Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Scalable voip mobility intedration and deployment- P19: The term voice mobility can mean a number of different things to different people. Two words that can be quite trendy by themselves, but stuck together as if forgotten at a bus station long past the last ride of the night, the phrase rings a number of different, and at times discordant, bells. | 180 Chapter 5 when the PSK had been in use. Furthermore because preshared keys are text and are common for all devices they are easy to share and impossible to revoke. Good users can be fooled into giving the PSK away or bad users such as employees who have left the organization can continue to use the preshared keys as often as they desire. These problems are solved however by moving away from preshared keys to using 802.1X and EAP. Recently some vendors have been introducing the ability to create per-user preshared keys. The advantage of having per-user keys is that one user s access can be revoked without allowing that user to compromise the rest of the network. The problem with this scheme however is the continued lack of forward secrecy meaning that a user who has his password stolen can still have decrypted every packet ever sent or will send using that key. For this reason 802.1X is still recommended using strong EAP methods that provide forward secrecy. 5.6.2 802.1X EAP and Centralized Authentication Up to now we ve discussed Wi-Fi s self contained security mechanisms. With WPA2 the encryption and integrity protection of the data messages can be considered strong. But we ve only seen preshared keys or global passwords as the method the network authenticates the user and preshared keys are not strong enough for many needs. The solution is to rely on the infrastructure provided by centralized authentication using a dedicated Authentication Authorization and Accounting AAA server. These servers maintain a list of users and for each user the server holds the authentication credentials required by the user to access the network. When the user does attempt to access the network the user is required to exercise a series of steps from the authentication protocol demanded by the AAA server. The server drives its end of the protocol challenging the user by way of a piece of software called a supplicant that exists on the user s device to prove that the user has the .
