EAP-FAST ========== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Expansion of EAP-FAST?** EAP-FAST stands for **Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-FAST?** EAP-FAST is an authentication protocol used in wireless networks to provide secure authentication. It is an extension of EAP that allows for secure, fast, and flexible authentication using a secure tunnel, without requiring the use of certificates. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-FAST useful?** * **Faster Authentication**: EAP-FAST is designed to speed up the authentication process compared to traditional EAP methods. * **Certificate-Free**: Unlike EAP-TLS, EAP-FAST does not require server certificates, reducing the complexity of certificate management. * **Security**: It provides secure authentication using a tunnel that protects against attacks, such as man-in-the-middle (MITM) attacks. * **Flexibility**: EAP-FAST can be used in environments where server certificates may be difficult to manage or impractical. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * **Initial Authentication**: EAP-FAST starts by authenticating the client and the server to establish a secure tunnel. * **Secure Tunnel Creation**: Once the server is authenticated, the client and server establish a secure tunnel using protected keying material. * **Authentication Process**: The client then sends authentication information, which is securely transmitted within the tunnel. * **Completion**: The server verifies the client’s credentials and allows or denies access accordingly. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-FAST used?** * **Enterprise Networks**: EAP-FAST is primarily used in enterprise environments, especially for wireless network authentication. * **Wi-Fi Security**: It is widely used for securing Wi-Fi networks, providing fast and secure user authentication. * **RADIUS Servers**: EAP-FAST can be configured to work with RADIUS servers for managing network access. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * EAP-FAST operates at the **Application Layer (Layer 7)** of the OSI model. * It uses a secure tunneling mechanism to protect authentication data while interacting with the network at higher layers. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-FAST windows specific?** * No, EAP-FAST is not Windows-specific. * It is supported on various platforms, including **Windows**, **Linux**, **macOS**, and **mobile devices**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-FAST Linux Specific?** * No, EAP-FAST is not Linux-specific. * It can be configured on any platform that supports EAP methods and RADIUS servers. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-FAST?** * EAP-FAST uses **RADIUS** as its transport protocol. * RADIUS typically operates over **UDP** as its transport protocol. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-FAST?** * EAP-FAST typically operates over **UDP port 1812** for authentication and **UDP port 1813** for accounting, as it is based on RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-FAST using Client server model?** * Yes, EAP-FAST uses a **client-server model**. * The **client** (e.g., user device) communicates with the **server** (e.g., RADIUS server) for authentication during the connection process. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-FAST protocol uses certificates?** * No, EAP-FAST does **not require certificates** for authentication. * It uses a protected access credential (PAC) to authenticate users, reducing the need for complex certificate management. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-FAST protocol?** * EAP-FAST typically involves **two or more frame exchanges**: * One for establishing the secure tunnel. * Another for sending and verifying credentials. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-FAST Protocol uses client certificates?** * No, EAP-FAST **does not require client certificates** for authentication. * The client uses a **protected access credential (PAC)** instead. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-FAST Protocol uses Server Certificates?** * No, EAP-FAST **does not require server certificates**. * The server uses a PAC to authenticate itself, eliminating the need for complex certificate management. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-FAST Protocol depends on TCP?** * No, EAP-FAST does not rely on TCP. * It uses **UDP** for communication as part of the RADIUS protocol. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **IS EAP-FAST Protocol depends on UDP?** * Yes, EAP-FAST depends on **UDP** as its transport protocol for communication via RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-FAST Protocol?** * **Client Device**: The client initiates the authentication request and provides its credentials. * **RADIUS Server**: The server processes the authentication request, verifies the credentials, and grants access. * **Administrator**: The administrator configures and manages the RADIUS server and network access policies. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-FAST Protocol work with free radius server on Linux?** * Yes, EAP-FAST can be configured to work with **FreeRADIUS** server on Linux. * FreeRADIUS supports EAP-FAST with proper configuration. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-FAST Protocol work with Internal radius server of hostapd?** * Yes, EAP-FAST can work with the **internal RADIUS server** of **hostapd** for wireless network authentication. * Hostapd provides EAP support, including EAP-FAST. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for EAP-FAST Protocol?** * The RFC for EAP-FAST is **RFC 4851**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EPoL Packets are encrypted?** * During the connection procedure, **EAP-FAST uses encryption** to secure the tunnel and protect the authentication data. * The encryption protects all **EAP packets** exchanged during the authentication process. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you Explain different stages of Connection Procedure for EAP-FAST Protocol?** * **PAC Exchange**: The client and server exchange a **PAC (Protected Access Credential)** to establish trust. * **Tunnel Establishment**: A secure tunnel is established using the PAC to protect the subsequent exchanges. * **Authentication**: The client’s credentials are transmitted securely through the established tunnel for verification. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** * The final output of the connection procedure is the **successful authentication** of the client and the establishment of a secure connection to the network. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generated after the connection procedure?** * The key generated after the connection procedure is typically a **PMK (Pairwise Master Key)**, used to encrypt data between the client and the access point. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where the use of PMK generated by the Connection Procedure?** * The **PMK** is used in the **pairwise encryption** of data exchanged between the client and the access point to ensure confidentiality and integrity of the data. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_FAST Version&IEEE Details ` * :ref:`EAP_FAST Basic Setup on Ubuntu ` * :ref:`EAP_FAST Protocol Packet Details ` * :ref:`EAP_FAST Usecases ` * :ref:`EAP_FAST Basic Features ` * :ref:`Reference links ` .. _EAP_FAST_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_FAST_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_FAST_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_FAST_step5: .. tab-set:: .. tab-item:: EAP_FAST Version&RFC Details * rfc details .. _EAP_FAST_step18: .. tab-set:: .. tab-item:: EAP_FAST Basic Setup on Ubuntu * setup .. _EAP_FAST_step6: .. tab-set:: .. tab-item:: EAP_FAST Protocol Packet Details * packet details .. _EAP_FAST_step7: .. tab-set:: .. tab-item:: EAP_FAST Usecases * usecases .. _EAP_FAST_step8: .. tab-set:: .. tab-item:: EAP_FAST Basic Features * features .. _EAP_FAST_step17: .. tab-set:: .. tab-item:: Reference links * Reference links