Wireless Encryption and Authentication Facts Flashcards
When configuring a wireless network, it is imperative to properly secure all data. This means ensuring that only authenticated users can access the network and that all data is encrypted using the appropriate algorithms. (true/false)
true
Wireless networks today use either the WPA2 or WPA3 security standards along with an appropriate encryption algorithm. (true/false)
true
-was used with the WPA and WPA2 wireless security standards.
-was developed to address the security flaws that were prevalent in the Wired Equivalent Privacy (WEP) wireless security standard.
Temporal Key Integrity Protocol (TKIP)
WEP uses the same session key for the entire session. This makes it extremely easy to crack, allowing an attacker to intercept all data. (true/false)
true
With TKIP, each packet has a unique encryption key. TKIP accomplishes this by mixing:
-A base key
-The MAC address of the wireless access point.
-A packet serial number
-The serial number is changed for each packet which results in a new encryption key for each packet.
-The encryption key for each packet is 128-bits and is based on the Rivest Cipher 4 (RC4) encryption algorithm.
_____ is known to have vulnerabilities and is no longer considered secure and should not be used on modern wireless networks.
Temporal Key Integrity Protocol (TKIP)
_____ is based on the Rijndael algorithm
Advanced Encryption Standard (AES)
-_____ keys can be either 128, 192, or 256 bits and encrypts data in 128-bit chunks.
-_____ is typically combined with the Counter Mode with Cipher Block Chaining Message Authentication (CCMP) to enhance the security of the wireless network.
-_____ is considered one of the strongest encryption protocols and is used in more than just wireless networks.
Advanced Encryption Standard (AES)
You should implement authentication protocols to ensure that only authorized users can access the wireless network. (true/false)
true
Remote Authentication Dial-In Service (RADIUS)
-is an open standard protocol used to authenticate users onto a network
-is an open standard and can be used by any manufacturer.
-Sends a user’s credentials over UDP.
-Encrypts only the password. The username is sent in cleartext.
-Uses port 1812 for authentication and authorization.
-Uses port 1813 for accounting.
Terminal Access Controller Access-Control System (TACACS+)
-was developed by Cisco to address security concerns in RADIUS.
-is used only on Cisco devices.
-sends a user’s credentials over TCP.
-encrypts all data packets including username and password.
-uses port 49 for all communications.
_____ was developed at MIT and is a key component of Windows Active Directory
Kerberos
Kerberos has three main components:
-Client
-Authentication server (typically the Active Directory server)
-Trusted Key Distribution Center (KDC)
When a user attempts to login to the network, the following process occurs:
-The user’s credentials are sent to the authentication server.
-The authentication server validates the user’s credentials, and sends back a session key and a ticket granting ticket.
-The user sends the session key and ticket granting ticket to the KDC. The KDC sends back a ticket that authenticates the user for the session.
Using tickets, _____ allows clients and servers to authenticate with each other seamlessly throughout the network.
Kerberos
