10. The server returns a pass or fail. If it’s a pass, the user can send traffic.
LEAP
Lightweight Extensible Authentication Protocol (LEAP) gets honorable mention here
mainly because it is a Cisco EAP method that is still seen in 802.11b networks. LEAP is
vulnerable to an offline exploit, and you should avoid it if possible. LEAP uses a propri-
etary algorithm to create the initial session key.
Authentication and Encryption
Now that you understand some of the methods used to authenticate users, it’s time to ex-
plore some encryption methods. The beginning of this chapter discussed WEP. The prob-
lem with WEP is that it can be broken easily. Therefore, other methods have been
established in an effort to provide more strength in encryption. In the following sections,
you will learn about Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2
(WPA2).
WPA Overview
WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement for WEP. WPA uses
Temporal Key Integrity Protocol (TKIP) to automatically change the keys. TKIP still uses
RC4; it just improves how it’s done. This is a major improvement over static WEP. WPA
can optionally support Advanced Encryption Standard (AES), but it’s not mandatory.
WPA is based on 802.11i draft version 3. WEP uses RC4 encryption, which is very weak.
The better alternative was to use AES encryption, but that would have required an equip-
ment upgrade. To avoid an equipment upgrade, WPA was developed to use TKIP and a
larger IV than WEP. This would make it more difficult to guess the keys while not requir-
ing new hardware. Instead, you could simply perform a firmware upgrade in most cases.
WPA offers two authentication modes:
■ Enterprise mode: Enterprise mode WPA requires an authentication server. RADIUS
is used for authentication and key distribution, and TKIP is used with the option of
AES available as well.
■ Personal mode: Personal mode WPA uses preshared keys, making it the weaker op-
tion, but the one that is most likely to be seen in a home environment.
Figure 17-15 shows the process of WPA authentication.
Key TopicClient
Authenticator
Authentication
Server
Security Capability Discovery
Bạn đang xem 10. - CCNA WIRELESS OFFICIAL EXAM CERTIFICATION GUIDE PART 38 DOC