Chapter 11 - 03 - Discuss Different Types of Wireless Network Authentication Methods - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Wireless Network Security Exam 212-82 Wi-Fi Authentication Methods: Open System Authentication (((. Any wireless device can be authenticated with the AP, thus allowing the device to transmit data only when its WEP key matches to that of the AP Probe response (security parameters) Qrasecieigenuoceeatoyroesisnnsesssnsrnnsesssnassid @ Q @...... vt 1o v e sy v AR Nz Open < system Opensystem authenticationresponse = [IRINR Association request (security parameters).................................................. > Clent aEMPUNE to connect g.rerrsirerr Amodationresponse «+« AP decrypts challenge text, and if T ( I ) e veenl @ s‘Access 8= Point sosesssnscnse M M N (AP) Client connects to network Modem......................................... > M secccees vorey e Switch or Cable Internet connect Figure 11.11: Shared key authentication process Module 11 Page 1451 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Wireless Network Security Exam 212-82 Wi-Fi Authentication Process Using a Centralized Authentication Sexver 7 Client : o RADIUS Access Point : Client requests connection Forwards the identity to the RADIUS server using the uncontrolled port > Sends a request to the wireless client via the AP §< Sends a multicast/global authentication key encrypted with a per-station unicast session key Py 9 < Sends an encrypted authentication key to the AP if the credentials are acceptable Wi-Fi Authentication Process Using a Centralized Authentication Server The 802.1X standard provides centralized authentication. For 802.1X authentication to work in a wireless network, the AP must be able to securely identify the traffic from a specific wireless client. In this Wi-Fi authentication process, a centralized authentication server known as Remote Authentication Dial-in User Service (RADIUS) sends authentication keys to both the AP and the clients that attempt to authenticate with the AP. This key enables the AP to identify a particular wireless client. Module 11 Page 1452 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Wireless Network Security Exam 212-82 (@@ client § :. o Client requests connection )_ -) Access Point : § e E EAP-Response with identity. ssssssssssssssessssnnssnnsnRntRan. “sssssssess >‘~- E : Forwards the identity to the 9_ The wireless client responds to the RADIUS server with its credentials via the AP Sends a multicast/global y; hentication key encrypted with a per-station unicast session key 9 S RADIUS server using the uncontrolled port H ssssssssssssssssnnne..----..-..--..u.-......): Sends a request to the wireless client via the AP H. specifying the :<................................................... B : § Server : AP sends an EAP-Request to determine identity H 9 e S RADIUS authenticati hanism : to be used PR et :. >§ < Sends an encrypted authentication A key to the AP if the credentials are acceptable B T H E e_ Figure 11.12: Wi-Fi authentication process using a centralized authentication server Module 11 Page 1453 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.