Security: Compare and contrast wireless security protocols and authentication methods Flashcards
CompTIA A+ 220-1102 Exam Criteria
What is the Protocol and Encryption of WPA2?
Wi-Fi Protected Access 2 (WPA2) - encrypts information packets as they are sent out from the access point or wireless network card using the Advanced Encryption Standard (AES) algorithm. When WPA2 is enabled with the strongest encryption option, anyone within network range may be able to see the traffic, but it is scrambled using the most recent encryption standards and is accepted by the Department of Defense as the industry standard. This standard has stood for quite some time and is still continued to be supported.
What is the Protocol and Encryption of WPA3?
Is the most recent generation of Wi-Fi security, released in 2018. It has not yet gained widespread acceptance, but it aims to improve some security aspects that WPA2 lacks, such as securing open networks, protecting simple passwords, and simplifying device configuration.
What is the difference with WPA2 and WPA3?
WPA3 has Enhanced encryption. WPA3 protocols call for GCMP-256 encryption rather than 128-bit encryption used in prior versions. It’s much harder for one user to snoop on someone else’s traffic with this method.
Stronger protections. A user can make one offline password guess. Brute-force attacks, in which a hacker uses hundreds of tries, aren’t possible. S
Secure Hand Shake: In WPA3 encryption, devices use so-called Simultaneous Authentication of Equals (SAE). It’s much harder to eavesdrop passwords, and that could keep devices safer.
Downfalls of WPA3 - Not widely supported yet
WPA2 does not provide similar security for public networks. Protection against Attacks: WPA3 addresses some security vulnerabilities and weaknesses found in WPA2, including the KRACK (Key Reinstallation Attack) vulnerability.
What is TKIP used for?
Temporal Key Integrity Protocol (TKIP) is an older encryption protocol used with WPA, and CCMP is the newer encryption protocol used with WPA2. IEEE has deprecated WPA and TKIP due to various security issues, but many wireless networks are still using these older protocols.
What is AES?
Advance Encryption Standard - TKIP also turned out to be insecure, so a new standard called WPA2 was created, which uses AES, or Advanced Encryption Standard. AES is much more secure because it uses longer encryption keys and has been on almost all new Wi-Fi routers sold in the last few years.
What is the RADIUS functions?
In enterprise mode in WAP Settings – Remote Access Dial In User Service – Authenticate a remote client trying to make into a wireless network.
Requires each network device have preconfigured settings
It utilizes a combination of Authorization & Authentication - Designed for AAA ( Authorization & Authentications & Accounting) Subscription - Users and Clients
Minimal Vendor Support for Authorization
Uses UDP to access the wireless network - 1645/1646 - 1812/1813
Less Secure and only uses Password Encryption
What is the main difference of RADIUS and TACACS+
Terminal Access Controller Access-Control System - Uses TCP connections. Port 49
Separates AAA functions - More flexible and is used for Administration
Central Management for Authorization Configuration
Supported by most vendors
The main difference between RADIUS and TACACS+ is that RADIUS is mainly a network access protocol for user authentication, whereas TACACS+ is predominantly used for administrating network devices like routers and switches
More secured and encrypts the whole packet including username and password + Attributes.
What is Kerboros?
A Kerberos is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network.
Kerberos uses symmetric key cryptography and a key distribution center (KDC) to authenticate and verify user identities.
Verifies users and Service - before session
What are the benefits of using Kerberos Authentication system?
Delegated authentication.
Single sign on.
Interoperability.
More efficient authentication to servers.
Mutual authentication.
https://www.youtube.com/watch?v=Xjpi8xYqPcY
Multifactor authentication?
That’s why almost all online services - banks, social media, shopping and yes, Microsoft 365 too - have added a way for your accounts to be more secure. You may hear it called “Two-Step Verification” or “Multifactor Authentication” but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second thing - what we call a second “factor” - to prove who you are.
A factor in authentication is a way of confirming your identity when you try to sign in. For example, a password is one kind of factor, it’s a thing you know. The three most common kinds of factors are:
Something you know - Like a password, or a memorized PIN.
Something you have - Like a smartphone, or a secure USB key.
Something you are - Like a fingerprint, or facial recognition.