Hello,
A very straightforward doubt here, I was unable to clearly understand the difference between EAP-TLS & EAP-FAST. If anyone could briefly explain it to me in simple words from an exam point of view, I'd really appreciate that.
Thanks.
-
Doubt in EAP
-
@Atharva-Bet @wes-bryan Sir, please can you explain ?
-
@Atharva-Bet another great question, EAP is an authentication framework that does not specific "authentication type" known as EAP methods. Vendors have defined (proposed) their own variations on EAP. However, the one you have mentioned EAP-TLS (Transport Layer Security) is used primarly in wireless LAN (WLAN) implementations and can be used for smartcard and token-based authentication as well as being the most widely supported. EAP-FAST (Flexible Authentication via Secure Tunneling) is a Cisco-based authentication method as a replacement for LEAP (Lightweight EAP, which was a temporary protocol used instead of WEP).
Best Regards,
Wes BryanKnowledge is a road to be traveled upon, not a destination to be reached~~
-
@wes-bryan Thank you for the inputs sir :). Sir but I wanted to know one more thing about these 2. In the show, you talk about something like EAP-TLS and EAP-FAST both support mutual authentication but in the TLS variant, both the server and the client have to show the certificates whereas in the FAST variant only the server has to show. You also said something like in the FAST variant the server doesn't issue certificates from the public. Also, when I say that "you said", I didn't intend to quote anything, just saying what I'm remembering....(Please don't be hard over there).
So yeah, I am facing confusion in this part, sir, Can you please help me understand this in a better/simpler way??
Thanks. -
Hey @Atharva-Bet the above explanation was based on your request for me to "briefly explain it to me in simple words from an exam point of view," and what I have described for you is just that. If you are looking a more robust answer that goes beyond what is needed for the exam, I am happy to provide that as well!! See below:
1 - EAP-TLS was developed as a open standard defined under the Internet Engineering Task Force (IETF)'s RFC 5216 as the original WLAN EAP authentication protocol, using mutual authentication via client-side X.509 certificates. The private keys of the client-side keys can be stored in a smartcard for smartcard authentication, giving EAP-TLS the greatest level of security. The fact that EAP-TLS is an open standard is important as it has become, for the most part, universally accepted.
2 - EAP-FAST was developed by Cisco to replace their proprietary Lightweight EAP an earlier dynamic WEP using MS-CHAP for authentication which came out before the IEEE developed a replacement for the original Wired Equivalent Privacy, what we know today as 802.11i (or WPA2 with CCMP-AES). EAP-FAST uses optional server-side certificates and a component called Protected Access Credential or PAC which is a uniquely shared credential to mutually authenticate the client and server, building the TLS connection. There is also an EAP-FASTv2 (EAP-Tunneled EAP or EAP-TEAP), but that is outside of the scope of the exam.
Here are the following resources for additional reading
1 - EAP-TLS IETF RFC 5216 = https://datatracker.ietf.org/doc/html/rfc5216
2- Cisco's Overview of EAP-FAST = https://www.cisco.com/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/EF_ovrvw.pdf
These will provide you with more information then what is required for the exam, if you are curious. Thank you for watching!
Best Regards,
Wes BryanKnowledge is a road to be traveled upon, not a destination to be reached~~
-
@wes-bryan Thank you so much, Sir
I got it now... -
@Atharva-Bet great questions sir, keep them coming!
Best Regards,
Wes BryanKnowledge is a road to be traveled upon, not a destination to be reached~~
