Wireless Security Settings

(OBJ . )

Wireless Security Settings

• Crucial for securing wireless networks due to increasing usage
• See Wireless LAN Security

Wireless Encryption

• Wireless encryption is essential for data confidentiality in wireless networks

WEP (Wired Equivalent Privacy)

• Introduced in 1999 as part of IEEE 802.11
• Utilizes a static encryption key system
• Considered insecure due to its weak 24-bit initialization vector

WPA (Wi-Fi Protected Access)

• Introduced in 2003 as an improvement over WEP
• Implemented TKIP for dynamic key generation
• Inherited some vulnerabilities from WEP
• Due to TKIP vulnerabilities, it was susceptible to cryptographic attacks
• Insecure due to insufficient data integrity checks in the TKIP implementation

WPA2 (Wi-Fi Protected Access 2)

• Introduced in 2004, replacing WPA.
• Uses AES protocol and CCMP protocol for stronger encryption
  • AES - Advanced Encryption Standard
  • CCMP - Counter Cipher Mode with Block Chaining Message Authentication Code
• Introduced Message Integrity Code (MIC) for integrity checking

WPA3 (Wi-Fi Protected Access 3)

• The latest and most secure wireless security protocol.
• Uses AES for encryption and introduces new features.
• Features
  • Simultaneous Authentication of Equals (SAE)
    • Replaces the 4-way handshake with a Diffie-Hellman key agreement
    • Protects against offline dictionary attacks
  • Enhanced Open (Opportunistic Wireless Encryption)
    • Provides individualized data encryption even in open networks
    • Improves privacy and security in open Wi-Fi scenarios
  • Updated Cryptographic Protocols
    • AES GCMP replaces AES CCMP used in WPA2
    • Supports both 128-bit and 192-bit AES for enhanced security
  • Management Frame Protection
    • Ensures the integrity of network management traffic
    • Prevents eavesdropping, forging, and tampering with management frames

AAA Protocols

• Important for centralized user authentication and access control
• Examples
  • RADIUS (Remote Authentication Dial-In User Service)
    • Offers Authentication, Authorization, and Accounting services
    • Widely used for secure access to network resources
  • TACACS+ (Terminal Access Controller Access-Control System Plus)
    • Separates Authentication, Authorization, and Accounting functions
    • More granular control
    • Encrypts the authentication process using TCP for enhanced security

Authentication Protocols

• Used to verify user identity and control network access

• EAP (Extensible Authentication Protocol)

  • Authentication framework supporting multiple methods
  • Provides common functions and negotiation of authentication protocols

• PEAP (Protected Extensible Authentication Protocol)

  • Encapsulates EAP within an encrypted TLS tunnel
  • Developed jointly by Cisco Systems, Microsoft, and RSA Security

• EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)

  • Extends TLS support across platforms
  • Requires server-side certificates for security

• EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)

  • Developed by Cisco Systems for secure re-authentication
  • Uses a Protected Access Credential and TLS tunnel

For more about EAP see Port Security#EAP (Extensible Authentication Protocol)