--> EAP Types tells which EAP method is going to be used, EAP methods are divided into two types
i) Native or Non Tunneled EAP ( Sends credientials immediately without forming secure tunnel)
ii) Tunnel EAP ( Forms secure tunnel first then sends the credentials inside the tunnel)
1) Native EAP Methods
i) EAP-MD5
--> Hides credentials in hash form by using MD5 algorithm.
--> Does not support mutual authentication.
--> Server Validates the Hash which sent by Client whether they are accurate or not.
--> Basically Used with IP Phones.
ii) EAP-TLS
--> It is Open Standard.
--> Uses X.509 certificates to perform secure transactions.
--> Supports Mutual Authentication ( Server Validates Client and Client Validates Server).
--> Most Secure method, because capturing passwords is not possible.
iii) EAP- MSCHAPV2
--> In this method, Client credentials such as Username/Password, Computer Name and password are sent to the server in encrypted session.
--> Basically Used with Active Directory
iv) EAP- GTC
--> Created by Cisco , Used for OTP transactions.
2) Tunneled EAP Methods
i) PEAP ( Protected EAP)
--> Developed by Microsoft and it is mostly popular and deployed EAP method in world.
--> In this Method, First client forms outer tunnel similar to SSL tunnel with server using X.509 certificates then it uses any inner method to send the credentials in the tunnel. Inner Method can be any of the following
i) MSCHAPV2 ( Mostly Used, Sends username/password via Inner method)
ii) GTC ( Used for OTP)
iii) TLS ( Rarely Used).
ii) EAP FAST ( Flexible Authentication Via Secure Tunnel)
--> EAP Fast is similar to PEAP, developed by Cisco.
--> EAP Fast provides Faster reauthentications, Faster wireless roaming.
--> EAP FAST is similar to PEAP with only one difference, it uses PAC( Protected Access Credentials) to form tunnels.
--> A PAC is similar to cookie which is stored in host computer which represents successful authentication.
--> EAP Fast is also uses same inner methods as PEAP
i) MSCHAPV2 ( Mostly Used, Sends username/password via Inner method)
ii) GTC ( Used for OTP)
iii) TLS ( Rarely Used).
Note: Selecting EAP method depends upon following things
i) Operating System
ii) Supplicant
iii) Identity Store
i) Native or Non Tunneled EAP ( Sends credientials immediately without forming secure tunnel)
ii) Tunnel EAP ( Forms secure tunnel first then sends the credentials inside the tunnel)
1) Native EAP Methods
i) EAP-MD5
--> Hides credentials in hash form by using MD5 algorithm.
--> Does not support mutual authentication.
--> Server Validates the Hash which sent by Client whether they are accurate or not.
--> Basically Used with IP Phones.
ii) EAP-TLS
--> It is Open Standard.
--> Uses X.509 certificates to perform secure transactions.
--> Supports Mutual Authentication ( Server Validates Client and Client Validates Server).
--> Most Secure method, because capturing passwords is not possible.
iii) EAP- MSCHAPV2
--> In this method, Client credentials such as Username/Password, Computer Name and password are sent to the server in encrypted session.
--> Basically Used with Active Directory
iv) EAP- GTC
--> Created by Cisco , Used for OTP transactions.
2) Tunneled EAP Methods
i) PEAP ( Protected EAP)
--> Developed by Microsoft and it is mostly popular and deployed EAP method in world.
--> In this Method, First client forms outer tunnel similar to SSL tunnel with server using X.509 certificates then it uses any inner method to send the credentials in the tunnel. Inner Method can be any of the following
i) MSCHAPV2 ( Mostly Used, Sends username/password via Inner method)
ii) GTC ( Used for OTP)
iii) TLS ( Rarely Used).
ii) EAP FAST ( Flexible Authentication Via Secure Tunnel)
--> EAP Fast is similar to PEAP, developed by Cisco.
--> EAP Fast provides Faster reauthentications, Faster wireless roaming.
--> EAP FAST is similar to PEAP with only one difference, it uses PAC( Protected Access Credentials) to form tunnels.
--> A PAC is similar to cookie which is stored in host computer which represents successful authentication.
--> EAP Fast is also uses same inner methods as PEAP
i) MSCHAPV2 ( Mostly Used, Sends username/password via Inner method)
ii) GTC ( Used for OTP)
iii) TLS ( Rarely Used).
Note: Selecting EAP method depends upon following things
i) Operating System
ii) Supplicant
iii) Identity Store
0 comments:
Post a Comment