3.4 Wireless Security Flashcards
Define Counter/CBC-MAC protocol (CCMP)
Encryption used by WPA2 with CBC-MIC providing message integrity check (MIC)
Define WPA2 (2)
- Provides encryption, data integrity & authentication
- Secure but subject to brute-force attacks by obtaining the hash for the pre-shared key
Define Galois Counter Mode Protocol (GCMP)
Encryption used by WPA3 with Galois message authentication code (GMAC) providing message integrity (MIC)
Define WPA3 (2)
- Latest and most secure WiFi encryption
- Uses perfect forward secrecy (PFS) so that it is not vulnerable to brute-force attacks since the pre-shared key is different for every session
Define Message Integrity Check (MIC)
Used by 802.11 wireless to provide message integrity, aka MAC
Define Simultaneous Authentication of Equals (SAE) (2)
- PFS key exchange that expands security of Diffie-Hellman
- Used by WPA3 to eliminate brute-force vulnerability
Define Extensible Authentication Protocol (EAP)
A standard authentication framework for wireless network authentication used in conjunction with 802.1X
Define EAP-FAST (Flexible Authentication via Secure Tunneling) (3)
- Establishes a secure tunnel over which authentication credentials are provided to authenticator
- Commonly used with RADIUS
- Uses shared secret to establish tunnel
Define PEAP (2)
- Protected EAP
- Like EAP-FAST except it requires a server certificate to create tunnel
Define EAP-TLS (3)
- Requires digital certificates on all devices
- Difficult to implement due to requirement of PKI
- Older devices that lack support for certificates can’t use it to connect
Define EAP-TTLS (2)
- Tunneled Transport Layer Security
- Works like EAP-TLS minus client digital certificate
Define Federation
Using third-party or external authentication services
Define RADIUS
Provides federated wireless authentication with other providers, such as Active Directory
Define 802.1X
Network authentication protocol that opens up wireless or wired network ports upon authentication and authorization
What is the pre-shared key used by the WiFi encryption protocols?
The WiFi password
Define WPS
- WiFi Protected Setup
- Instead of requiring a password to connect to WiFi, access is granted by transferring configuration to the device by using a PIN or with the push of a button when the devices are near each other via NFC
WiFi PSK
Pre-shared key, everyone uses the same password to access the WiFi network
Define WiFi Captive Portal (3)
- Authentication is done via a browser page where credentials are entered
- Access is often provided for a limited time before having to re-authenticate
- Can provide an acceptable use agreement that must be accepted
Define Site Survey for WiFi
A site survey for WiFi networks is conducted to identify possible interference and WiFi coverage
Define heat map for WiFi
A visual representation of the coverage/signal strength of a WiFi network
Uses of WiFi (packet) Analyzer (3)
Capture WiFi packets to view:
1. signal-to-noise ratio
2. channel use info
3. utilization
Define WiFi channel overlap and what channels don’t interfere with each other
- Access points can interfere with each other if their channels overlap
- In US, channels 1, 6, & 11 do not interfere with each other
WiFi access point placement considerations (3)
- Signal coverage (range)
- Interference (channel overlap)
- Site survey to identify these as well as external sources of interference
How do EAP-FAST and EAP-TLS stand out from other EAP-based protocols?
- EAP-FAST doesn’t require client or server certificates
- EAP-TLS requires both server and client certificates, PKI infrastructure, no tunnel but most secure
