Can someone explain me EAP?
I know that EAP is a protocol used for communications and that in the scope of the Security+ we should know that LEAP was developed by Cisco based on CHAP, and the PEAP is a secure implementation which encrypts the conversation using TLS.
However, what is the purpose of EAP? Is a kind of three-hand-shake but on layer 2 rather than on layer 3?
However, what is the purpose of EAP? Is a kind of three-hand-shake but on layer 2 rather than on layer 3?
Comments
Hopes this help you for the exam.
:cheers:
Currently Enrolled - WGU MBA IT Start: Nov 1 2012, On term break, restarting July 1.
QRT2, MGT2, JDT2, SAT2, JET2, JJT2, JFT2, JGT2, JHT2, MMT2, HNT2
Future Plans - Davenport MS IA, CISSP, VCP5, CCNA, ITIL
Currently Studying - VCP5, CCNA
For the actual EAP methods, choices include, but is not limited to, LEAP, PEAPv0, PEAPv1, EAP-FAST, EAP-TTLS, EAP-TLS, and so on. I know the term "framework" is thrown around like it's supposed to intuitively make sense to someone who has never encountered this concept before, but that's essentially what it is - a generic definition of stages during authentication.
The specific methods (PEAPv0, EAP-TTLS/MS-CHAPv2, EAP-TTLS/PAP, EAP-TLS, EAP-MD5, etc.) may have overlapping similarities but at the implementation and troubleshooting level they have definite differences such as some doing server-side certification validation and then password-based client checking, some doing both user and server-side credential validation via certificates, some allowing additional messages through for 2-factor token verification at a specific step, and so forth. All have their pros and cons. EAP is not really a beginner's subject and they probably include it in Security+ material just so you've seen the letters "EAP" at some point.
Here's a flow diagram that I drew some years back as it applies to its use in 802.11 ("Wi-Fi") networks:
http://kimiushida.com/bitsandpieces/articles/flow_diagram_wpa-enterprise/flow_wpa_enterprise.png
After taking SANS 617, I realized there might be some small details which are incorrect in that diagram, but overall that's what it looks like.
Non-802.1X-enabled Wi-Fi connectivity (that is, WPA2-PSK) is radically different since the supplicant/client simply goes through the 4-way handshake, then send out a DHCP Discovery packet, go through the DHCP lease negotiation steps, and then finally get an IP to do stuff.
The EAP/802.1X variation goes through a more complicated set of steps, then goes through the 4-way handshake, then does the DHCP thing.
http://kimiushida.com/bitsandpieces/articles/flow_diagram_wpa-psk_4-way_handshake/flow_wpa-psk_4-way_handshake.png
Of course, WPA-PSK, WPA2-PSK, and WPA "Enterprise" (802.1X) all require the supplicant to go through the basic 802.11 association process ("link-up") before even starting on the 4-way handshake or the EAPOL-Start message.
Sound complicated? That's because it sort of is, but when you break down how authentication works behind the scenes, this isn't exactly unusual.
Rather than complicated I see it as a thorough process.
That diagram is for PEAP, isn't it? In the case of just EAP (clear text), the conversation would end at the line of EAP Request, EAP Type, right?
The simplified answer jumps out when you spell out the acronym - Extensible Authentication Protocol. The primary purpose is to authenticate users or systems (authentication protocol), and the basic methods can be extended for different purposes (extensible).
As MiikeB mentions, EAP is a framework and docrice spells out how the framework is used in several implementations. I like the diagrams. Much deeper than is needed for Security+, but informative.
CompTIA A+, Network+, Security+ Blogs
Daily Network+ and Security+ Test Taking Tips on Twitter