January 22, 2012

1.6.4 EAP

EAP

Extensible Authentication Protocol (EAP) is an Internet Engineering Task Force (IETF) standard that provides an infrastructure for network access clients and authentication servers to host plug-in modules for current and future authentication methods. EAP is used to authenticate Point-to-Point Protocol (PPP)-based connections (such as dial-up, virtual private network remote access, and site-to-site connections) and for IEEE 802.1X-based network access to authenticating Ethernet switches and wireless access points (APs).

EAP is used primarily in WEP/WPA/WPA2-based wireless networks for securely transporting authentication data. EAP separates the message exchange from the authentication process through the use of a different exchange layer and it provides a module-based infrastructure that supports several different authentication methods.

EAP, is an authentication framework (not a specific authentication mechanism) frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and was updated by RFC 5247.

It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined.

Five EAP methods are adopted by the WPA/WPA2 standard: EAP-TLS, EAP-PSK, EAP-MD5, and LEAP and PEAP.

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary EAP method developed by Cisco Systems prior to the IEEE ratification of the 802.11i security standard.

The Protected Extensible Authentication Protocol, (Protected EAP or PEAP), is a protocol that encapsulates EAP within a potentially encrypted and authenticated Transport Layer Security (TLS) tunnel. The purpose was to correct deficiencies in EAP which assumed a protected communication channel, so facilities for protection of the EAP conversation were not provided. PEAP is more secure since it establishes an encrypted channel between the server and the client.

References:
  • http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
  • http://technet.microsoft.com/en-us/network/bb643147
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney
  • CompTIA Security+ Review Guide: Exam SY0-301, Second Edition by James M. Stewart

No comments:

Post a Comment