Authentication Protocols

Question 1

Explain PAP

Answer 1

Password Authentication Protocol

Username & Password sent in clear text.

Question 2

Explain CHAP

Answer 2

Challenge-Handshake Authentication Protocol
Shared password
Server Stores passwords in plain text
3 way handshake:
Server sends challenge (nonce)
Client hashes challenge and password
Server compares hash

Question 3

Explain 802.1X

Answer 3

Port Based Network Access Control
Includes EAP
Layer 2
3 Major Roles are:
Supplicant: an 802.1x client
Authentication Server (AS)
Authenticator: Access Point

Question 4

Explain EAP

Answer 4

Many types:
EAP-MD5: Weakest
EAP-FAST: Cisco Proprietary, replaces LEAP, uses Protected Access Credential (PAC) as shared key.
EAP-TLS: Uses PKI, needs client and server side certificate
EAP-TTLS: Does not need client side certificate
LEAP: Cisco Proprietary, weak.
PEAP: Competitor to EAP-TTLS

Question 5

Explain Radius

Answer 5

AAA system
Open Protocol
Uses UDP
Only encrypts password
Combines authentication, authorization, and auditing process
Client sends credentials to Access Server
Access Server sends credentials to Radius Server

Question 6

Explain TACACS

Answer 6

Combines its authentication, authorization, and auditing process

Question 7

Explain XTACACS

Answer 7

Separates its authentication, authorization, and auditing process

Question 8

Explain TACACS+

Answer 8

XTACACS with two factor authentication
Uses TCP
Server/Client model
Encrypts all data

Question 9

Explain Diameter

Answer 9

Build upon Radius
AAA System
Peer based system, not server/client
Used to accommodate VoIP, Mobile IP Ethernet of PPP