IntroductionThe following document will review the Extensible Authentication Protocol (EAP) as a widely accepted standard. A brief description will be provided with visual aids to aid understanding. A current implementation of EAP with Transport Layer Security (TLS) will be described. Common security measures implemented will also be abandoned. Following security measures, I will provide research on common attack vectors and ways to mitigate these attacks to protect secure data transmissions. A full discussion of EAP and TLS is beyond the scope of this article. The research contained herein is provided as a high-level understanding of the EAP protocol and possible implementation with known risks. Protocol Description EAP was built on top of Point-to-Point Protocol (PPP) due to the need for a way to establish a connection before a client (peer/supplier) had the opportunity to negotiate the authentication method. Originally, PPP negotiated how it would provide authentication between two entities before the two were actually connected, called the handshake phase (RFC 1661, 1994). Current technology must first allow peers to connect to the authenticator and then establish the authentication, authorization, and accounting (AAA) method that will be used. Authentication had to move from the linking phase to a new standard. Thus, EAP was developed as a new authentication negotiation method (Sotillo, 2007). A very common example of EAP is wireless communications. The peer must connect to the authenticator to establish a connection, and then the EAP negotiation is initiated. The main components of EAP are the peer/client, authenticator, and authentication server that are connected. .... middle of document ......eering Task Force: http://tools.ietf.org/html/rfc5216RFC 5246. (2008, August 2008). The TLS (Transport Layer Security) protocol. Retrieved November 15, 2013, from The Internet Engineering Task Force: http://tools.ietf.org/html/rfc5246RFC 5247. (August 2008). Extensible Authentication Protocol (EAP) key management framework. Retrieved November 14, 2013, from The Internet Engineering Task Force: http://tools.ietf.org/html/rfc5247Sotillo, S. (November 27, 2007). Extensible Authentication Protocol (EAP). Retrieved November 16, 2013, from Infosec Writers: http://www.infosecwriters.com/text_resources/pdf/SSotillo_EAP.pdf Turner, B. (December 3, 2008). Securing a wireless network with EAP-TLS: perception and realities of its implementation. Retrieved November 15, 2013 from Edith Cowan University: http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1055&context=ism