Wireless Security

Open authentication – no security or encryption.

With WEP (PSK):

  • Client tries to authenticate.
  • AP replies with challenge text.
  • Client replies with auth string
  • Authentication is approved or rejected by AP.

802.1x – default state of being is NO.

  • Client PC providing credentials to be authenticated is the supplicant
  • The AP asking for credentials is the authenticator
  • The server validating the credentials authentication server (ACS, ISE, etc)
  • Protocol used between the authenticator and the authenticating server is RADIUS.
  • Provided the supplicant passes authentication, the authenticating server can also send a unique key to be used for encryption between the AP and the client for this wireless session.

EAP – Extensible Authentication Protocol

  1. LEAP (Lightweight) – AAA server and the client authenticate each other.
  2. FAST (EAP-Flexible Authentication via Secure Tunneling) – AAA server and the client authenticate each other via a secure tunnel using a PAC (Protected Access Credentials).
  3. PEAP (Protected EAP) – AAA server users digital certificate.  Client uses username and password.
  4. EAP-TLS (Transport Layer Security) –

 

 

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.