Page 303 - CISSO_Prep

Page 303 - CISSO_Prep_ Guide

P. 303

Counter changes per packet). Uses a new
Message Integrity Code (MIC) called
Michael.
• Counter-Mode-CBC-MAC Protocol (CCMP) –
uses AES w/128-bit keys.
• Wi-fi Protected Access (WPA):
• 802.1x or pre-shared key access
control.
• EAP or pre-shared authentication.
• TKIP (RC4) for encryption.
• Michael MIC for integrity.
• WPA2 802.11i:
• 802.1x or pre-shared key access
control.
• EAP or pre-shared authentication.
• CCMP (AES w/ Counter) for
encryption.
• CCMP (AES CBC-MAC) for integrity.

Remote Access
• PPP:
• PAP.
• CHAP.
• EAP – password, S/Key (MD4 to
generate one-time passwords), token
card, or digital certificate.
• Radius – UDP, encrypts some.
• TACACS+ - TCP, encrypts all.
• DIAMETER – roaming applications, peer-to-
peer:

298 299 300 301 302 303 304 305 306