2.3 Compare and contrast wireless security protocols and authentication methods.

Question 1

• Protocols and encryption

Answer 1

• Protocols and encryption

Question 2

• Protocols and encryption

• WEP

Answer 2

LEGACY/Wired Equivalent Privacy. it’s so insecure that you want to be sure that you’re NEVER use WEP on your wireless networks.

it HAS some significant cryptographic vulnerabilities in the WEP type of encryption.

originally used a 40-bit key that was quickly compromised.

WEP was later upgraded to a 128-bit key but still vulnerable.

Question 3

• Protocols and encryption

• WPA (Wi-Fi Protected Access

Answer 3

LEGACY WPA encryption stands for Wi-Fi Protected Access. was a type of encryption that would run on the existing hardware that we had in 2002. But it would still provide a level of security that was above the capabilities of WEP.

• WPA: with TKIP (Temporal Key Integrity Protocol) • Initialization Vector (IV) is larger and an encrypted hash
• Every packet gets a unique 128-bit encryption key

Question 4

• Protocols and encryption

• WPA2

Is secure/present best

Answer 4

WPA2 Wi-Fi Protected Access Is secure/present best. - AES - Current best Encryption Standard when combined with WPA2.

• Data confidentiality (AES), authentication, and access control

Question 5

• Protocols and encryption

• TKIP

Answer 5

Temporal Key Integrity Protocol • Mixed the keys • Combines the secret root key with the IV

The final combination of technologies that made up WPA was an encryption with RC4 and an integrity protocol called TKIP. This was the Temporal Key Integrity Protocol.

Question 6

• Protocols and encryption

• AES

Answer 6

AES (Advanced Encryption Standard) replaced RC4 , used w/ WPA2 . BEST CURRENT ENCRYPTION WHEN COMBINED W/ WPA2

• AES - Current best when combined with WPA2

Question 7

• Authentication

• Single-factor

Answer 7

The user provides username/password, provides credentials , if match, get access to the network.

Question 8

• Authentication

• Multifactor

Answer 8

Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism:

knowledge (something the user and only the user knows)

possession (something the user and only the user has),

BIOMETRIC inherence (something the user and only the user is)

Question 9

• Authentication

• RADIUS

Uses UDP

Answer 9

RADIUS (Remote Authentication Dial-in User Service) • One of the more common AAA protocols

• Supported on a wide variety of platforms and devices • Not just for dial-in
• Centralize authentication for users • Routers, switches, firewalls • Server authentication • Remote VPN access
• 802.1X network access • RADIUS services available on almost any server operating system

Question 10

• Authentication

• TACACS

Uses TCP

Answer 10

TACACS stands for Terminal Access Controller Access-Control System. This is a protocol that was designed to control access to the dial-up lines at ARPANET. So it’s a protocol that’s been around for a very long time.

Remote authentication protocol

Question 11

• Authentication
-TACACS+

Uses TCP

Answer 11

TACACS+ • The latest version of TACACS • More authentication requests and response codes • Released as an open standard in 1993.

Whenever we say that we’re using TACACS, we’re really referring to this TACACS+ version. (Cisco’s solution to Radius.)