Authentication Protocols Flashcards

Questions and Answers

What does CHAP stand for?

Challenge Handshake Authentication Protocol

Which of the following describes the primary function of CHAP?

Validates timestamps

Generates a challenge message (correct)

Encrypts the shared secret

Uses plaintext versions of passwords

What is a known issue with MS-CHAP?

Known security vulnerabilities

What does EAP allow clients and servers to do?

Negotiate the characteristics of authentication Signup and view all the answers

Kerberos is used solely for authentication, not authorization.

False Signup and view all the answers

What is the role of the Authentication Server (AS) in Kerberos?

Accepts and processes authentication requests Signup and view all the answers

What does 802.1x authenticate?

Ports or connections to the network Signup and view all the answers

Match the following EAP types with their descriptions:

PEAP = More secure version of EAP, provides authentication to WLAN EAP-FAST = Flexible authentication via secure tunneling EAP-TLS = Uses TLS protocol, mostly used by wireless vendors Signup and view all the answers

Study Notes

Challenge Handshake Authentication Protocol (CHAP)

A three-way handshake authentication protocol designed for remote access connections.
Utilizes a shared secret (password) known by both devices for unique user authentication.
Authentication occurs in three steps: server challenges the client, client hashes the challenge with the username, and server verifies the hash.
Plaintext passwords are never transmitted; only hashed messages are exchanged.

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

A proprietary authentication method by Microsoft for remote access connections.
Encrypts the shared secret to avoid storing it in plaintext format.
Supports password changes during a remote session.
Mutual authentication is possible in MS-CHAP v2, allowing the server to authenticate to the client.
Known security vulnerabilities exist in both MS-CHAP and MS-CHAP v2, recommended to avoid their use.

Extensible Authentication Protocol (EAP)

Facilitates negotiation of authentication characteristics between client and server.
EAP types must be supported by both ends for successful authentication.
EAP enables use of various authentication methods such as smart cards, biometrics, and certificates.
Variants of EAP include PEAP (uses TLS for security in WLANs), EAP-FAST (session authentication in wireless networks), and EAP-TLS (widely regarded as one of the most secure EAP standards).

Kerberos

Functions for both authentication and authorization processes.
Grants security tokens (tickets) to users for resource access validation.
Key components: Authentication Server (AS), Service Server (SS), and Ticket Granting Server (TGS).
Ticket granting process involves user requests, validation, and ticket issuance for resource access.
Tickets are valid for the session duration and are synced across servers to ensure accurate validation.

802.1x

An authentication protocol for regulating access to LANs via ports or network connections.
Employed for port authentication on switches and wireless access points.
Requires an authentication server, typically a RADIUS server, to validate user credentials.
Controls network traffic based on user authentication status: authenticated users gain full network access, while unauthenticated users have limited access.
Supports various authentication methods, including usernames/passwords, certificates, or smart cards.

Description

Explore important concepts related to authentication protocols with this set of flashcards. Learn about the Challenge Handshake Authentication Protocol (CHAP) and other key terms in the field of cybersecurity. Perfect for quick revision and deeper understanding of authentication mechanisms.