1. Cryptographic Protocols
   1. WEP (Wired Equivalent Privacy)
      1. Easily Hacked. Do not use.
   2. WPA (Wi-Fi Protected Access)
      1. Use instead of WEP. Use WPA2 if available.
      2. Uses TKIP:
         1. Temporal Key Integrity Protocol
   3. WPA2 (Wi-Fi Protected Access Version 2)
      1. Upgraded WPA. Use this.
      2. Uses CCMP:
         1. Counter Mode Cipher Block Chaining Message Authentication Code Protocol
         2. Based on AES
2. Authentication Protocols
   1. IEEE 802.1X
      1. An IEEE Standard for port-based Network Access Control (PNAC).
      2. It is part of the IEEE 802.1 group of networking protocols.
      3. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
      4. Describe the three components of an 802.1X connection:
         1. Supplicant:
            1. A client on a device. Also called an Authentication Agent
         2. Authenticator:
            1. A WAP or switch that approves the user's provided password
         3. AAA Server:
            1. RADIUS, Diameter, or TACACS+ server
      5. List the four steps involved in the AAA (802.1X) authentication process:
         1. Initialization:
            1. If a switch or AP detects a new supplicant, the port connection enables port 802.1X traffic. Other traffic is dropped.
         2. Initiation:
            1. The authenticator periodically sends EAP requests to a MAC address on the network, which includes the encrypted username of the user. The supplicant listens for this address and sends an EAP response that includes a one-way hashed value calculated from the password. The authenticator checks this hashed value against its stored value. Assuming these two values match, the authenticator encapsulates the response and sends it to the authentication server.
         3. Negotiation:
            1. The authentication server then sends a reply to the authenticator. The authentication server specifies which EAP method to use. Then the authenticator transmits that request to the supplicant.
         4. Authentication:
            1. If the supplicant and the authentication server agree on an EAP method, the two transmit until there is either success or failure to authenticate the supplicant computer.
   2. Extensible Authentication Protocol (EAP):
      1. A protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP)
      2. Explain the purpose of LEAP, PEAP, EAP-MD5, EAP-TLS, EAP-TTLS, and EAP-FAST:
         1. LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary protocol, developed prior to the industry standard. There are known security issues with LEAP.
         2. PEAP (Protected Extensible Authentication Protocol) is a newer EAP draft that is gathering support to become an Internet standard.
         3. EAP-MD5 uses CHAP (Challenge Handshake Authentication Protocol) to provide one-way authentication.
         4. EAP-TLS uses Transport Layer Security (TLS), a certificate-based system, to provide mutual (bidirectional) security. Because of this, it is not well-suited for enterprise servers.
         5. EAP-TTLS uses Tunneled Transport Layer Security (TTLS), a version of TLS with encapsulation added. This version of EAP is well-suited for enterprises because it requires only server-side certificates.
         6. EAP-FAST uses Flexible Authentication via Secure Tunneling, a protected access credential (instead of a certificate) to achieve mutual authentication.