+ Reply to Thread
Results 1 to 6 of 6
  1. yzT
    yzT is offline
    Senior Member yzT's Avatar
    Join Date
    May 2013
    Posts
    353

    Certifications
    Security+
    #1

    Default Can someone explain me EAP?

    I know that EAP is a protocol used for communications and that in the scope of the Security+ we should know that LEAP was developed by Cisco based on CHAP, and the PEAP is a secure implementation which encrypts the conversation using TLS.

    However, what is the purpose of EAP? Is a kind of three-hand-shake but on layer 2 rather than on layer 3?
    Reply With Quote Quote  

  2. SS
  3. Member Deezy FF's Avatar
    Join Date
    Jan 2012
    Location
    Winston-Salem, North Carolina
    Posts
    60

    Certifications
    CIW Web Foundations, A/N/S/L/P+, CCNA-Security
    #2
    I just recently passed my security + and I can't really answer that. For the exam i did need to know that EAP is an Authentication protocol and that it transmits in plaintext (unsecure). PEAP is the secure version.

    Hopes this help you for the exam.
    Reply With Quote Quote  

  4. Senior Member MiikeB's Avatar
    Join Date
    Apr 2011
    Posts
    298

    Certifications
    BS-IT,MCITP:EA,A+,Net+, Sec+,Project+
    #3
    EAP is only a framework and not a specific mechanism. It only defines things like message format. It does not in and of itself define key parameters or encapsulation protocols.
    Reply With Quote Quote  

  5. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,689

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #4
    Extensible Authentication Protocol is a generic procedure definition that allows you to choose from a variety of available authentication processes rather than being locked into a single vendor-defined method. It's like every car manufacturer starting with the exact same structural frame design, but then each manufacturer puts in their own engine, transmission, body styling, etc. with specifications that are different from the others.

    For the actual EAP methods, choices include, but is not limited to, LEAP, PEAPv0, PEAPv1, EAP-FAST, EAP-TTLS, EAP-TLS, and so on. I know the term "framework" is thrown around like it's supposed to intuitively make sense to someone who has never encountered this concept before, but that's essentially what it is - a generic definition of stages during authentication.

    The specific methods (PEAPv0, EAP-TTLS/MS-CHAPv2, EAP-TTLS/PAP, EAP-TLS, EAP-MD5, etc.) may have overlapping similarities but at the implementation and troubleshooting level they have definite differences such as some doing server-side certification validation and then password-based client checking, some doing both user and server-side credential validation via certificates, some allowing additional messages through for 2-factor token verification at a specific step, and so forth. All have their pros and cons. EAP is not really a beginner's subject and they probably include it in Security+ material just so you've seen the letters "EAP" at some point.

    Here's a flow diagram that I drew some years back as it applies to its use in 802.11 ("Wi-Fi") networks:

    http://kimiushida.com/bitsandpieces/...enterprise.png

    After taking SANS 617, I realized there might be some small details which are incorrect in that diagram, but overall that's what it looks like.

    Non-802.1X-enabled Wi-Fi connectivity (that is, WPA2-PSK) is radically different since the supplicant/client simply goes through the 4-way handshake, then send out a DHCP Discovery packet, go through the DHCP lease negotiation steps, and then finally get an IP to do stuff.

    The EAP/802.1X variation goes through a more complicated set of steps, then goes through the 4-way handshake, then does the DHCP thing.

    http://kimiushida.com/bitsandpieces/..._handshake.png

    Of course, WPA-PSK, WPA2-PSK, and WPA "Enterprise" (802.1X) all require the supplicant to go through the basic 802.11 association process ("link-up") before even starting on the 4-way handshake or the EAPOL-Start message.

    Sound complicated? That's because it sort of is, but when you break down how authentication works behind the scenes, this isn't exactly unusual.
    Reply With Quote Quote  

  6. yzT
    yzT is offline
    Senior Member yzT's Avatar
    Join Date
    May 2013
    Posts
    353

    Certifications
    Security+
    #5
    Well more or less is the basic idea I had with the handshake process, although actually it is 4 handshake rather than 3 xD

    Rather than complicated I see it as a thorough process.

    That diagram is for PEAP, isn't it? In the case of just EAP (clear text), the conversation would end at the line of EAP Request, EAP Type, right?
    Reply With Quote Quote  

  7. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #6
    Great explanation, docrice.

    The simplified answer jumps out when you spell out the acronym - Extensible Authentication Protocol. The primary purpose is to authenticate users or systems (authentication protocol), and the basic methods can be extended for different purposes (extensible).

    As MiikeB mentions, EAP is a framework and docrice spells out how the framework is used in several implementations. I like the diagrams. Much deeper than is needed for Security+, but informative.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks