LANCOM Enhanced Passphrase Security (LEPS)

The encryption method WPA2 protects data traffic in the WLAN from "interception". The required passphrase is easily handled as a central key; a RADIUS server such as that for 802.1X installations is not required.

Nevertheless, the tap-proof WPA2 method still has some weaknesses:

This means in practice that: Should the passphrase "go missing" or if an employee with knowledge of the passphrase leaves the company, then the passphrase in the access point needs to be changed in the interests of security—in every WLAN client, too. As this is not always possible, an improvement would be to have an individual passphrase for each user in the WLAN instead of a global passphrase for all WLAN clients. In the case mentioned above, the situation of an employee leaving the company requires merely his "personal" passphrase to be deleted; all others remain valid and confidential.

With LEPS, LANCOM Systems GmbH Systems has developed two efficient methods that makes use of the simple configuration of IEEE 802.11i with passphrase, but that avoid the potential security loopholes that come with global passphrases.

LEPS-U (LANCOM Enhanced Passphrase Security User) assigns an individual password for the SSID to each individual client or to entire groups. LEPS-MAC (LANCOM Enhanced Passphrase Security MAC) additionally authenticates the clients by their MAC address, which is ideal for secure enterprise networks.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo