EAP! Flashcards
(5 cards)
EAP
EAP is a set of interface standards that allows various authentication methods to be used:
EAP supports multiple authentication methods (smart cards, biometrics, and digital certificates).
Using EAP, the client and server negotiate the characteristics of authentication.
Extensible Authentication Protocol (EAP) - provides a framework for deploying multiple types of authentication methods. It is often used with digital certificates to establish a trust relationship and create a secure tunnel to transmit the user credential or to perform smart-card authentication without a password.
PEAP
PEAP provides authentication in an SSL/TLS tunnel with a single certificate on the server. PEAP:
- Creates a secure communication channel for transmitting certificate or login credentials.
- Enables mutual authentication by requiring the server to prove its identity to the client.
- Was a collaborative effort between Cisco, Microsoft, and RSA.
EAP-FAST
EAP-FAST uses a Protected Access Credential (PAC) to authenticate users. EAP-FAST:
- Establishes a TLS tunnel in which client authentication credentials are transmitted.
- Is susceptible to attackers who intercept the Protected Access Credential (PAC) and use it to compromise user credentials. This vulnerability is mitigated by manual PAC provisioning or by using server certificates.
- Was created by Cisco.
EAP-TLS
EAP-TLS uses Transport Layer Security (TLS) and is considered one of the most secure EAP standards available. EAP-TLS:
- Is widely supported by almost all manufacturers of wireless LAN hardware and software.
- Requires signed client-side and server-side certificate authority (CA) PKI certificates.
- Is labor-intensive and expensive to implement.
EAP-TTLS
EAP-TTLS also uses a CA signed certificate. EAP-TTLS:
- Is an updated version of EAP-TLS.
- Requires only one CA signed certificate on the server, simplifying the implementation process.
