Network Access Control Flashcards
What are the components of a NAC system?
Supplicants who are clients wishing to gain network access. Network resources, which are what the clients want access to. Network Access Servers which control access (such as DHCP, VLAN, Authentication Servers). Quarantine network, which fix clients who do not meet policy rules.
Give three examples of Network Access Servers.
DHCP, VLAN, Authentication Servers
What is EAP?
Extensible Authentication Protocol. It is a framework for network access and authentication protocols. It is flexible, and allows for around 40 different authentication methods. Essentially, it is a transport service for the exchange of authentication information.
Who performs authentication in NAC, the authenticator or the authentication server?
Authentication server.
Describe the message flow with EAP.
The authenticator detects that a client is in range, and asks them to identify themselves. The client sends back a message with its identity, which is relayed to an authentication server via the authenticator. The server will try lots of different authentication methods, until the client is either successful or fails.
What type of server is the authentication server?
RADIUS
Does RADIUS use TCP or UDP?
UDP
Are RADIUS messages encapsulated in EAP messages, or are EAP messages encapsulated in RADIUS messages?
EAP messages are encapsulated in RADIUS messages.
Describe IEEE 802.IX
This is a link layer protocol, which requires authorisation before a port is assigned to an IP address. It makes use of EAPOL.
Who actually decides whether access should be granted to a network, the authenticator or authentication server?
While the authentication server does the authentication, it is actually the authenticator which grants access.
What are the fields in an EAP message?
Code (tells you if the message is a request, response, success, or failure). Identifier (to match responses with requests). Length. Data.
