3.4 Install & configure wireless security settings Flashcards
Wireless cryptography: why wireless network should be secured ?
It can contain confidential information: wireless do not mean open to everyone
Wireless cryptography: how to secure a wireless network ?
- Authenticate the users before granting access: username, password, MFA
- Encrypt the wireless data: WPA2, WPA3
- Verify the integrity of all communication
Wireless cryptography: why wireless network should be encrypted ?
Because all wireless computers are radio transmitetrs and receivers so anyone can listen in
Wireless cryptography: how to encrypt wireless network ?
Everyone that use the network have an encryption key to send and receive the data. Only the people with the right key can transmit and listen.
There are 2 types of encryption: WPA2 & WPA3
Wireless cryptography: what is WPA2 ?
Wifi Protected Access II (WPA2) uses an encryption called CCMP block cipher mode. CCMP uses a nb of != protocols to provide the security needed for wireless network such as data encryption with AES and message integrity check
Wireless cryptography: what is WPA2 ?
Wifi Protected Access II (WPA2) uses an encryption called CCMP block cipher mode. CCMP uses a nb of != protocols to provide the security needed for wireless network such as data encryption with AES and message integrity check with CBC-MAC
Wireless cryptography: what is WPA3 ?
Wifi Protected Access 3 (WPA) is the updated version of WPA2 introduced in 2018. It changes the encryption a little bit by using GCMP block cipher mode which is a stronger encryption than WPA2. Confidentiality is provided with AES and integrity with GCMP
Wireless cryptography: why there was an update from WPA2 to WPA3 ?
Because WPA2 has a Pre-shared Key (PSK) bruteforce issue. Attacker could capture the hash and bruteforce it with the PSK. Once you have the PSK, you have access to everyone’s wireless key
Wireless cryptography: what was changed from WPA2 to WPA3 ?
WPA3 changes the PSK authentication process by:
- including mutual auth (you + the access point authenticate you)
- SAE : creating shared session key without sending that key across the network
- no more 4 way handshakes, no hashes so no bruteforce
- secret key changes at each session
-
Wireless cryptography: what is SAE?
A diffie-hellman derived key exchange with an auth component
Wireless auth metods: why auth is important ?
Because we need to ensure that people authenticating to the wireless network are truly authorized
Wireless auth metods: what are the != auth methods?
Credentials:
- shared password (also named Pre-shared Key (PSK)),
- centralized auth: for ex using the AD
Wireless auth metods: why configuration of wireless auth is important ?
Because you can choose the security level: none, WPA2, WPA3
Wireless auth metods: what is a captive portal ?
A method to provide auth using a separate login screen from your browser and then use username/password to use the wifi
Wireless auth metods: what is WPS ?
Wifi Protected Setup (WPS) allows easy setup of a mobile device by using PIN, push a button on the access point, NFC