Open Authentication - Only need to know the network name/SSID.
Captive Portal - Web page that is launched first when connecting through a network.
Shared Authentication
The client and the wireless access point must negotiate and share a key prior to initiating communications.
Pre-Shared Key (PSK) - Each user uses the same key to connect to the WiFi.
Enterprise
A server handles distribution of cryptographic keys and/or digital certificates.
Extensible Authentication Protocol (EAP)
Standard to simplify Wireless Access Point (AP) setup for home users.
Three modes:
PIN Entry
Push-Button Configuration (PBC)
Near Field Communicaiton (NFC)
Wired Equivalent Privacy (WEP) - This original wireless encryption standard should not be used today.
WiFi Protected Access (WPA) - WPA was developed in response to security concerns over WEP.
WiFi Protected Access Version 2 (WPA2)
Required for WiFi certified devices.
Uses AES for encryption.
Based on the IEEE 802.11i standard.
Counter Mode with Cipher Block Chaning Message Authentication Code Protocol (CCMP)
Replaced TKIP
Based on AES encryption cipher.
CCM combines CTR for confidentiality and CBC-MAC for authentication and integrity.
Fully implements the IEE802.11i-2004 WiFi security standards.
Extensible Authentication Protocol (EAP)
Requires an authentication server.
Allows authentication methods beyond username/password.
Provides support for public certificates.
Four modes:
PEAP - Protected EAP
EAP-TLS - EAP-Transport Layer Security
EAP-TTLS - EAP Tunneled Transport Layer Security
EAP-FAST - EAP Flexible Authentication via Secure Tunneling
IEEE 802.1x
The IEEE standard for port-based network access control.
RADIUS Federation
A group of RADIUS servers that assist with network froaming.
The servers will validate the login credentials of a user belonging to another RADIUS server's network.
Using RADIUS to authenticate between entities.
As part of PEAP negotiation, client establishes a TLS session with a RADIUS server.
Client authenticates with RADIUS server.