LEAP ====== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Expansion of LEAP?** LEAP stands for Lightweight Extensible Authentication Protocol. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is LEAP?** LEAP is a proprietary EAP authentication method developed by Cisco that uses a modified version of MS-CHAP for mutual authentication between client and server. It was designed for wireless network access. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is LEAP useful?** * Provided early wireless authentication support. * Simple to deploy with Cisco infrastructure. * Offered mutual authentication between client and server. * Enabled dynamic WEP key generation. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * User provides username and password. * Server challenges client with a random value. * Client hashes password with the challenge and sends response. * Server verifies response and sends its own response. * Both sides mutually authenticate and derive session keys. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is LEAP used?** * Originally used in Cisco-based enterprise Wi-Fi networks. * Mostly deprecated today due to security weaknesses. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * Application Layer (Layer 7). * Operates over the EAP framework transported via lower layers like EAPOL. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is LEAP Windows specific?** * Not Windows-specific, but was supported via Cisco software on multiple platforms. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is LEAP Linux specific?** * No, but not widely supported on modern Linux systems due to security concerns and proprietary nature. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by LEAP?** * EAP is carried over: * EAPOL (Ethernet) * RADIUS (UDP) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by LEAP?** * RADIUS: UDP port 1812 .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is LEAP using Client server model?** * Yes, LEAP uses a client-server model: * Supplicant (client) * Authentication Server (e.g., RADIUS) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether LEAP protocol uses certificates?** * No, LEAP does not use certificates. * It relies on password-based mutual authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for LEAP protocol?** * Typically 6–8 EAP message exchanges including challenge and response messages. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether LEAP Protocol uses client certificates?** * No, client certificates are not used. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether LEAP Protocol uses Server Certificates?** * No, server certificates are not used either. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does LEAP Protocol depend on TCP?** * No, LEAP does not directly use TCP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does LEAP Protocol depend on UDP?** * Yes, when RADIUS is used for authentication backend, it uses UDP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing LEAP Protocol?** * Supplicant (client) * Authenticator (e.g., AP) * Authentication Server (RADIUS) * Directory service (e.g., Active Directory) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does LEAP Protocol work with FreeRADIUS server on Linux?** * Not natively supported due to being proprietary. * Some workarounds may exist but it's not recommended or secure. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does LEAP Protocol work with internal RADIUS server of hostapd?** * No, hostapd does not support Cisco LEAP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for LEAP Protocol?** * LEAP is not standardized in any RFC. * It is a Cisco proprietary protocol. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EAPOL Packets are encrypted?** * EAPOL packets are not encrypted by default. * LEAP relies on mutual authentication and dynamic WEP key generation after auth. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you Explain different stages of Connection Procedure for LEAP Protocol?** * Client sends EAP Identity. * Server sends challenge. * Client responds with password-based hash. * Server verifies and responds with own hash. * If successful, session is established and keys are derived. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** * Dynamic WEP session key used for securing wireless data. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generated after the connection procedure?** * Varies, typically WEP keys of 64 or 128 bits depending on configuration. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`LEAP Version&IEEE Details ` * :ref:`LEAP FreeRadius Basic Setup on Ubuntu (2 Machines) ` * :ref:`LEAP FreeRadius Basic Setup on Ubuntu (3 Machines) ` * :ref:`LEAP Internal Radius Server Basic Setup on Ubuntu (2 Machines) ` * :ref:`LEAP Protocol Packet Details ` * :ref:`LEAP Usecases ` * :ref:`LEAP Basic Features ` * :ref:`Reference links ` .. _LEAP_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _LEAP_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _LEAP_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _LEAP_step5: .. tab-set:: .. tab-item:: LEAP Version&RFC Details * rfc details .. _LEAP_step18: .. tab-set:: .. tab-item:: LEAP FreeRadius Basic Setup on Ubuntu (2 Machines) * setup .. _LEAP_step19: .. tab-set:: .. tab-item:: LEAP FreeRadius Basic Setup on Ubuntu (3 Machines) * setup .. _LEAP_step20: .. tab-set:: .. tab-item:: Internal Radius Server Basic Setup on Ubuntu (2 Machines) * setup .. _LEAP_step6: .. tab-set:: .. tab-item:: LEAP Protocol Packet Details * packet details .. _LEAP_step7: .. tab-set:: .. tab-item:: LEAP Usecases * usecases .. _LEAP_step8: .. tab-set:: .. tab-item:: LEAP Basic Features * features .. _LEAP_step17: .. tab-set:: .. tab-item:: Reference links * Reference links