3.4 - Wireless Security Flashcards
What is WPA2?
Wi-Fi Protected Access II. It uses CCMP block cipher mode. The data is kept confidential with AES, and it includes message integrity check (MIC) with CBC-MAC.
What is WPA3?
Wi-Fi Protected Access III. It uses GCMP block cipher mode, AES, Message Integrity Check (MIC) with Galois Message Authentication Code (GMAC).
What is the WPA2 PSK problem?
An attacker can derive the PSK hash without listening to the 4-way handshake or by listening to the 4-way handshake. Once they have the hash, they can brute force the PSK (pre-shared key).
How does WPA3 change the PSK problem with WPA2?
It included mutual authentication. It creates a shared session key without sending that key across the network. There are no more four-way handshakes, hashes, or brute force attacks. Adds perfect forward secrecy, keys are changed out often and not shared.
What is Simultaneous Authentication of Equals (SAE)?
Used in WPA3. Everyone uses a different session key, even with the same PSK. A Diffie-Hellman derived key exchange with an authentication component.
List several Wireless Security Modes.
1) Open (no security)
2) WPA3-Personal / WPA3-PSK
- Unique WPA3 session key is derived from the PSK
using SAE
3) WPA3-Enterprise / WPA3-802.1X
- Authenticates users individually with an
authentication server
What is a captive portal?
If an Access table recognizes the lack of authentication when you try to connect to a network, it will redirect your web access to a captive portal page where it might ask for a username and password.
Doctor’s office
Guest Wi-Fis
What is WPS?
Wi-Fi Protect Setup
Allows “easy” setup of a mobile device. You can push a button on AP, use a pin, or use NFC.
The PIN for WPS is weak and can be easily brute forced.
What is Extensible Authentication Protocol (EAP)?
An authentication framework within wireless authentication. It provides many ways to authenticate based on RFC standards, and it integrates with 802.1X.
What is IEEE 802.1X?
Port-based Network Access Control (NAC)
It is used in conjunction with an access database (RADIUS, LDAP, TACACS+). Access to the network is not given until authentication.
There is a Supplicant (the client), an Authenticator (the device that provides access), and an Authentication Server (validates the client credentials).
What is EAP-FAST?
EAP Flexible Authentication via Secure Tunneling.
Authentication server (AS) and supplicant share a protected access credential (PAC) (shared secret). Supplicant receives the PAC, and supplicant and the AS mutually authenticate and negotiate a TLS tunnel. User authentication occurs over the TLS tunnel.
A RADIUS server is needed. It provides the authentication database and the EAP-FAST services.
What is PEEP?
Protected Extensible Authentication Protocol
Encapsulates EAP in a TLS tunnel. Authentication Sever (AS) uses a digital certificate instead of a PAC. Client doesn’t use a certificate.
Microsoft uses with MSCHAPv2
User can also authenticate with GTC (Generic Token Card)
Cisco, Microsoft, and RSA Security
What is EAP-TLS?
EAP Transport Layer Security
Requires digital certificates on the Authentication Server (AS) and all other devices. AS and supplicant exchange certificates for mutual authentication. TLS tunnel is then built for the user authentication process.
Relatively complex implementation
- Need a public key infrastructure (PKI)
- Must deploy and manage certificates to all
wireless clients
- Not all devices can support the use of digital
certificates
What is EAP-TTLS?
EAP Tunneled Transport Layer Security
Requires a digital certificate on the Authentication Server (AS). It does not require digital certificates on every device. It builds a TLS tunnel using this digital certificate.
Use an authentication method inside the TLS tunnel
- Other EAPs
- MSCHAPv2
- Anything else
What is RADIUS Federation
RADIUS with federation
Members of one organization can authenticate to the network of another organization and use their normal credentials.
Uses 802.1X as the authentication method and RADIUS on the backend. EAP to authenticate