FLASH CARDS

7.03 Compare and contrast wireless security protocols and authentication methods

What is the main security concern with wireless networks?
Wireless networks use radio signals, which can be intercepted by anyone within range if not properly encrypted.
What is Wi-Fi Protected Access (WPA)?
WPA is a security protocol designed to protect wireless networks by encrypting traffic and preventing unauthorized access.
What does WPA1 use to encrypt data?
WPA1 uses the RC4 symmetric cipher to encrypt data, like its predecessor WEP.
What was added to WPA1 to fix WEP vulnerabilities?
Temporal Key Integrity Protocol (TKIP) was added to WPA1 to address WEP’s security flaws.
Why is WPA1 no longer secure?
Even with TKIP, WPA1 remains vulnerable to replay attacks, which allow attackers to recover encryption keys.
What protocol does WPA2 use for encryption?
WPA2 uses the Advanced Encryption Standard (AES) for encryption.
What is CCMP, and how does it improve security in WPA2?
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) provides authenticated encryption, making replay attacks harder.
What compatibility modes do some access points support in WPA2?
Some access points support WPA2-TKIP or WPA2-TKIP+AES compatibility modes, but these weaken security and should be avoided.
What are the key improvements in WPA3 over WPA2?
WPA3 includes Simultaneous Authentication of Equals (SAE), updated cryptographic protocols, protected management frames, and Wi-Fi Enhanced Open.
What is Simultaneous Authentication of Equals (SAE) in WPA3?
SAE replaces WPA2's 4-way handshake, providing a more secure method for authenticating and exchanging encryption keys.
What cryptographic protocol does WPA3 use instead of AES CCMP?
WPA3 uses AES Galois Counter Mode Protocol (GCMP), which is more secure than AES CCMP.
How does WPA3 handle open Wi-Fi networks?
WPA3 encrypts traffic on open Wi-Fi networks, even though no password is required, protecting data from sniffing.
What are the three types of Wi-Fi authentication methods?
Wi-Fi authentication methods include open, personal, and enterprise authentication.
What is WPA2-PSK (Pre-Shared Key) authentication?
WPA2-PSK uses a passphrase shared by all users to generate a pairwise master key (PMK) for encrypting communications.
Why should WPA2 passphrases be at least 14 characters long?
Longer passphrases help reduce the risk of brute-force attacks.
What is WPA3-SAE (Simultaneous Authentication of Equals)?
WPA3-SAE is a more secure protocol that replaces WPA2's 4-way handshake for stronger protection, even with weak passphrases.
What is WPA3-Personal Transition mode?
It allows WPA3 to support legacy WPA2 clients but weakens overall network security.
What is the main issue with personal Wi-Fi authentication methods like WPA2-PSK?
Personal authentication uses the same passphrase for all users, which can be insecure and lacks individual user tracking (accounting).
What protocol is used in WPA2-Enterprise and WPA3-Enterprise authentication?
Both use the 802.1X authentication standard with Extensible Authentication Protocol (EAP).
How does 802.1X enterprise authentication work?
The access point forwards user credentials to an Authentication, Authorization, and Accounting (AAA) server for validation.
What are the benefits of enterprise Wi-Fi authentication over personal methods?
Enterprise authentication provides secure credential storage on the AAA server, advanced authentication methods, and multifactor authentication support.
What is EAP-TLS, and how does it enhance security?
EAP-TLS is a strong authentication method that uses encryption key pairs and digital certificates on both the server and wireless client for multifactor authentication.
What is the role of RADIUS in enterprise Wi-Fi authentication?
RADIUS is a protocol used to implement AAA servers, forwarding credentials between the user’s device and the server for validation.
What is TACACS+ used for?
TACACS+ is commonly used for administrative access to networking devices like routers and switches, providing more control over command execution than RADIUS.
How does Kerberos support single sign-on (SSO) in Windows networks?
Kerberos allows users to authenticate once to a domain controller, and it provides tickets that grant access to multiple services without needing to re-enter credentials.
How do access points tunnel Kerberos credentials in wireless networks?
Access points use RADIUS or TACACS+ to tunnel Kerberos credentials, allowing wireless clients to authenticate to a domain controller and use SSO.

