Authentication Protocols Flashcards
Explain PAP
Password Authentication Protocol
Username & Password sent in clear text.
Explain CHAP
Challenge-Handshake Authentication Protocol Shared password Server Stores passwords in plain text 3 way handshake: Server sends challenge (nonce) Client hashes challenge and password Server compares hash
Explain 802.1X
Port Based Network Access Control Includes EAP Layer 2 3 Major Roles are: Supplicant: an 802.1x client Authentication Server (AS) Authenticator: Access Point
Explain EAP
Many types:
EAP-MD5: Weakest
EAP-FAST: Cisco Proprietary, replaces LEAP, uses Protected Access Credential (PAC) as shared key.
EAP-TLS: Uses PKI, needs client and server side certificate
EAP-TTLS: Does not need client side certificate
LEAP: Cisco Proprietary, weak.
PEAP: Competitor to EAP-TTLS
Explain Radius
AAA system
Open Protocol
Uses UDP
Only encrypts password
Combines authentication, authorization, and auditing process
Client sends credentials to Access Server
Access Server sends credentials to Radius Server
Explain TACACS
Combines its authentication, authorization, and auditing process
Explain XTACACS
Separates its authentication, authorization, and auditing process
Explain TACACS+
XTACACS with two factor authentication
Uses TCP
Server/Client model
Encrypts all data
Explain Diameter
Build upon Radius
AAA System
Peer based system, not server/client
Used to accommodate VoIP, Mobile IP Ethernet of PPP