5.9 Wireless Security Protocols

Question 1

What are the three main wireless security protocols?

Answer 1

1. WPA (Wi-Fi Protected Access)
2. WPA2 (Wi-Fi Protected Access 2)
3. WPA3 (Wi-Fi Protected Access 3)

WPA: An older wireless security protocol using TKIP for encryption, offering better security than WEP but less secure than newer protocols.

WPA2: A more secure protocol that uses AES encryption, providing stronger protection than WPA.

WPA3: The latest protocol with enhanced security, including stronger encryption and better protection against attacks.

Question 2

What are three characteristics of WPA?

Answer 2

1. Supports encryption with TKIP.
2. Includes 802.1x authentication.
3. Uses authentication with pre-shared keys.

WPA was designed to improve WEP security and thus includes multiple authentication methods and encryption options.

Question 3

Define:

What protocol uses AES encryption for stronger wireless protection?

Answer 3

WPA2

WPA2 replaced WPA as the default standard for wireless security in 2004, offering more robust encryption.

Question 4

What encryption protocol does WPA2 use by default?

Answer 4

AES (Advanced Encryption Standard)

AES is a symmetric key encryption standard endorsed by the U.S. government.

Question 5

What are the authentication methods used in WPA2-Enterprise networks?

Answer 5

• EAP (Extensible Authentication Protocol)
• RADIUS (Remote Authentication Dial-In User Service)
• 802.1X

EAP: A framework for user and device authentication with various methods.

RADIUS: A server that handles network access authentication and authorization.

802.1X: A protocol for controlling network access using EAP authentication.

Question 6

Define:

TKIP (Temporal Key Integrity Protocol)

Answer 6

A legacy encryption protocol used in WPA.

TKIP was introduced as a temporary solution to replace WEP, but AES is now preferred due to stronger security.

Question 7

What improvement does WPA2 provide over WPA?

Answer 7

WPA2 replaces TKIP with AES, providing stronger encryption.

AES is considered more secure and less vulnerable to attacks compared to TKIP.

Question 8

List three features of WPA3.

Answer 8

1. Simultaneous Authentication of Equals (SAE)
2. Opportunistic Wireless Encryption (OWE)
3. Protected Management Frames (PMF)

SAE: Replaces PSK for enhanced security.

OWE: Secures open networks without passwords.

PMF: Enhances protection against certain attacks.

Question 9

Define:

forward secrecy

Answer 9

It prevents session key compromise if long-term keys are leaked.

Forward secrecy ensures past session data remains secure even if an attacker obtains private keys later.

Question 10

Why is WPA2 still widely used despite WPA3’s release?

Answer 10

WPA2 is more compatible with existing devices.

WPA3 adoption is growing, but many devices do not yet support WPA3, making WPA2 more practical.

Question 11

True or False:

WPA3 uses TKIP for encryption.

Answer 11

False

WPA3 eliminates TKIP entirely in favor of AES with advanced key exchange mechanisms.

Question 12

How does WPA3 improve security for public Wi-Fi networks?

Answer 12

By using Opportunistic Wireless Encryption (OWE) for open networks.

OWE prevents attackers from eavesdropping on public Wi-Fi, ensuring data is encrypted even on open, password-free networks.

Question 13

What is the wireless protocol used by WPA3 for privacy and integrity?

Answer 13

GCMP

WPA3 utilizes the Galois/Counter Mode Protocol (GCMP) for encryption and message integrity, employing AES for encryption and GMAC for integrity checks.

Question 14

True or False:

WPA3 uses a 256-bit encryption key.

Answer 14

False

WPA3 typically uses 128-bit encryption keys, though the underlying AES algorithm can be configured with higher bit lengths for certain implementations.

Question 15

Why is SAE considered more secure than PSK in WPA3?

Answer 15

It offers mutual authentication and guards against offline dictionary attacks.

Unlike PSK, SAE generates unique session keys for each connection.

Question 16

Why is WPA3 resistant to offline dictionary attacks?

Answer 16

It uses Simultaneous Authentication of Equals (SAE) for key exchange.

SAE in WPA3 prevents attackers from attempting to guess passwords offline, unlike WPA2, where password attempts can be performed offline.

Question 17

What authentication method is used by WPA-Personal?

Answer 17

Pre-Shared Key

(PSK)

WPA-Personal (WPA-PSK) is suited for small networks without a RADIUS server.

Question 18

What are two ways to confirm WPA2 with a pre-shared key?

Answer 18

1. Check the WLC’s GUI.
2. Attempt to connect using a smartphone with the PSK.

Verifying the PSK can be done through the WLC interface or by trying to connect with the key from a mobile device.

Question 19

What must be shared with each client in personal mode of WPA, WPA2, and WPA3?

Answer 19

A key string

In personal mode, every client requires a shared key string for network access, which poses risks of eavesdropping during the handshake process.

Question 20

What option signifies open authentication when configuring a WLAN’s Layer 2 authentication?

Answer 20

None

Selecting ‘None’ indicates open authentication, which does not require any credentials or keys, differing from other security options like WPA or WEP.

Question 21

True or False:

WPA2-Enterprise requires a shared password between users and devices.

Answer 21

False

WPA2-Enterprise uses individual credentials and authentication through RADIUS rather than a shared key.