A plus 1002 Sub-objective 2.3 – Compare and contrast wireless security protocols and authentication methods.

Welcome to ExamNotes for CertBlaster! This edition will examine the topics covered in A plus 1002 sub-objective 2.3 which discuss security and authentication in the wireless environment. Have fun!

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Protocols and encryption

Wireless signals are un-secure by their very nature. Wireless signals can be intercepted and read by any third party. Packets can be grabbed out of thin air without requiring to be logged on to the network. Unencrypted Wi-Fi sessions are the physical equivalent of someone sitting beside you observing while you read and type. Even the weakest encryption is better than none. It’s important to understand that the encryption process consumes resources on the devices and the transmission itself, referred to as overhead.

In this edition, we will look at the encryption protocols covered in the objectives as well as how they can be used together in order to create hardened communications that are less likely to be decoded. Wireless encryption is configured on the router used to access the Internet. All wirelessly connected devices use the same encryption method as they won’t understand the connection process. Encryption uses a unique key that is variable in length and subject to frequent changes, in order to keep them secure. Here are the various encryption protocols.

WEP

Wired Equivalent Protocol (WEP) was considered the “go to” encryption method in the early days of wireless networking as it offered the equivalent security of a hard-wired connection. WEP is now considered less than secure due to the sophistication of wireless eavesdropping and the fact that the key is static and never changes, making it easily shareable.

WPA

Wi-Fi Protected Access (WPA) encryption offers constantly changing keys with a stronger encryption method. WPA was the best encryption protocol at the time and is considered an upgrade for WEP. Also called the Temporal Key Integrity Protocol (TKIP), WPA generates changing keys and is used in conjunction with other encryption protocols in order to harden them as you will see.

WPA2

Wi-Fi Protected Access 2 (WPA2) is the best protection method available at the time of this writing and is based on the Advanced Encryption Standard (AES), the Government standard for encryption of classified communication and documentation. In order to display the Wi-Fi logo, WPA2 (AES) support is mandatory. WPA2 is often used with a Pre-Shared Key (PSK) which is generally the router passphrase.

TKIP

The replacement for WEP, the Temporal Key Integrity Protocol (TKIP) generates frequently changing authentication keys which add an additional layer of security.

AES

All wireless devices manufactured since 2006 must support Advanced Encryption Standard (AES) in order to be allowed to use the Wi-Fi logo. AES improves the method used by TKIP in order to generate encryption keys.

When setting up a wireless “n” router, it is important to know the devices that will be accessing it. For example, setting a router to WPA (TKIP) mode for backward compatibility to 802.11b/g/n will slow the router down dramatically.

To summarize: The strongest and fastest encryption you can use is WPA2 (AES).

Authentication

Single-factor

There are several ways that users can be authenticated on the system. The simplest method is single-factor authentication which is widely used and can be as simple as a password or PIN. Other single-factor authentication methods are one-time passwords (OTP) that use random codes generated by a synchronized key fob or mobile device. ID badges are also used in single-factor authentication.

Multifactor

Multifactor authentication requires two or more independent authentication methods. In multifactor authentication, any two or more of the following can be used together as needed: ID Badge, Password/PIN, OTP, or biometric data. An example of multifactor authentication is a fingerprint and a PIN. The greater the need for increased security, the more authentication methods that should be used.

RADIUS

Remote Access Dial-In User Service (RADIUS) provides centralized Authentication, Authorization, and Accounting (AAA) management for users connecting to network resources and services.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

TACACS

Terminal Access Controller Access-Control System (TACACS) is a group of protocols for handling remote authentication and services through a centralized server. You may find that the objectives refer to TACACS as TACACS+ which is a newer version and supports AAA services. However, TACAS and TACAS+ are separate protocols. This completes the coverage for objective 2.3! Good luck on the test!