Wireless Security

 EAP-MD5

  • Uses the same MD5 hash as the Cisco router      command : service password-encryption
  • Easily broken
  • EAP-MD% introduced in Win2000, deprecated in Windows Vista
LEAP (Lightweight EAP)
  • Cisco-proprietary wireless network authentication method
  • The client and the authentication server challenge each other
  • Challenge responses are encrypted
  • Uses dynamic WEP keys
  • Although officially Cisco proprietary, it's supported by some third-party vendors via the Cisco Compatible Extensions Program
  • LEAP suffers from serious security vulnerabilities, including easily cracked passwords
  • Has been officially deprecated, but is still an option on some clients and access points
EAP-FAST (EAP Flexible Authentication by Secure Tunneling)
  • Cisco's replacement for LEAP
  • A secure tunnel between the endpoints is constructed via use of a PAC during a three-phase process, which curiously enough begins with Phase Zero
PEAP: Protected EAP
  • Encapsulates EAP via a TLS tunnel
  • The major difference between PEAP and EAP-FAST is PEAP's use of a digital certificate for the AS  authentication
EAP-TLS-EAP Transport Layer Security
This requires certificate mutual authentication via digital certificates. 

Comments

Post a Comment

Popular posts from this blog

IP Version 6

 IPv6 address is 128 bits long includes a 64-bit interface identifier and 48-bit prefix and 16-bit subnetting. How many subnets? 2 to the 16th power is 65,536 subnets.  Zero compression: If you have consecutive fields of zeros, they can be expressed with two colons.  1234:1234:0000:0000:0000:0000:32456:3434 1234:1234::3456:3434 Leading zero compression: Leave at least one number in each field, even if the field is all zeros.  1234:0000:1234:0000:1234:0000:1234:01234 1234:0:1234:0:1234:0:1234:123 R2#(config)#ipv6 unicast-routing R2(config)#int gig 0/0 R2(config-if)#ipv6 address 2001:1111:2222:1:2/64 R2#show ipv6 int gig 0/0 Static Routing:  Three types of static routes: Recursive, where only the next-hope address is specified. Directly Connected, where only the output interface is specified. Fully Specified, where both the next-hop address and output interfaces are specified. 
Read more

OSPF

 There are two major link-state protocols in use today - OSPF and IS-IS. IS-IS is primarily used by service providers, and while you'll find IS-IS on other Cisco example, you won't see it on the CCNA R$S exam. So, this will focus on OSPF.  R1#show ip ospf datbase R1#show ip route ospf The beauty of the Dijkstra algorithm is that recalculation of routes due to a network change is so fast that routing loops literally have no time to form.  Before the LSA exchane begins, Ospf-speaking outers must become neighbors by forming an adjacency. Routers must agree on the following to become neighbors in OSPF:  The area number  The hello and dead timer settings Whether the area is a stub area Network mask When you configure RIP, it doesn't require number. However, for EIGRP you need <1-65535> Autonomous system number that has been agreed upon adjacencies. For OSPF, you need <1-65535> Process ID that doesn't have to be agreed upon.  We will verify OSPF adjac...
Read more