3.4 Install & configure wireless security settings

Question 1

Wireless cryptography: why wireless network should be secured ?

Answer 1

It can contain confidential information: wireless do not mean open to everyone

Question 2

Wireless cryptography: how to secure a wireless network ?

Answer 2

• Authenticate the users before granting access: username, password, MFA
• Encrypt the wireless data: WPA2, WPA3
• Verify the integrity of all communication

Question 3

Wireless cryptography: why wireless network should be encrypted ?

Answer 3

Because all wireless computers are radio transmitetrs and receivers so anyone can listen in

Question 4

Wireless cryptography: how to encrypt wireless network ?

Answer 4

Everyone that use the network have an encryption key to send and receive the data. Only the people with the right key can transmit and listen.
There are 2 types of encryption: WPA2 & WPA3

Question 5

Wireless cryptography: what is WPA2 ?

Answer 5

Wifi Protected Access II (WPA2) uses an encryption called CCMP block cipher mode. CCMP uses a nb of != protocols to provide the security needed for wireless network such as data encryption with AES and message integrity check

Question 6

Wireless cryptography: what is WPA2 ?

Answer 6

Wifi Protected Access II (WPA2) uses an encryption called CCMP block cipher mode. CCMP uses a nb of != protocols to provide the security needed for wireless network such as data encryption with AES and message integrity check with CBC-MAC

Question 7

Wireless cryptography: what is WPA3 ?

Answer 7

Wifi Protected Access 3 (WPA) is the updated version of WPA2 introduced in 2018. It changes the encryption a little bit by using GCMP block cipher mode which is a stronger encryption than WPA2. Confidentiality is provided with AES and integrity with GCMP

Question 8

Wireless cryptography: why there was an update from WPA2 to WPA3 ?

Answer 8

Because WPA2 has a Pre-shared Key (PSK) bruteforce issue. Attacker could capture the hash and bruteforce it with the PSK. Once you have the PSK, you have access to everyone’s wireless key

Question 9

Wireless cryptography: what was changed from WPA2 to WPA3 ?

Answer 9

WPA3 changes the PSK authentication process by:
- including mutual auth (you + the access point authenticate you)
- SAE : creating shared session key without sending that key across the network
- no more 4 way handshakes, no hashes so no bruteforce
- secret key changes at each session
-

Question 10

Wireless cryptography: what is SAE?

Answer 10

A diffie-hellman derived key exchange with an auth component

Question 11

Wireless auth metods: why auth is important ?

Answer 11

Because we need to ensure that people authenticating to the wireless network are truly authorized

Question 12

Wireless auth metods: what are the != auth methods?

Answer 12

Credentials:
- shared password (also named Pre-shared Key (PSK)),
- centralized auth: for ex using the AD

Question 13

Wireless auth metods: why configuration of wireless auth is important ?

Answer 13

Because you can choose the security level: none, WPA2, WPA3

Question 14

Wireless auth metods: what is a captive portal ?

Answer 14

A method to provide auth using a separate login screen from your browser and then use username/password to use the wifi

Question 15

Wireless auth metods: what is WPS ?

Answer 15

Wifi Protected Setup (WPS) allows easy setup of a mobile device by using PIN, push a button on the access point, NFC

Question 16

Wireless auth metods: is WPS secure ?

Answer 16

No and has been hack in 2011. It is better to disable it

Question 17

Wireless auth protocols: what are the differents protocol being used for auth ?

Answer 17

• ## EAP

Question 18

Wireless auth protocols: what is EAP ?

Answer 18

Extensible Authentication Protocol (EAP) provides extensibility for authentication methods for commonly used protected network access technologies, such as IEEE 802.1X-based wireless access, IEEE 802.1X-based wired access, and Point-to-Point Protocol (PPP)

Question 19

Wireless auth protocols: what is IEEE 802.1X?

Answer 19

An IEEE standard for port-based network access control on wired and wireless access points.

Question 20

Wireless auth protocols: how does EAP work?

Answer 20

The EAP authentication exchange proceeds as follows:
1) The authenticator (the server) sends a Request to authenticate the peer (the client).
2) The peer sends a Response packet in reply to a valid Request. 3) The authenticator sends an additional Request packet, and the peer replies with a Response.

Question 21

Wireless auth protocols: what is EAP-FAST ?

Answer 21

EAP Flexible Authentication via Secure Tunneling is a way to make sure that the auth server and the peer can communicate over a secure TLS tunnel

Question 22

Wireless auth protocols: what is PEAP ?

Answer 22

Protected Extensible Authentication Protocol is also a protected EAP using TLS tunnel but it use a digital certificate

Question 23

Wireless auth protocols: what are the others secured EAP protocol?

Answer 23

• EAP-TLS
• EAP-TTLS
• Raduis federation

Question 24

Installing Wireless Networks: how to install a wireless network?

Answer 24

1- Do a site survey to determine the existing wireless landscape and identify existing access points
2- Check GHz: Avoid interference between access point by ensuring they are not using the same frequencies
3- Access point placement: ensure max coverage, avoid interference,

Question 25

Installing Wireless Networks: what is the purpose of wireless survey tools ?

Answer 25

Can use it during the survey site phase to help identify the wireless signal coverage, potential interference, spectrum analysis etc

Question 26

Installing Wireless Networks: what is the purpose of wireless packet analysis tools ?

Answer 26

Monitore the wireless network (ex: wireshark)