3.4 Given a scenario, install and configure wireless security settings. Flashcards

1
Q

WiFi Protected Access 2 (WPA2)

A

Wi-Fi Protected Access 2 (WPA2) is the final version of WPA agreed on by the Wi-Fi Alliance; it implements all aspects of the ratified 802.11i security standard and is mandatory in the Wi-Fi certification process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WiFi Protected Access 3 (WPA3)

A

WPA3, also known as Wi-Fi Protected Access 3, is the third iteration of a security certification program developed by the Wi-Fi Alliance. WPA3 is the latest, updated implementation of WPA2, which has been in use since 2004. The Wi-Fi Alliance began to certify WPA3-approved products in 2018.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Counter-mode/CBC-MAC

Protocol (CCMP)

A

Counter Mode Cipher Block Chaining Message Authentication Code Protocol or CCM mode Protocol is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Simultaneous Authentication
of Equals (SAE)
A

Simultaneous Authentication of Equals (SAE) is a password-based key exchange method developed for mesh networks. Defined in RFC 7664, it uses the Dragonfly protocol to perform a key exchange and is secure against passive monitoring. SAE is not a new protocol;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Extensible Authentication

Protocol (EAP)

A

The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP). PPP is a protocol that was commonly used to directly connect devices to each other. EAP is defined in RFC 2284 (obsoleted by 3748).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
Protected Extensible
Authentication Protocol (PEAP)
A

PEAP, or Protected EAP, was developed to protect EAP communication by encapsulating it with Transport Layer Security (TLS). This is an open standard developed jointly by Cisco, Microsoft, and RSA. EAP was designed assuming a secure communication channel. PEAP provides that protection as part of the protocol via a TLS tunnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EAP-FAST

A

EAP-FAST (EAP Flexible Authentication via Secure Tunneling) is described in RFC 4851 and proposed by Cisco to be a replacement for LEAP, a previous Cisco version of EAP. It offers a lightweight tunneling protocol to enable authentication. The distinguishing characteristic is the passing of a Protected Access Credential (PAC) that is used to establish a TLS tunnel through which client credentials are verified. The Wi-Fi Alliance added EAP-FAST to its list of supported protocols for WPA/WPA2/WPA3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

EAP-TLS

A

EAP-TLS is an Internet Engineering Task Force (IETF) open standard (RFC 5216) that uses the TLS protocol to secure the authentication process. EAP-TLS relies on TLS, an attempt to standardize the Secure Sockets Layer (SSL) structure to pass credentials. This is still considered one of the most secure implementations, primarily because common implementations employ client-side certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

EAP-TTLS

A

EAP-TTLS (which stands for EAP–Tunneled TLS) is a variant of the EAP-TLS protocol. EAP-TTLS works much the same way as EAP-TLS, with the server authenticating to the client with a certificate, but the protocol tunnels the client side of the authentication, allowing the use of legacy authentication protocols such as Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), and MS-CHAP-V2. In EAP-TTLS, the authentication process is protected by the tunnel from man-in-the-middle attacks, and although client-side certificates can be used, they are not required, making this easier to set up than EAP-TLS to clients without certificates. The Wi-Fi Alliance added EAP-TTLS to its list of supported protocols for WPA/WPA2/WPA3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IEEE 802.1X

A

IEEE 802.1X is an authentication standard that supports port-based authentication services between a user and an authorization device, such as an edge router. IEEE 802.1X is commonly used on wireless access points as a port-based authentication service prior to admission to the wireless network. WPA2-Enterprise uses IEEE 802.1X to establish a secure connection between devices. IEEE 802.1X over wireless uses either IEEE 802.11i or an EAP-based protocol such as EAP-TLS or PEAP-TLS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Remote Authentication Dial-in User Service (RADIUS) Federation

A

Using a series of RADIUS servers in a federated connection has been employed in several worldwide RADIUS federation networks. One example is the project eduroam (short for education roaming), which connects users of education institutions worldwide. The process is relatively simple in concept, although the technical details to maintain the hierarchy of RADIUS servers and routing tables is daunting at a worldwide scale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Captive portals

A

Captive portal refers to a specific technique of using an HTTP client to handle authentication on a wireless network. Frequently employed in public hotspots, a captive portal opens a web browser to an authentication page. This occurs before the user is granted admission to the network. The access point uses this simple mechanism by intercepting all packets and returning the web page for login

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Wi-Fi Protected Setup (WPS)

A

Wi-Fi Protected Setup (WPS) is a network security standard created to provide users with an easy method of configuring wireless networks. Designed for home networks and small business networks, this standard involves the use of an eight-digit PIN to configure wireless devices. WPS consists of a series of EAP messages and has been shown to be susceptible to a brute force attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Site surveys

A

When developing a coverage map for a complex building site, you need to take into account a wide variety of factors—particularly walls, interfering sources, and floor plans. A site survey involves several steps: mapping the floor plan, testing for RF interference, testing for RF coverage, and analyzing material via software. The software can suggest placement of access points. This is an example of a predictive site survey analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Heat maps

A

Wi-Fi heat map is a map of wireless signal coverage and strength. Typically, a heat map shows a layout of a room, floor, or facility overlaid by a graphical representation of a wireless signal. Heat maps are created using a Wi-Fi analyzer and software to allow the analysis of Wi-Fi signal strength in the form of a graphical layout.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

WiFi analyzers

A

Wi-Fi analyzers provide a means of determining signal strength and channel interference. A Wi-Fi analyzer is an RF device used to measure signal strength and quality. It can determine if the Wi-Fi signal strength is sufficient, and if there are competing devices on a particular channel. This enables an engineer to allocate signals both in strength and channel to improve Wi-Fi performance.

17
Q

Channel overlaps

A

Wi-Fi radio signals exist at specific frequencies: 2.4 GHz and 5.0 GHz. Each of these signals is broken into a series of channels, and the actual data transmissions occur across these channels. Wi-Fi versions of IEEE 802.11 (a, b, g, n) work with channel frequencies of 2400 MHz and 2500 MHz, hence the term 2.4 GHz for the system. The 100 MHz in between is split into 14 channels of 20 MHz each.

18
Q

Wireless access point

(WAP) placement

A

Wireless access point (WAP) placement is seemingly simple. Perform a site survey, determine the optimum placement based on RF signal strength, and you are done. But not so fast. Access points also need power, so the availability of power to the placement can be an issue. And if the access point is going to be connected to the network, then availability of a network connection is also a consideration.

19
Q

Controller and Access Point Security

A

Wireless access points are physical connections to your network infrastructure and should be guarded as such. Proper controller and access point security provisions include both physical and logical security precautions. The case of logical security has been the main focus of this chapter, keeping unauthorized users from accessing the channels. Physical security is just as important, if not more so, and the actual devices and network connections should be placed in a location that is not readily accessible to an attacker. This is especially true for exterior connections where no one would observe someone physically manipulating the device.