Authentication

2.3 Compare and contrast wireless security protocols and authentication methods.

📘CompTIA A+ Core 2 (220-1202)

Authentication is the process of proving identity before access is allowed to a network, system, or service.
In wireless and enterprise networks, authentication is usually handled by centralized servers and secure authentication protocols.

For the A+ exam, you must understand:

  • What each authentication method does
  • Where it is commonly used
  • How they differ from each other
  • Security advantages and limitations

1. RADIUS (Remote Authentication Dial-In User Service)

What RADIUS Is

RADIUS is a centralized authentication, authorization, and accounting (AAA) protocol.

It is commonly used to authenticate:

  • Wireless users (Wi-Fi)
  • VPN users
  • Network device logins

What RADIUS Does

RADIUS performs three main functions:

  1. Authentication – verifies username and password
  2. Authorization – determines what the user is allowed to access
  3. Accounting – logs login time, session length, and usage

How RADIUS Works (Simplified)

  1. A user tries to connect to a Wi-Fi network or VPN
  2. The wireless access point or VPN server sends credentials to the RADIUS server
  3. The RADIUS server verifies the credentials
  4. Access is either granted or denied

Key Characteristics

  • Uses UDP ports 1812 (authentication) and 1813 (accounting)
  • Encrypts passwords only, not the entire packet
  • Works with 802.1X authentication (important for Wi-Fi security)
  • Often integrated with Active Directory

Where RADIUS Is Used

  • Enterprise Wi-Fi networks (WPA2-Enterprise / WPA3-Enterprise)
  • VPN authentication
  • Centralized network access control

Exam Points to Remember

✔ Centralized AAA
✔ Common for wireless authentication
✔ Password only is encrypted
✔ Uses UDP

2. TACACS+ (Terminal Access Controller Access-Control System Plus)

What TACACS+ Is

TACACS+ is an authentication protocol mainly used to secure administrative access to network devices.

It is designed for:

  • Network administrators
  • Routers, switches, and firewalls

What TACACS+ Does

  • Separates authentication, authorization, and accounting
  • Provides detailed control over administrator commands

How TACACS+ Works (Simplified)

  1. An administrator connects to a network device
  2. The device sends login details to the TACACS+ server
  3. The server checks credentials and permissions
  4. The administrator is allowed only approved commands

Key Characteristics

  • Uses TCP port 49
  • Encrypts the entire communication, not just the password
  • Allows command-level authorization
  • More secure for admin access than RADIUS

Where TACACS+ Is Used

  • Router and switch management
  • Firewall and network appliance administration
  • Enterprise network environments

Exam Points to Remember

✔ Encrypts entire packet
✔ Uses TCP
✔ Best for administrator access
✔ Command-level control

RADIUS vs TACACS+ (Very Important for Exam)

FeatureRADIUSTACACS+
Common useUser network accessAdmin device access
EncryptionPassword onlyEntire packet
ProtocolUDPTCP
Command controlNoYes
Wireless supportYesNo

3. Kerberos

What Kerberos Is

Kerberos is a secure authentication protocol that uses tickets instead of sending passwords repeatedly.

It is the default authentication system for Windows Active Directory.

Why Kerberos Is Used

  • Prevents password interception
  • Provides strong authentication
  • Supports Single Sign-On (SSO)

How Kerberos Works (Simplified)

  1. User logs in once
  2. A Key Distribution Center (KDC) verifies the user
  3. The user receives a ticket
  4. The ticket is used to access other network resources without logging in again

Key Characteristics

  • Uses time-based tickets
  • Requires accurate system clocks
  • Passwords are never sent over the network
  • Uses symmetric encryption

Where Kerberos Is Used

  • Windows domain environments
  • Active Directory authentication
  • Enterprise networks

Exam Points to Remember

✔ Uses tickets
✔ Supports Single Sign-On
✔ Requires synchronized clocks
✔ Default for Windows domains

4. Multifactor Authentication (MFA)

What MFA Is

Multifactor Authentication (MFA) requires two or more different authentication factors to verify identity.

Authentication Factors

MFA uses combinations of:

  1. Something you know – password, PIN
  2. Something you have – security key, phone app, hardware token
  3. Something you are – fingerprint, facial recognition

How MFA Works (Simplified)

  1. User enters username and password
  2. A second factor is requested
  3. Access is granted only if both are verified

Why MFA Is Important

  • Protects against stolen passwords
  • Reduces unauthorized access
  • Required in many security policies

Where MFA Is Used

  • Wireless networks
  • Cloud services
  • VPN access
  • Administrative logins

Exam Points to Remember

✔ Uses two or more factors
✔ Stronger than passwords alone
✔ Common in enterprise environments

Key Exam Summary (Must Memorize)

  • RADIUS → Centralized authentication for Wi-Fi and VPNs
  • TACACS+ → Secure admin access to network devices
  • Kerberos → Ticket-based authentication used by Windows domains
  • MFA → Uses multiple authentication factors for higher security
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by