640-722 Security

The flashcards below were created by user kdinser on FreezingBlue Flashcards.

  1. EAP
    Extensible Authentication Protocol

    • - 801.11i
    • - Enhances 802.1X
  2. LEAP
    Lightweight EAP

    -Not secure
  3. LDAP
    Lightweight Directory Access Protocol

    - Active Directory
  4. Local EAP
    - AP uses its own local RADIUS server for Authentication
    EAP Flexible Authentication via Secure Tunneling

    - Same level of security as EAP-TLS, but doesn't require managing certificates and a PKI

    - 3 phase tunnel creation
  6. EAP-TLS
    EAP Transport Layer Security

    - Most secure and most difficult

    - Certificate needed on both the Authentication Server and the client

    -  2 sets of keys are needed and signed by PKI

    - Random Session keys are generated, used for encryption, and discarded after the session ends

  7. PKI
    Public Key Infrastructure

    - Provides for Asymmetric public/private key pairs
  8. CA
    Certificate Authority

    - Server that issues certificates

    - Both sides must trust for connection
    Remote Authentication Dial-In User Service

    - Authorization

    - Centralized Access

    - Accounting to specify the type of rights a user or workstation has

    - Control over the device/user can do

    - Records all access attempts and actions

    - AAA server
  10. EAP-FAST Tunnel Creation: Phase 0
    Server Generates a PAC

    - 3 key components: PAC-key, PAC-opaque, PAC-info
  11. PAC
    Protected Access Credential

    - Installed manually or sent securely

    - Created in EAP-FAST Phase 0

    - Used to create a tunnel in EAP-FAST Phase 1
  12. PAC-key
    Acts as the private key in a certificate
  13. PAC-opaque
    - Used to identify the station

    - Used to retrieve the PAC-key
  14. PAC-info
    Contains info about the server called the Authority ID
  15. EAP-FAST: Phase 1
    - Users PAC generated in Phase 0 to create a tunnel

    - Authenticates through the tunnel

    - Server Sends A-ID, station returns PAC-opaque for authentication of the server

    - Sever decrypts PAC-opaque to get PAC-Key
  16. EAP-FAST: Phase 2
    - PAC-key used to create tunnel

    - station authenticates with passwords or security tokens
  17. PEAP
    Protected EAP

    - Requires certificates on the server, none on the stations
  18. PEAP-GTC
    - uses a Generic Token Card (GTC) to authenticate after tunnel
    - Uses Microsoft Challenge Handshake Authentication Protocol version 2 to authenticate after tunnel
  20. 802.1X
    Allows for Extensible Authentication
  21. 802.1X-Supplicant
    Client/station/device trying to gain access
  22. 802.1X-Authenticator
    Device controlling access such as the AP, Switch, VPN
  23. 802.1X-Authentication Server
    acts as the authentication database, typically RADIUS
Card Set:
640-722 Security
2013-02-22 10:46:06
CCNA wireless

ccna wireless security
Show Answers: