Wireless Security Settings Flashcards
What is WEP?
Wire Equivalent Privacy
Outdated 1999 wireless security standard meant to match wire LAN security for wireless networks
employs a static encryption key system where devices on the same network use the same key to encrypt and decrypt messages.
What is 64-bit WEP?
Consists of 40 bits of actual key data plus an extra 24 bits of initialization vector
What is 128-bit WEP?
Includes 104 bits of key data and an additional 24 bits of initialization vector
Why is WEP bad?
Insecure because of a weak 24-bit initialization vector
What is WPA?
Wi-Fi Protected Access
Introduced in 2003 as a temporary improvement over WEP while the more robust IEEE 802.11i standard was in development
This improved security with TKIP which generates new 128-bit keys for each packet, eliminating WEP’s key-reuse vulnerabilities
When you hear about WPA, consider what?
Insecure because of the lack of sufficient data integrity checks in the TKIP implementation
What is WPA2?
Wi-Fi Protected Access 2
Improved data protection and network access control by addressing weaknesses in WPA version
What is WPA3?
Wi-Fi Protected Access 3
Latest version using AES encryption and introducing new features like SAE, enhanced open, updated cryptographic protocols, and management protection frames
What is SAE?
Simultaneous Authentication of Equals
Enhances security by offering a key establishment protocol to guard against offline dictionary attacks
What is OWE?
Enhanced Open/Opportunistic Wireless Encryption
Major advancement in wireless security, especially for networks using open authentication
What is Cryptographic Protocol?
Uses a newer variant of AES known as the AES GCMP
What is GCMP?
Galois Counter Mode Protocol
Supports 128-bit AES for personal networks and 192-bit AES for enterprise networks with WPA3
What are Management Protection Frames?
Required to protect network from key recovery attacks
What is the AAA Protocol?
RADIUS or TACACS+
pivotal in managing network security by facilitating the centralization of user authentication to ensure that only authorized individuals can access the network resources.
What is RADIUS?
Remote Authentication Dial-In User Service Protocol (AAA Protocol)
client/server protocol offering AAA services for network users
What is TACACS+?
Terminal Access Controller Access-Control System Plus Protocol (AAA Protocol)
Separates the functions of AAA to allow for more granular control over processes
What are Authentication Protocols?
Confirm user identity for network security and authorized access
What is EAP?
Extensible Authentication Protocol
authentication framework that supports multiple authentication methods
What is PEAP?
Protected Extensible Authentication Protocol
authentication protocol that encapsulates EAP within a potentially encrypted and authenticated transport layer security or TLS tunnel.
Requires dual sided certificate authentication (server/client)
What is EAP-TTLS?
Extensible Authentication Protocol Tunneled Transport Layer Security
authentication protocol that extends TLS support across multiple platforms.
Requires a certificate only on the service side (server)
What is EAP-FAST?
Extensible Authentication Protocol Flexible Authentication via Secure Tunneling
authentication protocol developed by Cisco Systems that allows users to re-authenticate securely when roaming within a network without having to perform full authentication every single time.
