3.4 Given a scenario, install and configure wireless security settings. Flashcards
EAP-TLS
Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) requires a server and client-side public key certificate. An encrypted TLS tunnel is established between the supplicant and authentication server using this method.
SAE
Simultaneous Authentication of Equals (SAE) is a secure password-based authentication and key agreement method used in Wireless Protected Access version 3 (WPAv3).
PEAP
Protected Extensible Authentication Protocol (PEAP) only requires a server-side public certificate public key certificate. Must be used with MS-CHAPv2
EAP-FAST
EAP with Flexible Authentication via Secure Tunneling (EAP-FAST) does not use certificates but a Protected Access Credential (PAC), which is generated for each user from the authentication server’s master key.
EAP with Flexible Authentication via Secure Tunneling (EAP-FAST) is similar to PEAP but instead of using a certificate to set up the tunnel, it uses a Protected Access Credential (PAC), which is generated for each user from the authentication server’s master key.
RADIUS
A Remote Access Dial-in User Server (RADIUS) is required to complete the 802.1x setup. The wireless controller connects to the RADIUS server with a shared secret key, then credentials can be properly authenticated.
EAPoW
802.1X defines the use of EAP over Wireless (EAPoW) to allow an access point to forward authentication data without allowing any other type of network access.
PSK
Pre-shared key is a common security setting for consumer wireless routers that allow users to enter a password to access the wireless network. This can be changed to a more complex key or password.
AES-CCMP
Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP) is a standard encryption algorithm compatible with WPA2.