EAP Disabled

EAP Disabled

WiFi Manager detects Access Points with Network-EAP disabled and alerts the operators through this alarm.

What is EAP?

EAP stands for Extensible Authentication Protocol. It is a general protocol for authentication more commonly used in wireless networks and Point-to-Point connections. It supports multiple authentication methods such as EAP-MD5, EAP-TLS, EAP-SIM, EAP-TTLS, LEAP, PEAP.

Why not use WEP ? Why do we need EAP ?

WEP is a encryption mechanism and does not deal with authentication, whereas EAP is a complete authentication mechanism and also server as the basis for some of the encryption mechanisms like TKIP or AES by negotiating a secure PMK (Pair-wise Master Key) between the client and NAS (Network Access Server). Apart from the fact that WEP is flawed there are also some practical difficulty in implementing WEP. Some of the practice problems are -

Every mobile client in the network needs to be configured for WEP. The more users the more cumbersome the process becomes.
Every time when the WEP key changes (say for example the WEP key is believed to be known to outsiders and the IT team wants to assign new WEP) the whole process has to be repeated.
There is no software that can set WEP keys in both AP and mobile client in a single step. If something like that exists, that calls for installing dedicated client software in each of the mobile clients, which again becomes a cumbersome process as the number of devices increase. Moreover the client software's ability to work with the organization's preferred client adapters will also be a concern.

What happens when a EAP is disabled?

In absence of EAP we have to fall back on some other security mechanism like WEP which is flawed and hence the security of the network will be at stake.

What should the administrator do ?

The administrators should ensure that adequate authentication and encryption mechanisms are in place to authenticate the user of the WLAN and also to encrypt the data when they are transmitted wirelessly. They have to EAP or other powerful authentication and encryption mechanism to secure the network from hackers.