3.4 Review Questions
what does wpa2 address?
vulnerabilities found in wep.
what encryption protocol does wpa2 use?
ccmp (counter mode with cbc-mac), which uses aes for strong data encryption.
what are the two methods combined in ccmp?
counter mode (for data privacy) and cbc-mac (for data tampering checks).
what does wpa3 offer compared to wpa2?
even stronger protection.
what encryption protocol does wpa3 use?
gcmp (galois/counter mode protocol).
what does gcmp provide for data?
confidentiality (encryption) and authenticity (integrity).
what are the two essential features of ccmp?
data confidentiality (encryption) and message authentication code (mac) for integrity.
what does data confidentiality (encryption) in ccmp protect?
the actual data.
what does the message authentication code (mac) in ccmp ensure?
that the data hasn’t been tampered with.
what does sae replace in WPA3?
the older pre-shared key (psk) method used in WPA2.
which key exchange method does sae rely on?
diffie-hellman key exchange.
what does sae include that enhances security?
mutual authentication.
what does eap provide in networks?
an authentication framework for various methods.
how does eap ensure user or device access?
by verifying their identity before granting access.
with which standard does eap work seamlessly?
802.1x, which is for port-based network access control.
what does tls ensure for communication?
secure communication by agreeing on cryptographic algorithms, verifying identities, and establishing session keys.
how does peap enhance authentication security?
by encapsulating eap within a secure tls tunnel.
what authentication method does peap use for users?
generic token card (gtc).
what role does the authentication server (as) play in peap?
it uses a digital certificate to ensure secure authentication.
do client devices need their own certificates in peap?
no, they do not.
how is user authentication performed in peap?
through mschapv2, verified against microsoft’s ms-chapv2 databases.
what is the purpose of eap-fast?
to provide secure authentication within wireless networks.
what is used as a shared secret in eap-fast?
a protected access credential (pac).
how does the supplicant receive the pac?
from the authentication server (as).
what role does the tls tunnel play in eap-fast?
it provides a secure channel for user authentication.
what role does the radius server play in eap-fast?
it provides the authentication database and eap-fast services.
what is the primary security feature of eap-tls?
robust security for user authentication.
what is required on both the authentication server and client devices in eap-tls?
digital certificates.
why is a public key infrastructure (pki) needed for eap-tls?
to manage and validate the certificates.
what must be deployed to all wireless clients in eap-tls?
certificates.
how does eap-tls ensure secure communication?
by establishing a tls tunnel after mutual authentication.
what does eap-ttls allow to operate within a TLS tunnel?
other authentication protocols.
what does the TLS tunnel provide in eap-ttls?
a secure channel for authentication.
what are the certificate requirements for eap-ttls?
a digital certificate on the authentication server but not on every device.
what flexibility does eap-ttls offer in authentication methods?
any authentication method can be used within the TLS tunnel.
what does IEEE 802.1X ensure?
secure access to a network.
at what level does IEEE 802.1X operate?
port level (such as Ethernet switch ports or wireless access points).
what happens to a device until it successfully authenticates?
it is denied access to the network.
what must a device do to gain network access?
authenticate itself.
which access databases are used in conjunction with IEEE 802.1X?
RADIUS, LDAP, and TACACS+.
what does RADIUS Federation allow?
linking a user’s identity across multiple authentication systems.
what authentication methods are used in RADIUS Federation?
802.1X and EAP.
can members of one organization authenticate on another’s network?
yes, using their normal credentials.
where is pre-shared key (psk) authentication commonly used?
Commonly used in home networks and small businesses.
how does pre-shared key (PSK) authentication work?
the network administrator configures a shared secret (PSK) on both the access point (AP) and client devices.
when a client wants to connect, it provides the PSK during the initial handshake.
the AP verifies the PSK, and if it matches, the client gains access.
what does wi-fi protected setup (wps) simplify?
simplifies the process of connecting a mobile device (like a smartphone or tablet) to a wi-fi network.
how can a mobile device connect to a wi-fi network using wps?
pin configured on access point must be entered on the mobile device.
push a button on the access point.
near-field communication (nfc): bring the mobile device close to the access point.
what does a captive portal serve as?
serves as a gateway to a network.
what does a captive portal ensure?
ensures only validated users can access the network.
what must the end user do to gain access through a captive portal?
end user must put in their username and password to gain access to the business venue’s wireless network.
what does channel overlays refer to?
refers to the co-existence of multiple wireless networks operating on overlapping channels.
when does channel overlay occur?
occurs when multiple client devices and access points (APs) share the same channel.
what happens when multiple networks share the same channel?
these situations compete for opportunities to transmit, potentially causing collisions.
what is a wireless controller?
is a specialized networking device or application that manages wireless network access points (APs).
what does a wireless controller manage?
manages system configuration and performance of wireless access points.
how should you secure wireless controllers?
control access to the management console, use strong encryption with HTTPS, and enable automatic logout after no activity.
how should you secure access points?
use strong passwords and update to the latest firmware.