Wireless security Flashcards
What is a MIC ?
Message integrity check.
Verifying the integrity of a wireless communication
What is a WAP?
Wireless access point.
Which security services and which encryption modes are used in WPA2 and WPA3?
WPA2 over CCMP offers encryption(confidentiality) via AES and integrity(MIC) via CBC-MAC
WPA3 offers stronger encryption than its predecessor using GCMP block cipher mode, and confidentiality with AES encryption, and a message integrity check(MIC) with GMAC.
What is the difference in authentication process between WPA2 and WPA3 that makes WPA3 more secure?
WPA2 has a PSK brute-force problem. Attackers can listen to the four-way handshake and capture the hash of the pre-shared-key(PSK) and from there brute force what it is from that hash.
WPA3 changes the PSK authentication process by adding mutual authentication so you are both authenticating with the access point, and the access point is also authenticating with you.
It also doesn’t send a hash over the network and creates a sharked session key without sending that key across the network. It also adds perfect forward secrecy which means that the session keys are created for sessions only and then thrown away.
What is SAE? (simultaneous authentication of equals)
Think of WPA3 when you see this.
This is a way of generating session keys that are used on both ends of a conversation without actually sending that key across the network.
What are the two most common ways of authenticating to a wireless network and what is the difference between them?
PSK and 802.1x
PSK is a shared password/pre shared key that everyone has to have/know in order to authenticate to the network.
802.1x is a centralized authentication so that everyone doesn’t have the same shared password to authenticate to a network. Users will be authenticated individually with an authentication server and unique credentials (i.e., RADIUS,LDAP,etc)
What is a captive portal?
A captive portal is the thing you would find in a hotel at the UNF library or in a coffee shop.
When you connect to the network your browser will load a login screen where you are asked to authenticate.
What is WPS?
Wifi protected setup.
this is meant to be an easy way for a mobile device to connect to a network.
It can use NFC, maybe pushing a button on the access point, or maybe a pin configured on the access point that you need to enter on the mobile device.
You don’t need to set up 802.1x or anything else you could just simply use one of these to allow access to a network.
WPS is inherently very insecure, it was built wrong from the beginning.
If you are using a pin, it is 7 digits, so only 10,000,000 different combinations and be brute forced extremely easily.
What is EAP?
Extensible authentication protocol
This is an authentication framework that is the framework for a lot of different authentication protocols.
We commonly see EAP used in conjunction with 802.1x authentication. You will be prompted for your authentication details and the EAP framework will be used to provide the authentication confirmation behind the scenes.
When you connect to a network the authenticator will send you an EAP request to authenticate and your credentials will be sent over EAP.
what is 802.1x?
802.1X is a way of configuring authentication on a network.
this is port-based network access control(NAC)
You don’t get access to the network in any way until you authenticate.
Used together with an access database (RADIUS, LDAP, TACACS+)
In authentication using 802.1x what are the three peices of the puzzle that are used to authenticate?
There is the Supplicant - the client
There is the Authenticator - the device that provides access
There is the Authentication Server - Validates the client credentials and stores valid credentials
For authentication servers think LDAP, RADIUS, TACACS+
What is EAP-faSt
EAP secure
I put emphasis on the “S” in fast to avoid confusion about it being faster. It is really EAP-FAST
Stands for EAP Flexible Authentication via Secure Tunneling
Uses TLS to encrypt the communications.
Needs a RADIUS server.
What is PEAP?
Protected EAP
PEAP is another solution to keeping authentication secure and encrypted(other than EAP-FAST)
This also uses TLS to create a secure tunnel for EAP.
Uses a digital certificate.
Clients don’t need individual certificates. Authentication server has a the digital certificate.
What is EAP-TLS?
EAP Transport Layer security.
Similar to other secure authentication protocols but in this instance the authentication server(RADIUS,LDAP,etc) needs a digital certificate as well as ALL other devices authenticating.
Uses a TLS tunnel.
This needs a PKI infrastructure because it is incredibly complicated to keep a certificate on every device and revoke and deploy them.
What is EAP-TTLS
EAP Tunneled Transport Layer Security
This is another EAP secure protocol.
This does not require a digital certificate to be on every single device, instead one is only needed on the AS.
A TLS tunnel is built using this digital certificate.
Once this TLS tunnel has been built we can use any authentication protocol inside of it such as other EAPs, MSCHAPv2, anything else.
