3.4 Wireless Authentication Protocols

Question 1

What is the framework that many wireless networks built upon?

Answer 1

EAP in conjunction with 802.1x

Question 2

What is 802.1x

Answer 2

Port-based network access control.

Question 3

What is NAC?

Answer 3

Network access control. You don’t get to connect to the network until you authenticate yourself.

Question 4

What type of central database is NAC used with?

Answer 4

RADIUS, LDAP, TACACS+

Question 5

What are the 3 systems that make up 802.1x and EAP?

Answer 5

The client - known as supplicant
Authenticator - The device that provides access
Authentication Server - Validation of client credentials

Question 6

What is EAP-FAST?

Answer 6

EAP Flexible Authentication via Secure Tunneling

Authentication server and supplicant have a Protected Access Credential (PAC) (its just a shared secret)

Supplicant receives the PAC and establishes a TLS tunnel and then authentication occurs. Requires a RADIUS server.

Question 7

What is PEAP?

Answer 7

Created by Cisco, MS, RSA

Also uses TLS. Uses digital certificate instead of PAC. Client does not use certificate.

User authenticates with MSCHAPv2. Alternatively user can authenticate with GTC or Hardware token generator.

Question 8

What is EAP-TLS?

Answer 8

This one requires digital certificate from Authentication Server and Supplicant. Once both parties exchange certificates, TLS tunnel is created.

Requires PKI because of certificates.

Question 9

What is EAP-TTLS?

Answer 9

Supports other authentication protocols in TLS tunnel. Only the AS requires a digital certificate. The TLS tunnel is created via the AS certificate.

Authentication can be done via any other method such as MSCHAPv2, other EAP, or Federations like RADIUS.

Question 10

What does RADIUS federation commonly use as their authentication method?

Answer 10

802.1x and EAP for authentication.