Included in all wireless products offered by Cisco, the Cisco LEAP Module is an authentication type (802.1X) that authenticates both client and RADIUS server by employing a password known by both parties. Encryption keys are dynamic, and change with every user and every session.
First launched in 2000, the module is supported by both WPA (Wi-Fi Protected Access) and WPA2. It is also included in Cisco’s Aironet and other client devices that are Cisco compatible. It uses the standard framework and boosts the security of WLAN authentications.
The Cisco LEAP module is supported by Cisco’s Unified Wireless Network, a blend of wired and wireless solutions which provides low-cost security to businesses and other organizations using wireless LANs. The network can interface with a variety of client devices, stopping both active and passive WLAN attacks. Compatible operating systems include Linux, DOS, Mac OS, Microsoft Windows, and Windows CE.
The module provides a single login using an active directory by Windows, the NT/2000. The login includes both a username and password. Scalable, it provides a consolidated method for organizations to manage their security while online. It is easily upgradable, allowing companies to expand their security solutions as their needs grow.
Because a RADIUS server must authenticate each wireless client, it can transmit only EAP traffic until authentication occurs. When the end user logs in, both client and server are mutually authenticated.
During the mutual authentication, the system creates a dynamic key to encrypt the information. Then, the server sends the encryption key on to the point of access through a secured channel. When the access point is given the key, the system enables network traffic for the client at the point of access. Encryption takes place throughout the process, so that the password and other login credentials remain encrypted while they are sent through the wireless network.
When the client logs off, the client’s access point becomes nonauthenticated. The whole process, which provides a sophisticated web of security for wireless networks, takes place in a matter of seconds, allowing seamless communication between users.
The Cisco LEAP module supports various user databases and servers, including the Funk Odyssey Server, the Funk Steel-Belted, the Cisco Secure ACS, LeapPoint devices, and the Cisco Network Registrar, among others. It also supports all products and devices that employ Interlink Network server code.
The Cisco LEAP module can authenticate various wireless clients, so long as they are Cisco compatible.