2.2 Wireless Security Flashcards
Compare and contrast wireless security protocols and authentication methods
Pre-shared key
A series of letters and numbers generated from the SSID and password when a client joins a network. Used by both the AP and the client
Wired Equivalent Privacy
Original 802.11 wireless security standard that claims to be as secure as a wired network
What is the main weakness of WEP, and why is it a weakness?
24-bit initialisation vector. It is a weakness because a 24-bit IV is not long enough to prevent repetition on a busy network, thus allowing attackers to detect patterns in the ciphertext
WPA
(Wi-Fi Protected Access)
Replacement for WEP; uses TKP, MIC and RC4 encryption
WPA2
802.11i standard to provide better wireless security
Which encryption method was introduced by WPA2 to replace the more vulnerable TKIP system used in WPA?
AES
(Advanced Encryption Service)
WPS
(Wi-Fi Protected Setup)
Automated encryption setup for wireless networks at a push of a button
Why is WPS (Wi-Fi Protected Setup) vulnerable?
Because the external registrar PIN is susceptible to brute-force attacks that could allow attackers to gain access to an encrypted Wi-Fi network
How can you make a Wi-Fi network more secure?
By using VPNs and disabling WPS
What sort of encryption does GCMP use?
128- or 256-bit AES encryption
WPA3
Latest and most secure version of wireless network encryption currently available
What bit encryption do the Enterprise and Personal versions of WPA3 use, respectively?
192-bit and 192- or 128-bit
What does opportunistic wireless encryption do?
Ensures that communication between each pair of endpoints is protected from other endpoints
Simultaneous authentication of equals
Password-based authentication and password authenticated key agreement that relies on forward secrecy
Why is SAE less likely to suffer from dictionary attacks?
Because a unique cryptographic key is generated for each connection attempt
Forward secrecy
An system that changes the keys used for decryption and encryption frequently and automatically to reduce exposure of sensitive data if one key is hacked
Give the steps of authentication for WPA3
- AP and client use a public key system to generate a pair of long-term keys
- AP and client exchange a one-time use session key
- AP sends client messages and encrypts them using the created session key
- Client decrypts received messages using the same on-time use session key
- Process repeats for each message being sent, starting from Step 2
What OSI layer do RADIUS servers run in?
7 - Application layer
What does the RADIUS protocol allow?
It allows remote access servers to communicate with a central server to authenticate dial-in users and authorise access to the requested system or service
What is RADIUS?
A client-server protocol and software
TACACS+
Cisco-proprietary protocol that provides separate authentication,
authorization, and accounting services
Diameter
Peer-to-peer protocol created as a next-generation version of RADIUS
What networks is Diameter used for?
Long-term evolution and IP multimedia system networks
SSO
Enables users to authenticate once and receive authorizations for
multiple services across the network