BACK TO LESSON

KNOWLEDGE CHECK

HOME

FLASH CARDS

7.03 Compare and contrast wireless security protocols and authentication methods

What is the main security concern with wireless networks?

Wireless networks use radio signals, which can be intercepted by anyone within range if not properly encrypted.

What is Wi-Fi Protected Access (WPA)?

WPA is a security protocol designed to protect wireless networks by encrypting traffic and preventing unauthorized access.

What does WPA1 use to encrypt data?

WPA1 uses the RC4 symmetric cipher to encrypt data, like its predecessor WEP.

What was added to WPA1 to fix WEP vulnerabilities?

Temporal Key Integrity Protocol (TKIP) was added to WPA1 to address WEP’s security flaws.

Why is WPA1 no longer secure?

Even with TKIP, WPA1 remains vulnerable to replay attacks, which allow attackers to recover encryption keys.

What protocol does WPA2 use for encryption?

WPA2 uses the Advanced Encryption Standard (AES) for encryption.

What is CCMP, and how does it improve security in WPA2?

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) provides authenticated encryption, making replay attacks harder.

What compatibility modes do some access points support in WPA2?

Some access points support WPA2-TKIP or WPA2-TKIP+AES compatibility modes, but these weaken security and should be avoided.

What are the key improvements in WPA3 over WPA2?

WPA3 includes Simultaneous Authentication of Equals (SAE), updated cryptographic protocols, protected management frames, and Wi-Fi Enhanced Open.

What is Simultaneous Authentication of Equals (SAE) in WPA3?

SAE replaces WPA2's 4-way handshake, providing a more secure method for authenticating and exchanging encryption keys.

What cryptographic protocol does WPA3 use instead of AES CCMP?

WPA3 uses AES Galois Counter Mode Protocol (GCMP), which is more secure than AES CCMP.

How does WPA3 handle open Wi-Fi networks?

WPA3 encrypts traffic on open Wi-Fi networks, even though no password is required, protecting data from sniffing.

What are the three types of Wi-Fi authentication methods?

Wi-Fi authentication methods include open, personal, and enterprise authentication.

What is WPA2-PSK (Pre-Shared Key) authentication?

WPA2-PSK uses a passphrase shared by all users to generate a pairwise master key (PMK) for encrypting communications.

Why should WPA2 passphrases be at least 14 characters long?

Longer passphrases help reduce the risk of brute-force attacks.

What is WPA3-SAE (Simultaneous Authentication of Equals)?

WPA3-SAE is a more secure protocol that replaces WPA2's 4-way handshake for stronger protection, even with weak passphrases.

What is WPA3-Personal Transition mode?

It allows WPA3 to support legacy WPA2 clients but weakens overall network security.

What is the main issue with personal Wi-Fi authentication methods like WPA2-PSK?

Personal authentication uses the same passphrase for all users, which can be insecure and lacks individual user tracking (accounting).

What protocol is used in WPA2-Enterprise and WPA3-Enterprise authentication?

Both use the 802.1X authentication standard with Extensible Authentication Protocol (EAP).

How does 802.1X enterprise authentication work?

The access point forwards user credentials to an Authentication, Authorization, and Accounting (AAA) server for validation.

What are the benefits of enterprise Wi-Fi authentication over personal methods?

Enterprise authentication provides secure credential storage on the AAA server, advanced authentication methods, and multifactor authentication support.

What is EAP-TLS, and how does it enhance security?

EAP-TLS is a strong authentication method that uses encryption key pairs and digital certificates on both the server and wireless client for multifactor authentication.

What is the role of RADIUS in enterprise Wi-Fi authentication?

RADIUS is a protocol used to implement AAA servers, forwarding credentials between the user’s device and the server for validation.

What is TACACS+ used for?

TACACS+ is commonly used for administrative access to networking devices like routers and switches, providing more control over command execution than RADIUS.

How does Kerberos support single sign-on (SSO) in Windows networks?

Kerberos allows users to authenticate once to a domain controller, and it provides tickets that grant access to multiple services without needing to re-enter credentials.

How do access points tunnel Kerberos credentials in wireless networks?

Access points use RADIUS or TACACS+ to tunnel Kerberos credentials, allowing wireless clients to authenticate to a domain controller and use SSO.

OSIBridge Program IT/Tech and Professional skills training.