3.4 Flashcards
(16 cards)
What is WPA2
A revision of WPA that upgraded the encryption to an
Advanced Encryption Standard (AES) variant known as Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol (CCMP). WPA2 supports two authentication options: preshared key (PSK) or personal (PER) and IEEE 802.1x or enterprise (ENT).
What is WPA3
The replacement or upgrade of wireless authentication and encryption of WPA2. WPA3-ENT uses 192 bit AES CCMP encryption. WPA3-PER
replaces the preshared key authentication with Simultaneous Authentication of Equals
(SAE). WPA3 also implements IEEE 802.11w-2009 management frame protection so that a
majority of network management operations have confidentiality, integrity, authentication of
source, and replay protection.
What is CCMP
- Counter Mode with Cipher Block Chaining message Authentication Code Protocol
-A wireless security solution created to replace Wired Equivalent Privacy (WEP) and
Temporal Key Integrity Protocol/Wi-Fi Protected Access (TKIP/WPA). CCMP uses Advanced
Encryption Standard (AES) with a 128-bit key
What is SAE
-Simultaneous Authentication of Equals
-An authentication option of WPA3 that
uses a password, but it no longer encrypts and sends that password across the connection.
Instead, SAE performs a zero-knowledge proof process known as Dragonfly Key Exchange,
which is itself a derivative of Diffie-Hellman. The process uses a preset password and the
MAC addresses of the client and AP to perform authentication and session key exchange.
What is EAP?
-Extensible Authentication Protocol
-An authentication expansion system in which
new or custom mechanisms to perform authentication can be added to existing systems.
What is EAP-FAST?
-EAP Flexible Authentication via Secure Tunneling
-A Cisco protocol proposed to replace Lightweight Extensible Authentication Protocol (LEAP), which is obsolete
thanks to the development of Wi-Fi Protected Access 2 (WPA2).
-Authentication server (AS) and Supplicant share a protected access credential (PAC) (shared secret)
-Needs a RADIUS server
What is PEAP?
- Protected Extensible Authentication Protocol
- A protocol tool that encapsulates EAP methods within a Transport Layer Security (TLS) tunnel that provides authentication and potentially encryption.
- Created by Cisco, Microsoft, and RSA Security
- AS uses a digital certificate instead of a PAC
-Client doesn’t use a certificate
What is EAP-TLS
-(EAP Transport Layer Security
-An open Internet Engineering Task Force (IETF)
standard that is an implementation of the Transport Layer Security (TLS) protocol for use in
protecting authentication traffic.
- Support from most of the industry
- Requires digital certificates on the AS and all other devices
–AS and supplicant exchange certificates for mutual authentication
–TLS tunnel is then built for the user authentication process
-Relatively complex implementation
–Need a public key infrastructure (PKI)
–Must deploy and manage certificates to all wireless clients
–Not all devices can support the use of digital certificates.
What is EAP-TTLS?
-EAP Tunneled Transport Layer Security
-An extension of EAP-TLS that creates a virtual private network (VPN)–like tunnel between endpoints prior to authentication.
-Support other authentication protocols in a TLS tunnel
-Requires a digital certificate on the AS
–Does not require digital certificates on every device
–Builds a TLS tunnel using this digital certificate
-Use any authentication method inside the TLS tunnel
–Other EAPs
–MSCHAPv2
–Anything else
What is IEEE 802.1x?
A port-based authentication mechanism that ensures that clients can ’ t
communicate with a resource until proper authentication has taken place. Think of 802.1x
as an authentication proxy. This technology enables the leveraging or use of an authentication system elsewhere on the network, rather than requiring on-device/system authentication
(which is often limited to static passwords).
What is RADIUS Federation?
-An option under 802.1x that allows users and their devices to be able to authenticate to other networks in the federated group. This useful when several companies in the same industry want to grant their workers easy access to internal resources or Internet access when traveling or working at an alternate facility.
What is PSK?
-Preshared key
- (1) Cryptographic method in which two separate parties share a key via an out-of-band communication method prior to communication
-(2) An encryption key or authentication code that is distributed before clients need it to avoid on-demand key exchange procedures.
What are Site surveys?
- A formal assessment of wireless signal strength, quality, and interference using an RF signal detector. A site survey is performed by placing a wireless base station in a desired location and then collecting signal measurements from throughout the area. A site survey often produces a heat map.
What is a heat map
- A mapping of signal strength measurements over a budling’s blueprint. A site survey produces a heat map.
What is a Wi-Fi Analyzer?
-A network sniffer that is designed to interpret the radio signals of wireless networks in addition to evaluating the contents of headers and payloads of frames, packets, etc.
What are Channel Overlaps?
-The overlapping of wireless networking channels which causes interference. Wi-Fi band/frequency selection should be based on the purpose or use of the wireless network as well as the level of existing interference.
