Can you explain the concept of Radius 802.11x, TKIP, WPA, WPA2 EAP, PEAP, EAP-fast, EAP-TLS PSK ? I'm having problems wrapping my understanding of them.
-
Wireless Security
-
RADIUS is the Remote Authentication Dial-in User Server - this is a client/server protocol that provides centralized Authentication, Authorization and Accounting (commonly called AAA or triple A). It is a standardized mechanism to authenticate users that accessing network resources and typically combined with a remote access server(RAS).
External User >>>>>connects to RAS >>>>>>sends a message to the RADIUS server to validate the user >>>>RAS allows/denies access to the external user based on the reply from the RADIUS server
802.1x (not 802.11x)- is port-based authentication that allows the switch to close the connection to the connection request until authentication is approved/denied. When the authentication (RADIUS server) validates the connection request the 802.1x switch can open the port and allow the connection
TKIP - Temporal Key Integrity Protocol was a way to secure communications across wireless networks by encrypting each frame with a unique key. This was introduced as a component in WiFi Protected Access (WPA) the protocol used for wireless security that was the successor to Wired Equivalent Privacy (WEP) standard that is obsolete (vulnerable)
WiFi Protected Access 2 (WPA2) is also known as IEEE802.11i was the successor to WPA that brought CCMP(Counter Mode Cipher Block Chaining Message Authentication Code Protocol) the replacement for TKIP as well as replacing WPA's weak RC4 cipher with the Advanced Encryption Standard (AES)
Extensible Authentication Protocol (EAP) is a framework for authentication that allows for various authentication mechanisms to be added.
Protected EAP (PEAP) is a enhanced version of EAP that creates a tunnel prior to EAP authentication. Most often combine with MSCHAPv2 or PEAP-MSCHAPv2.
EAP-Transport Layer Security (EAP-TLS) is an authentication variant for certificate-base and token-based authentication.
I know this is a text dump but hopefully it will give you a little insight
EAP-FAST is a t is used in wireless networks and point-to-point connections to perform session authentication.Best Regards,
Wes BryanKnowledge is a road to be traveled upon, not a destination to be reached~~
