Wireless Authentication and How to Ensure the Best Wireless Internet Security

Wireless Authentication Types

The Wireless authentication types are associated with the SSIDs configured on the wireless access point. If you need different types of wireless authentication, you need different SSIDs. Each SSID can have different security parameters.

Wireless authentication has two levels of security:

  • Open or Shared-key authentication
  • EAP – Extensible Authentication Protocol

Open and shared-key authentication use WEP. WEP doesn’t give you a proper security level. Shared-key authentication is especially vulnerable. Go through the post and find out why. Learn how you can get the maximum security level with the EAP authentication.

More about the differences among WEP, WPA and WPA2 read on WEP vs WPA.

For the EAP you need a Radius server, while for the Open and Shared-key authentication there is no need for any external device.

Open Authentication

Open wireless authentication

Open wireless authentication

In the open authentication any wireless device can authenticate to the wireless access point, but the client can transmit only if the WEP key matches.

The client will be connected to the access point, even with the wrong WEP key. With the wrong WEP key, the client could not reach the internet and other devices on the wireless network. Frames with wrong WEP key are discarded by the access point (6).

Shared-key Authentication

Shared wireless authentication

Shared wireless authentication

In shared-key authentication, the access point sends an unencrypted challenge to the client which tries to connect to the access point (2). Then the client sends encrypted challenge back to the access point (3). If the challenge is encrypted correctly, access point allows client to authenticate (4).

An intruder can intercept unencrypted and encrypted challenges. By comparing these two messages intruder can calculate the WEP key.

EAP Authentication

EAP wireless authentication

EAP wireless authentication

EAP – Extensible Authentication protocol provides the highest level of protection. The RADIUS server is responsible for the authentication of users to the network. RADIUS checks the username and password of the client. The access point is the device that relays messages between the client and RADIUS.

Interesting document with in-depth analysis of the wireless authentication you can find on Authentication Types for Wireless Devices.