Wireless Security Settings

Question 1

What is WEP?

Answer 1

Wire Equivalent Privacy

Outdated 1999 wireless security standard meant to match wire LAN security for wireless networks

employs a static encryption key system where devices on the same network use the same key to encrypt and decrypt messages.

Question 2

What is 64-bit WEP?

Answer 2

Consists of 40 bits of actual key data plus an extra 24 bits of initialization vector

Question 3

What is 128-bit WEP?

Answer 3

Includes 104 bits of key data and an additional 24 bits of initialization vector

Question 4

Why is WEP bad?

Answer 4

Insecure because of a weak 24-bit initialization vector

Question 5

What is WPA?

Answer 5

Wi-Fi Protected Access

Introduced in 2003 as a temporary improvement over WEP while the more robust IEEE 802.11i standard was in development

This improved security with TKIP which generates new 128-bit keys for each packet, eliminating WEP’s key-reuse vulnerabilities

Question 6

When you hear about WPA, consider what?

Answer 6

Insecure because of the lack of sufficient data integrity checks in the TKIP implementation

Question 7

What is WPA2?

Answer 7

Wi-Fi Protected Access 2

Improved data protection and network access control by addressing weaknesses in WPA version

Question 8

What is WPA3?

Answer 8

Wi-Fi Protected Access 3

Latest version using AES encryption and introducing new features like SAE, enhanced open, updated cryptographic protocols, and management protection frames

Question 9

What is SAE?

Answer 9

Simultaneous Authentication of Equals

Enhances security by offering a key establishment protocol to guard against offline dictionary attacks

Question 10

What is OWE?

Answer 10

Enhanced Open/Opportunistic Wireless Encryption

Major advancement in wireless security, especially for networks using open authentication

Question 11

What is Cryptographic Protocol?

Answer 11

Uses a newer variant of AES known as the AES GCMP

Question 12

What is GCMP?

Answer 12

Galois Counter Mode Protocol

Supports 128-bit AES for personal networks and 192-bit AES for enterprise networks with WPA3

Question 13

What are Management Protection Frames?

Answer 13

Required to protect network from key recovery attacks

Question 14

What is the AAA Protocol?

Answer 14

RADIUS or TACACS+

pivotal in managing network security by facilitating the centralization of user authentication to ensure that only authorized individuals can access the network resources.

Question 15

What is RADIUS?

Answer 15

Remote Authentication Dial-In User Service Protocol (AAA Protocol)

client/server protocol offering AAA services for network users

Question 16

What is TACACS+?

Answer 16

Terminal Access Controller Access-Control System Plus Protocol (AAA Protocol)

Separates the functions of AAA to allow for more granular control over processes

Question 17

What are Authentication Protocols?

Answer 17

Confirm user identity for network security and authorized access

Question 18

What is EAP?

Answer 18

Extensible Authentication Protocol

authentication framework that supports multiple authentication methods

Question 19

What is PEAP?

Answer 19

Protected Extensible Authentication Protocol

authentication protocol that encapsulates EAP within a potentially encrypted and authenticated transport layer security or TLS tunnel.

Requires dual sided certificate authentication (server/client)

Question 20

What is EAP-TTLS?

Answer 20

Extensible Authentication Protocol Tunneled Transport Layer Security

authentication protocol that extends TLS support across multiple platforms.

Requires a certificate only on the service side (server)

Question 21

What is EAP-FAST?

Answer 21

Extensible Authentication Protocol Flexible Authentication via Secure Tunneling

authentication protocol developed by Cisco Systems that allows users to re-authenticate securely when roaming within a network without having to perform full authentication every single time.