Final answer:
To achieve AAA with WPA2-Enterprise using EAP-TLS, a company must include PKI for managing digital certificates and RADIUS for centralized user authentication. These components work together to provide secure certificate-based authentication and centralized management of authentication and authorization.
Step-by-step explanation:
A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. To achieve AAA (Authentication, Authorization, and Accounting), certain elements must be part of the security architecture. The two components that must be included are:
- PKI (Public Key Infrastructure)
- RADIUS (Remote Authentication Dial-In User Service)
PKI is critical for EAP-TLS as it leverages digital certificates for strong authentication. The certificates are managed through PKI, which issues and validates the certificates used in the EAP-TLS process. This ensures that both the client and server can authenticate one another in a secure manner.
RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting. When integrating WPA2-Enterprise, RADIUS serves as the backend to manage user authentication, typically as part of the EAP-TLS handshake process, linking with the PKI for the necessary certificate-based authentication.