Wireless Security Settings

Sep 16, 2024

Take quiz

Review flashcards

Wireless Network Security

Security Concerns

  • Wireless Communication Vulnerability: Data is transmitted over the air, making it susceptible to eavesdropping.
  • Unauthorized Access: Ensuring only authorized users connect to the network, typically using authentication methods.
  • Encryption: Default private wireless network configurations encrypt traffic to prevent attackers from reading packets.

Encryption Protocols

  • WPA2:

    • Uses a 4-way handshake during initial connection.
    • Vulnerable to brute force attacks if hash is captured during handshake.
    • Offline brute force attacks can use GPU processing or cloud-based resources.

  • WPA3:

    • Introduced to mitigate WPA2 vulnerabilities, especially brute force attacks.
    • Uses GCMP (Galois/Counter Mode Protocol) for stronger encryption.
    • Introduces SAE (Simultaneous Authentication of Equals) for authentication.
    • Prevents pre-shared key hash from being sent over the network.
    • Each user has a unique session key for better security.

Authentication Methods

  • Pre-shared Key (PSK): Common in home networks; everyone uses the same key.
  • Centralized Authentication (802.1X): Used in corporate environments.
    • Requires username, password, and possibly additional factors.
    • Centralized servers (e.g., RADIUS, LDAP, TACACS) manage authentication.

AAA Framework

  • Identification: Confirming the identity of the user (usually a username).
  • Authentication: Verifying identity with a secret (password).
  • Authorization: Determining access rights for resources.
  • Accounting: Logging session information (time, data usage).

RADIUS Protocol

  • Purpose: Facilitates remote authentication for network access.
  • Usage Scenarios: Logging into routers, servers, VPNs, etc.
  • Devices Support: Widely supported due to long-standing use.

Network Access Control (NAC) - 802.1X

  • Purpose: Prevent unauthorized network access.
  • Applicability: Used in both wired and wireless networks.
  • Components:
    • Supplicant: The user/device trying to access the network.
    • Authenticator: The network device first contacted upon login.
    • Authentication Server: Back-end server verifying credentials.

EAP (Extensible Authentication Protocol)

  • Function: Embeds the authentication process within 802.1X.
  • Flexibility: Customizable by manufacturers for specific needs.
  • Process:
    1. Initial Connection: Supplicant tries to connect.
    2. Authentication Request: Authenticator requests credentials.
    3. Credential Validation: Authentication server approves access.

Wireless network security is crucial for protecting data integrity and preventing unauthorized access. Protocols such as WPA3 and systems like 802.1X and RADIUS provide structured frameworks to ensure secure network environments.