Section 21. 200 Wireless Security Settings

Question 1

Wireless Security Settings

Answer 1

Crucial for securing wireless networks due to increasing usage

Question 2

Wireless Encryption

Answer 2

Wireless encryption is essential for data confidentiality in wireless networks

Secures Wirless networks from data interception

Question 3

WEP (Wired Equivalent Privacy)

Answer 3

■ Introduced in 1999 as part of IEEE 802.11

■ Utilises a static encryption key system

■ Considered insecure due to its weak 24-bit initialization vector

Question 4

WPA (Wi-Fi Protected Access)

Answer 4

■ Introduced in 2003 as an improvement over WEP

■ Implemented TKIP for dynamic key generation

■ Inherited some vulnerabilities from WEP

■ Due to TKIP vulnerabilities, it was susceptible to cryptographic attacks

■ Insecure due to insufficient data integrity checks in the TKIP implementation

Question 5

WPA2 (Wi-Fi Protected Access 2)

Answer 5

■ Introduced in 2004, replacing WPA

■ Uses AES protocol and CCMP protocol for stronger encryption:

● AES - Advanced Encryption Standard
● CCMP - Counter Cipher Mode with Block Chaining Message Authentication Code

Introduced Message Integrity Code (MIC) for integrity checking

Question 6

WPA3 (Wi-Fi Protected Access 3)

Answer 6

■ The latest and most secure wireless security protocol

■ Uses AES for encryption and introduces new features.

Question 7

WPA3 (Wi-Fi Protected Access 3) Features

Simultaneous Authentication of Equals (SAE)

Answer 7

Replaces the 4-way handshake with a Diffie-Hellman key
agreement

○ Protects against offline dictionary attacks

Question 8

WPA3 (Wi-Fi Protected Access 3) Features

Enhanced Open (Opportunistic Wireless Encryption)

Answer 8

Provides individualised data encryption even in open networks

○ Improves privacy and security in open Wi-Fi scenarios

Question 9

WPA3 (Wi-Fi Protected Access 3) Features

Updated Cryptographic Protocols

Answer 9

AES GCMP replaces AES CCMP used in WPA2

○ Supports both 128-bit and 192-bit AES for enhanced security

Question 10

WPA3 (Wi-Fi Protected Access 3) Features

Management Frame Protection

Answer 10

○ Ensures the integrity of network management traffic

Prevents eavesdropping, forging, and tampering with
management frames

Question 11

AAA Protocols

Answer 11

Important for centralised user authentication and access control

Question 12

AAA Protocols examples

RADIUS (Remote Authentication Dial-In User Service)

Answer 12

○ Offers Authentication, Authorization, and Accounting services

○ Widely used for secure access to network resources

Question 13

AAA Protocols examples

TACACS+ (Terminal Access Controller Access-Control System Plus)

Answer 13

Separates Authentication, Authorization, and Accounting
functions

○ More granular control

○ Encrypts the authentication process using TCP for enhanced security

Question 14

Authentication Protocols

Answer 14

Used to verify user identity and control network access

Question 15

Authentication Protocols examples

EAP (Extensible Authentication Protocol)

Answer 15

● Authentication framework supporting multiple methods

● Provides common functions and negotiation of authentication protocols

Question 16

Authentication Protocols examples

PEAP (Protected Extensible Authentication Protocol)

Answer 16

● Encapsulates EAP within an encrypted TLS tunnel

● Developed jointly by Cisco Systems, Microsoft, and RSA Security

Question 17

Authentication Protocols examples

EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)

Answer 17

● Extends TLS support across platforms

● Requires server-side certificates for security

Question 18

Authentication Protocols examples

EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)

Answer 18

● Developed by Cisco Systems for secure re-authentication

● Uses a Protected Access Credential and TLS tunnel