Wireless LAN Security
Security Set Identifier (SSID)
- Original from of network security
- Must known SSID to join the network
- Many manufacturers broadcast the SSID
Wired Equivalent Privacy (WEP)
- Hurried attempt to secure wireless communications
- Developed without cryptographic key review
- Key to join the network also used to protect data
- Anytime you ever do something, you take that an encrypt it with the same key
- The key was static, never changes, it was really easy to collect a lot of data, take many many packets, and analyze them in some way we can crack the key and break in.
- Key never changes
- Utilize the RC4 encryption protocol
- Numerous attacks
- No fix in sight
Wifi Protected Access (WPA)
- They were developing 802.11i
- An attempt to enhance security
- A specification to how to do secure wireless
- Pulled from working draft
- Temporary update while waiting for 802.11i
- Solved some of WEP's issues
- Still suffered from attacks early on
- Temporary solution
- WPA still uses the RC4 cipher but adds a mechanism called Temporal Key Integrity Protocol (TKIP) to fix the issues with key generation.
WPA2-PSK (personal) Order of operations
- WPA2-Pre-shared Keys
- Data being encrypted
- Temporal key is gonna be used to protect our data.
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250221162223.png)
WPA2-Enterprise Order of Operations
- We got a device that wants to get on the network
- Heres is my username and password
- We got an authenticator that the only thing that wants from the supplicant is 802.1x communication
- Specifically the EAP, Extensional Authentication Protocol
- Then we got Active Directory
- The Authenticator takes the EAP and sends it to AD using RADIUS.
- If AD determines the user has the right username and password, then it will send additional Authorization information
- Authorization is what you are allowed to do
- It was what is called RADIUS AV (Attribute Value) pairs
- It comes back with the appropriate profile of what you are allowed to do.
- Authorization is what you are allowed to do
- Then Accounting happens within the server (keeps track of logs)
/CAP/Network+/Visual%20Aids/Pasted%20image%2020250221162755.png)
Network Policy Server
- A feature pack that you can turn on on a Microsoft server
- NPS attaches a RADIUS process to Active Directory
- If you want to get the network appliances to a users, you can put all of them into AD
- This gives us Single-sing-On (SSO)
- RADIUS + Active Directory is the Network Policy server
Wifi Protected Access 2 (WPA2)
- 802.11i
- Wireless Security Standard
- Pre-shared keys
- Ubiquitous
- Easy
- WPA2-PSK attacks
- Capture Auth Handshake
- You can also perform Brute Force Attacks using a GPU, guessing the password until it works
- Rainbow Tables
- When we take passwords, we never stored them in cleartext, we always want to Hash the password
- Take that password and hash it through a hashing algorithm (MD5, SHA1, SHA256), etc.
- OS, Applications, databases, they should all store passwords using hashing.
- You can take a dictionary, run it through SHA256, and creates an output
- A rainbow table is basically like a spreadsheet of inputs with your passwords and a hash assigned to it.
- You may do a Brute Force attack and look at this list and determine the hashes fro each.
- How big is it?
- Gigabytes
- It depends on the hashing algorithms
- You want to create a Rainbow table for every network that we connect to.
- WPA2 Enterprise mode
WPA2-CCMP vs. WPA2-TKIP
WPA2-CCMP and WPA2-TKIP are both encryption protocols used in WPA2 (Wi-Fi Protected Access 2) for securing wireless networks, but they differ in the encryption algorithms they use:
- WPA2-CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol):
- Uses AES (Advanced Encryption Standard) for encryption, which is much stronger and more secure than TKIP.
- Provides better data protection and is considered more secure, meeting modern security standards.
- Commonly used in most newer Wi-Fi devices and recommended for secure networks.
- WPA2-TKIP (Temporal Key Integrity Protocol):
- Uses RC4 for encryption, which is weaker and has known vulnerabilities.
- Was designed as a temporary solution to replace WEP (Wired Equivalent Privacy) but is now considered outdated.
- Provides weaker security and is generally not recommended for modern networks.
In summary, WPA2-CCMP (AES) offers better security compared to WPA2-TKIP (RC4), and CCMP is the preferred option for secure wireless communication.
Wifi Protected Access 3 (WPA3)
- Latest and greatest
- 128 bit in Personal mode
- 192 bit in Enterprise
- 256 bit supported
- Simultaneous Authentication of Equals
- Similar to Diffie-Hellman exchange
- Leverages PSK & MAC
- Hardware support limited at time of writing
- Certification began June 2018
- Required for WiFi 6 Certification
- If a device has Wifi 6 capability, then it is capable of WPA3.