Wireless encryption
• All wireless computers are radio transmitters
and receivers
• Anyone can listen in
- Solution: Encrypt the data
- Everyone gets the password
- Or their own password
• Only people with the password can transmit and
listen
• WPA and WPA2
WPA (Wi-Fi Protected Access)
• 2002: WPA was the replacement for serious
cryptographic weaknesses in WEP
• (Wired Equivalent Privacy)
• Don’t use WEP
• Needed a short-term bridge between WEP and
whatever would be the successor
• Run on existing hardware
• WPA: RC4 with TKIP (Temporal Key Integrity Protocol)
• Initialization Vector (IV) is larger and
an encrypted hash
• Every packet gets a unique 128-bit encryption key
Temporal Key Integrity Protocol
- Mixed the keys
- Combines the secret root key with the IV
- Adds a sequence counter
- Prevents replay attacks
- Implements a 64-bit Message Integrity Check
- Protects against tampering
- TKIP has it’s own set of vulnerabilities
- Deprecated in the 802.11-2012 standard
WPA2 and CCMP
- WPA2 certification began in 2004
- AES (Advanced Encryption Standard) replaced RC4
• CCMP (Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol) replaced TKIP
• CCMP block cipher mode
• Uses AES for data confidentiality
• 128-bit key and a 128-bit block size
• Requires additional computing resources
• CCMP security services
• Data confidentiality (AES), authentication,
and access control
Wireless security modes
• Configure the authentication on your wireless
access point / wireless router
- Open System
- No authentication password is required
- WPA2-Personal / WPA2-PSK
- WPA2 with a pre-shared key
- Everyone uses the same 256-bit key
• WPA2-Enterprise / WPA2-802.1X
• Authenticates users individually with an
authentication server (i.e., RADIUS, TACACS+)
• Add additional factors
RADIUS (Remote Authentication Dial-in User Service)
• One of the more common AAA protocols
• Supported on a wide variety of platforms and
devices
• Not just for dial-in
- Centralize authentication for users
- Routers, switches, firewalls
- Server authentication
- Remote VPN access
- 802.1X network access
• RADIUS services available on almost any server operating system
TACACS
• Terminal Access Controller
• Access-Control System
• Remote authentication protocol
• Created to control access to dial-up lines to
ARPANETTACACS+
- The latest version of TACACS
- More authentication requests and response codes
- Released as an open standard in 1993
What are the characteristic features of RADIUS?
Primarily used for network access
Combines authentication and authorization
Encrypts only the password in the access-request packe
What are the characteristics of TACACS+?
Encrypts the entire payload of the access-request packet
Primarily used for device administration
Separates authentication and authorization
-
Basic Linux Commands25
-
Microsoft Command Line Tool21
-
The Windows Control Panel20
-
Linux Tools5
-
Disk Management17
-
System Configuration8
-
Windows Administrative Tools13
-
macOS Tools/Features20
-
Windows Networking13
-
File systems6
-
Task Manager7
-
Security23
-
Wireless Security10
-
Types of Malware14
-
Anti-Malware Tools7
-
Social Engineering Attacks8
-
Threats & Vulnerabilities14
-
Windows Security Settings15
-
Securing Mobile Devices14
-
Securing a SOHO Network14
-
Troubleshooting Windows26
-
Disaster Recovery9
-
Documentation Best Practices10
-
Change Management8
-
Managing Electrostatic Discharge/Safety Procedures6
-
Environmental Impacts3
-
Privacy, Licensing, and Policies8
