Page 125 - StudyBook.pdf
P. 125

Communication Security: Remote Access and Messaging • Chapter 3  109

                 dynamically changes keys as the system is used. In addition,WPA included support
                 for Extensible Authentication Protocol (EAP), Extensible Authentication Protocol-
                 Transport Layer Security (EAP-TLS), Extensible Authentication Protocol-Tunneled
                 Transport Layer Security (EAP-TTLS), or Protected Extensible Authentication
                 Protocol (PEAP).


                 TEST DAY TIP

                      Although EAP is covered in greater detail later in this chapter, it is
                      important to distinguish it from its variants (i.e., EAP/TLS, TTLS, and
                      PEAP).
                         EAP, defined by RFC 3748, is an authentication framework providing
                      a functionality for a variety of authentication mechanisms. It does not
                      provide encryption itself, but rather the ability to utilize several encryp-
                      tion methods within an authentication construct.
                         EAP-TLS is considered a very secure form of authentication as it
                      employs the security of TLS, which is the successor to SSL, and makes use
                      of both server-side and client-side certificates. Although considered very
                      secure (especially when client-side certificates are stored on devices like
                      Smart Cards), the overhead of this form of authentication keeps it from
                      being a more frequently implemented solution.
                         EAP-TTLS also provides very good security utilizing Public Key
                      Infrastructure (PKI) certificates on the authentication server only to
                      create a tunnel between the client and the server.
                         PEAP is the result of a joint development effort from Microsoft, Cisco
                      Systems, and RSA Security. Like EAP-TTLS, it provides security via server-
                      side PKI certificates. There are at least two sub-types of PEAP certified
                      for the WPA and WPA2 standard: PEAPv0/EAP-MSCHAPv2 (Microsoft
                      Challenge Handshake Authentication Protocol) and PEAPv1/EAP-GTC
                      (Generated Token Card).




                    The year after WPA was released,WPA2 was brought forth. Based on the
                 Robust Security Network (RSN) mechanism,WPA2 utilized an Advanced
                 Encryption Standard (AES)-based algorithm, Counter-Mode/CBC-Mac Protocol
                 (CCMP), that is considered to be fully secure. In fact, as of March 2006,WPA2
                 certification is required on any device that is slated for Wi-Fi certification.WPA2 is
                 supported on Windows XP,Windows Vista, Linux, and Apple AirPort clients and
                 Apple’s Airport Extreme appliances.




                                                                              www.syngress.com
   120   121   122   123   124   125   126   127   128   129   130