CompTIA Security+ Study Notes
HomeBuy Me A CoffeeDiscordQuizlet
Search…
About
Donors
CompTIA Security+
Acronyms
Common Ports
Domain 1 - Threats, Attacks, & Vulnerabilities
Domain 2 - Technologies & Tools
Domain 3 - Architecture & Design
Domain 4 - Identity & Access Management
Domain 5 - Risk Management
Domain 6 - Cryptography & PKI
Cryptography Concepts
Cryptography Algorithms
WiFi Security
Public Key Infrastructure
Powered By GitBook
WiFi Security

Wireless Access Methods

  • Open Authentication - Only need to know the network name/SSID.
    • Captive Portal - Web page that is launched first when connecting through a network.
  • Shared Authentication
    • The client and the wireless access point must negotiate and share a key prior to initiating communications.
    • Pre-Shared Key (PSK) - Each user uses the same key to connect to the WiFi.
  • Enterprise
    • A server handles distribution of cryptographic keys and/or digital certificates.
    • Extensible Authentication Protocol (EAP)

WiFi Protected Setup (WPS)

  • Standard to simplify Wireless Access Point (AP) setup for home users.
  • Three modes:
    • PIN Entry
    • Push-Button Configuration (PBC)
    • Near Field Communicaiton (NFC)

Wireless Cryptographic Protocols

  • Wired Equivalent Privacy (WEP) - This original wireless encryption standard should not be used today.
  • WiFi Protected Access (WPA) - WPA was developed in response to security concerns over WEP.
  • WiFi Protected Access Version 2 (WPA2)
    • Required for WiFi certified devices.
    • Uses AES for encryption.
    • Based on the IEEE 802.11i standard.

WiFi Protected Access 2 (WPA2)

  • Counter Mode with Cipher Block Chaning Message Authentication Code Protocol (CCMP)
    • Replaced TKIP
    • Based on AES encryption cipher.
    • CCM combines CTR for confidentiality and CBC-MAC for authentication and integrity.
  • Fully implements the IEE802.11i-2004 WiFi security standards.

Authentication Protocols

  • Extensible Authentication Protocol (EAP)
    • Requires an authentication server.
    • Allows authentication methods beyond username/password.
    • Provides support for public certificates.
    • Four modes:
      • PEAP - Protected EAP
      • EAP-TLS - EAP-Transport Layer Security
      • EAP-TTLS - EAP Tunneled Transport Layer Security
      • EAP-FAST - EAP Flexible Authentication via Secure Tunneling
Could not load image
  • IEEE 802.1x
    • The IEEE standard for port-based network access control.
  • RADIUS Federation
    • A group of RADIUS servers that assist with network froaming.
    • The servers will validate the login credentials of a user belonging to another RADIUS server's network.
    • Using RADIUS to authenticate between entities.
    • As part of PEAP negotiation, client establishes a TLS session with a RADIUS server.
    • Client authenticates with RADIUS server.
Previous
Cryptography Algorithms
Next
Public Key Infrastructure
Last modified 1yr ago
Copy link
On this page
Wireless Access Methods
WiFi Protected Setup (WPS)
Wireless Cryptographic Protocols
WiFi Protected Access 2 (WPA2)
Authentication Protocols