Chapter 27

Describe and Configure Wireless Security Protocols

This chapter covers the following official CCNA 200-301 exam topic:

  • Describe WPA, WPA2, and WPA3

Wireless cells seem to be available everywhere today—even on airplanes. We expect that protocols will accommodate strong security, when needed. Fortunately, wireless security has evolved to provide strong and reliable security mechanisms.

This chapter covers the following essential terms and components:

  • WPA

  • WPA2

  • WPA3

  • PSK

Topic: Describe WPA, WPA2, and WPA3

CramSaver

If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!

1. What security technology succeeded WEP as a result of the many vulnerabilities that were being frequently exploited in WEP?

_________

2. What improvement was introduced in WPA in order to provide security on a per-packet basis?

_________

Answers

1. WPA

2. TKIP

WPA was the much-hoped-for answer to the huge security issues presented by WEP. Remember that WEP was the de facto Wi-Fi security approach for many years. Unfortunately, despite its bold name, Wired Equivalent Privacy had major weaknesses.

In more unfortunate news, its replacement technology, WPA (Wi-Fi Protected Access), also had a number of weaknesses. Even though WPA featured much stronger public key encryption (256-bit WPA-PSK), it sadly still contained vulnerabilities it inherited from the WEP standard. Much of the issue stemmed from both protocols using the problematic stream encryption standard RC4. Although RC4 was once considered a strong security mechanism, vulnerabilities developed.

WPA introduced the Temporal Key Integrity Protocol (TKIP), but it was deployed with the idea of maintaining support for older WEP devices. TKIP introduced some powerful feature improvements, such as permitting per-packet security on Wi-Fi communications.

WPA had a very short life span and was superseded by WPA2, which included some much-needed improvements. One of the most notable improvements is the usage of the Advanced Encryption Standard (AES) for encryption. This workhorse encryption protocol is used in many different scenarios today, including protecting data at rest in the cloud.

WPA2 also introduced CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol), which replaced the need for TKIP and eliminated the vulnerabilities related to TKIP as well.

Note

You can still use TKIP with WPA2. Why would you want to? Perhaps you have some WPA-only devices still in the network, or maybe you would like to use TKIP as a fallback in case of issues with CCMP.

Things were going quite well for WPA2 until a major discovery was made. The Key Reinstallation Attack (KRACK) permitted systems to inject themselves into the four-way handshake of WPA2. The attacker could then manipulate the encryption key creation.

Note

It did not take long for the Wi-Fi Alliance to respond with WPA3, with Protected Management Frames (PMF) and the requirement of AES-192. WPA3 also provides brute-force protection, guarding against those attacks targeted toward users with weak passwords.

The use of WPA2 is typically very simple to configure on a wireless access point (AP). Figure 27.1 shows just how simple it is to use the GUI of a wireless AP. Here you can see that I am working with the Basic Settings options for the Wireless Configuration tab.

images

Figure 27.1 Configuring WPA2 in the GUI

CramQuiz

1. What exploit of WPA2 demonstrated vulnerabilities in the four-way handshake process of the security protocol?

Image A. Heartbleed

Image B. ShadowBroker

Image C. KRACK

Image D. EternalBlue

2. What technology can replace TKIP and is found in WPA2?

Image A. CCMP

Image B. SAE

Image C. RC4

Image D. AES

CramQuiz Answers

1. C is correct. The KRACK attack against WPA2 demonstrated how the four-way handshake could be compromised to permit an attacker to manipulate the encryption process.

2. A is correct. WPA2 introduced CCMP, which replaced the need for TKIP.

Notice that this example shows WPA2 being configured in personal mode. In this configuration, you can use a simple Pre-Shared Key method. WPA2 features an enterprise mode that uses even stronger security mechanisms.

Review Questions

1. What method is used with WPA2 in personal mode?

Image A. SAE

Image B. 3DES

Image C. MD5

Image D. PSK

2. If you are running WPA3 in enterprise mode, what is the required version of AES?

Image A. AES-32

Image B. AES-64

Image C. AES-128

Image D. AES-192

Answers to Review Questions

1. D is correct. A Pre-Shared Key (PSK) approach can be configured with WPA2 in personal mode. This is fitting for its ease of configuration.

2. D is correct. WPA3 provides AES-192 as an option in personal mode and as a requirement in enterprise mode.

Additional Resources

WiFi (Wireless) Password Security - WEP, WPA, WPA2, WPS Explained

https://www.youtube.com/watch?v=WZaIfyvERcA

Next-Gen Wi-Fi Security - WPA3 Explained

https://youtu.be/aPoe4WtX2mU

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.184.237