Wireless Security Flashcards
Same encryption key is used by the access point and the client
Pre-Shared Key
Original 802.11 wireless security standard that claims to be as secure as a wired network. (40-bit encryption key that later upgraded to a 64-bit key, and then again to 128-bit key.)
WEP (Wired Equivalent Privacy)
Replacement for WEP, which uses TKIP, Message Integrity Check (MIC), and RC4 encryption
WPA (Wi-Fi Protected Access)
802.11i standard to provide better wireless security featuring AES with 128-bit key, CCMP, and integrity checking
Wi-Fi Protected Access version 2 (WPA2)
What should you remember for each:
- Open
- WEP
- WPA
- WPA2
- Open - No security or protection provided
- WEP - IV (initialization vectors)
- WPA - TKIP and RC4
- WPA2 - CCMP and AES
Automated encryption setup for wireless networks at a push of a button, but is severely flawed and vulnerable
Wi-Fi Protected Setup (WPS)
Latest and most secure version of wireless network encryption currently available. (Uses 192-bit key or 128-bit key, and uses GCMP (Galois Counter Mode Protocol), and includes SAE)
Wi-Fi Protected Access 3 (WPA3)
A secure password-based authentication and password authenticated key agreement that relies on forward secrecy (uses dragonfly handshake, used in WPA3)
Simultaneous Authentication of Equals (SAE)
OWE
Opportunistic Wireless Encryption (OWE)
Assures the session keys will not be compromised even if the long-term secrets used in the session key exchange have
Forward Secrecy
Cross-platform protocol that authenticates and authorizes users to services, and accounts for their usage
Remote Authentication Dial-In User Service (RADIUS)
Cisco-proprietary protocol that provides separate authentication, authorization, and accounting services
Terminal Access Controller Access Control System Plus (TACACS+)
Peer-to-peer protocol created as a next-generation version of RADIUS
Diameter
Cross-platform protocol that centralizes info about clients and objects on the network
Lightweight Directory Access Protocol (LDAP)
Enables users to authenticate once and receive authorization for multiple services across the network
Single Sign-On (SSO)
Uses symmetric encryption and the Key Distribution Center to conduct authentication and authorization functions
Kerberos
Used for port-based authentication on both wired and wireless networks
802.1x framework
Allows for numerous different mechanisms of authentication
Extensible Authentication Protocol (EAP) framework
Type of EAP that utilizes simple passwords and the challenge handshake authentication process to provide remote access authentication (both password authentication)
EAP-MD5
Type of EAP that uses public key infrastructure with a digital certificate being installed on both the client and the server (both digital certificate authentication)
EAP-TLS
Type of EAP that requires a digital certificate on the server and a password on the client for its authentication (one password and one digital certificate authentication)
EAP-TTLS
Type of EAP that uses a protected access credential to establish mutual authentication between devices
EAP Flexible Authentication via Secure Tunneling (EAP-FAST)
Type of EAP that uses server certificates and Microsoft’s Active Directory database to authenticate a client’s password
Protected EAP (PEAP)
Type of EAP that is Protected EAP (PEAP) but proprietary to Cisco-based devices
Lightweight EAP (LEAP)
The name of the wireless network
Service Set Identifier (SSID)
3 frequency band channels
1) 2.4 GHz
2) 5 GHz
3) 6 GHz
2.4 GHz networks operate on which channels?
channels 1-11
