Definition

LEAP (Lightweight Extensible Authentication Protocol)

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. LEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

LEAP uses dynamic Wired Equivalent Privacy (WEP) keys that are changed with more frequent authentications between a client and a RADIUS server. WEP keys are less likely to be cracked -- and less long-lived if cracked -- due to this frequency.

However, LEAP's reliance upon a version of the MS-CHAP protocol means that user credentials may not be adequately protected. More stringent authentication protocols employ a salt (a random string of data that modifies a password hash).

Cisco, Microsoft and RSA Security are promoting a more secure version of EAP, Protected Extensible Authentication Protocol (PEAP), as an Internet standard. That protocol is expected to displace LEAP.

This was last updated in July 2008
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchMobileComputing.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

  • In-the-cloud defenses for mobile malware

    Mobile antivirus programs apply laptop best practices to PDAs and smartphones, but there are many other ways to protect corporate assets from mobile malware. Complementary "in the cloud" defenses include enterprise sync servers, network gateways and wireless services that incorporate mobile malware filtering. Learning from experience: Our decade-long fight against Win32 malware has shown that PC-resident virus/spyware scanners and spam/phishing filters are necessary but inefficient. Keeping those programs and signatures current has become an onerous, time-sensitive chore.

  • iPhone encryption is a must for the security-conscious enterprise

    Apple is advertising the iPhone 3G as something that consumers can use at work. IT managers with high security requirements beg to differ. They want full device encryption and centralized policy enforcement before they'll even let one in the building.

  • Avoiding data breaches through mobile encryption

    Compare mobile encryption alternatives and their ability to prevent stored data theft, reducing the biggest risk posed by lost or stolen devices, in this tip.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: