol PEAP works by creating a
TLS-encrypted tunnel between the user and a RADIUS server.
Authentication credentials are sent inside of the tunnel, and are
not visible to the access point. When using these protocols, the
username is sent in two places: the "outer identity", which is sent
unencrypted outside the TLS channel, and inside the encrypted TLS
channel. Inner identity is the name sent inside the channel.
- see Secret.
- Lightweight Directory Access
Protocol, the protocol supported by most directory
- MS-CHAP, MS-CHAPv2
- Short for Microsoft Challenge
Handshake Authentication Protocol is a
Microsoft authentication protocol that, like CHAP, avoids sending
passwords in clear text.
- Network Access Server. The device
that accepts PPP connections and places clients on the network that
the NAS serves. NAS is also called Terminal server.
- A piece of data sent over a network and encapsulating RADIUS
message in a well-known format.
- Short for Password Authentication
Protocol, the most basic form of authentication, in
which a user's name and password are transmitted over a network "in
the clear" (that is, in an unencrypted form) and compared to a
table of name-password pairs.
- Public key infrastructure (PKI) is an arrangement that binds
public keys with respective user identities by means of a
certificate authority (CA). The user identity must be unique for
each CA. This is carried out by software at a CA, possibly under
human supervision, together with other coordinated software at
distributed locations. For each user, the user identity, the public
key, their binding, validity conditions and other attributes are
made unforgeable in public key certificates issued by the CA.
Most enterprise-scale PKI systems rely on certificate chains to
establish a party's identity, as a certificate may have been issued
by a certificate authority computer whose 'legitimacy' is
established for such purposes by a certificate issued by a
higher-level certificate authority, and so on. This produces a
certificate hierarchy composed of, at a minimum, several computers,
often more than one organization, and often assorted interoperating
software packages from several sources. Enterprise PKI systems are
often closely tied to an enterprise's directory scheme, in which
each employee's public key is often stored (embedded in a
certificate), together with other personal details (phone number,
email address, location, department, ...).
Windows 2000 Server and Server 2003 contain a CA software, which is
integrated into the Active Directory.
- Proxy server
- A server that sits between a client application and a real
server. It intercepts all requests to the real server to see if it
can fulfill the requests itself. If not, it forwards the request to
the real server.
- Short for Remote Authentication
Dial-In User Service, an
authentication and accounting system used by many Internet Service
Providers (ISPs). When you dial in to the ISP you must enter your
username and password. This information is passed to a RADIUS
server, which checks that the information is correct, and then
authorizes access to the ISP system.
- A set of rules (policies) defining how the server should handle
an authentication or accounting request.
- Secret (Key, Shared secret)
- A string well known to both client and server and used to
validate and/or encrypt data, transmitted between them.
- Self-signed certificate
- A self-signed certificate is an identity certificate that is
signed by its own creator. That is, the person that created the
certificate also signed off on its legitimacy. Such certificates
are also termed root certificates.
- A process receiving requests from its clients, processing them
and replying to a client.
- Server Manager
- Graphic utility used to manage ClearBox Server, configure and
- Server certificate
- In order to provide trusted network security services to
wireless clients, ClearBox Server must be able to cryptographically
identify itself to clients. To prove its identity to clients, it
sends them its digital certificate during the client login
- State server
- Some kind of database maintained by the server where
information on users currently logged onto the network is
- A supplicant is software that is installed on the client to
implement the IEEE 802.1X protocol framework and one or more EAP
methods. Supplicants include Windows 2000 Service Pack 4, Windows
XP Service Pack 2, Windows Vista and other operation systems and
- Temporal Key Integrity Protocol, the part of the IEEE 802.11i
standard. TKIP implements per-packet key mixing with a re-keying
system and also provides a message integrity check. These avoid the
problems of WEP.
- Vendor Specific Attributes; RADIUS attributes defined by
vendors using the provision of attribute 26.
- Wired Equivalent Privacy (WEP) is a scheme to secure IEEE
802.11 wireless networks. WEP was intended to provide
confidentiality comparable to that of a traditional wired network.
Several serious weaknesses were identified by cryptanalysts; a WEP
connection can be cracked with readily available software within
minutes. WEP was superseded by Wi-Fi Protected Access (WPA) and
WPA2. Despite its weaknesses, WEP provides a level of security that
may deter casual snooping.
- Wi-Fi is a wireless technology brand owned by the Wi-Fi
Alliance intended to improve the interoperability of wireless local
area network products based on the IEEE 802.11 standards.
- WLAN, or Wireless Local Area Network, similar to other wireless
devices, uses radio instead of wires to transmit data back and
forth between computers on the same network.
- Wi-Fi Protected Access (WPA and WPA2) is a class of systems to
secure wireless (Wi-Fi) computer networks. It was created in
response to several serious weaknesses researchers had found in the
previous system, WEP. WPA is designed to work with all wireless
network interface cards, but not necessarily with first generation
wireless access points. WPA2 will not work with some older network
cards. Both provide good security, with two significant issues: 1)
Either WPA or WPA2 must be enabled and chosen in preference to WEP.
2) In the "Personal" (Pre-shared key mode, PSK mode), the most
likely choice for homes and small offices, a passphrase is
Both WPA and WPA2 support EAP authentication methods using RADIUS
servers and preshared key (PSK) based security.
© 2001-2007 XPerience Technologies. www.xperiencetech.com