Wireless Security
TKIP and AES are different ENCRYPTIONS for the Wireless Network. T/F
True
Which of the following wireless security protocols has been discouraged in favor of newer standards due to known vulnerabilities resulting from implementation flaws?
WEP
AES-based encryption mode is a characteristic feature of:
WPA2
WPA2-Enterprise
For Business and Corporate
WPA-Enterprise - authentication how?
Authentication via RADIUS SERVER
PSK function
-Encrypted Passphrase shared btwn two parties for secure communication.
Authentication
who is it?
Which of the following cryptographic algorithms is the least vulnerable to attacks?
AES
WPAWPA2-PSK (TKIP/AES)
Combination -offers Maximum Compatibility w/ Old and New devices -But not good at Security b/c WPA and TKIP are vulnerable to being attacked.
WPA2-AES
This is the best (and default) choice for newer routers that support AES.
Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) are encryption standards designed for securing wireless networks. WEP is an older standard and due to its vulnerabilities is not recommended. WPA was designed as an interim replacement for WEP, and WPA2 was introduced as the official standard offering the strongest security of the three. T/F
True
Which of the following is the best method to secure a small network lacking an authentication server?
WPA2-PSK
RADIUS features
-Combines Authentication and Authorization (computer doesn't care wat the user is allowed to access. Only tracks START, END and intermittend on wat the User did.) -Can be used by User, Administrator -Problem is it does not Tract exactly wat the Admin is allowed to do and wat it did in details. -TACAS+ offers this service from its Server! -Less secure cuz only uses PASSWORD (hash) used to access the network -UDP -For Home use -For Users/Client to access Network
What are the characteristics of TACACS+? (Select 3 answers)
-Encrypts the entire payload of the access-request packet -Primarily used for device administration -Separates authentication and authorization
What are the characteristic features of RADIUS? (Select 3 answers)
-Primarily used for network access -Combines authentication and authorization -Encrypts only the password in the access-request packet
AES (FULL FORM)
Advanced Encryption Standard
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code PROTOCOL!
Open (risky)
No Passphrase. Risky. Anyone can come in to your Network.
WEP 64 (risky)
Old standard but risky.
WEP (encryption protocol)
Oldest and Weakest wireless ENCRYPTION protocol
On most routers we've seen, the options are generally WEP, WPA (TKIP), and WPA2 (AES)—with perhaps a WPA (TKIP) + WPA2 (AES) compatibility mode thrown in for good measure. If you do have an odd sort of router that offers WPA2 in either TKIP or AES flavors, choose AES. Almost all your devices will certainly work with it, and it's faster and more secure. It's an easy choice, as long as you can remember AES is the good one.
Online
So, while WPA2 should be called a certification, it could loosely be called a standard. But, to call it a protocol confuses the meaning of actual protocols - TKIP, CCMP, and EAP - in wifi security.
Online source
A security protocol designed to strengthen WEP implementations is known as:
TKIP
TKIP (full form)
Temporal Key Integrity Protocol
TACAS+ MEANING
Terminal Access Controller - Think "Command Prompt" User? Users w/ Administrator level access. -for ADMINISTRATOR only to access Devices (ROUTER, SWITCHES) plus is updated version security protocol to control and audit the configuration of network devices. *****
TACAS+ (full form)
Terminal Access Controller access control plus
WPA2-PSK (AES)
This is the most secure option. It uses WPA2, the latest Wi-Fi encryption standard, and the latest AES encryption protocol. You should be using this option. On some devices, you'll just see the option "WPA2" or "WPA2-PSK." If you do, it will probably just use AES, as that's a common-sense choice.
WPA2-PSK (TKIP)
This uses the modern WPA2 standard with older TKIP encryption. This isn't secure, and is only a good idea if you have older devices that can't connect to a WPA2-PSK (AES) network.
WHY was RADIUS and TACAS+ made?
To implement the principle of AAA (Authentication, Authorization, and Accounting)
AES is better than TKIP and WEP, its the current standard. However, it is NOT perfect, Brute-Force Attack can impale AES. T/F
True
WPA2 also introduces CCMP. T/F
True
WPA2-TKIP, WPA2-AES, or both combination can be used in a Wireless Network. T/F
True
WEP (full form)
Wired Equivalent Privacy
Can WPA2-TKIP work?
YES, The standard is WPA2-AES. But WPA2-TKIP can still work. It's called being BACKWARD-Compatible.! If the device is too Old to connect to AES encryption, use WPA2-TKIP.
WPA2-TKIP
You should only select this option if your devices (router) are too old to connect to the newer AES encryption type
WPA2-PSK
for Home and Personal use
RADIUS- meaning
for Remote users/client to connect to Corporate Network
The Counter Mode component provides data privacy. The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication. The enhanced privacy and security of CCMP compared with TKIP requires additional processing power, often necessitating new or upgraded hardware.
online
Authorization?
wat can you access? -resources -log time
TKIP (Temporal Key Integrity Protocol)
-Replaced WEP ! A security protocol created by the IEEE 802.11i task group to replace WEP.
TACAS+
-Standard for MAJOR companies (Cisco, Netgear, Linkys) -for Device administration to configure the device (router, switch) -TACAS+ server tracks every Administrator on who is allowed to access wat features, type wat commands, and Logs wat the user did. -Therefore, -Separates Authentication, Authorization, and Accounting -More secure (encrypts the Whole data packets like Username, Password, and more) -For Administrator to access ROUTER, SWITCHES -Single port 49 is used to provide encryption and access, it makes easier to Implement TACAS+ and easier for Users to access, Cheaper -SSO (single sign on) - faster for user and easier for TACAS+ to track -TCP connection
WPA-PSK- authentication how?
Authentication thru Passphrase
PSK (full form)
Pre shared Key
RADIUS (full form)
Remote Authentication Dial-In User Service
WPA-PSK (AES)
This uses the original WPA protocol, but replaces TKIP with the more modern AES encryption. It's offered as a stopgap, but devices that support AES will almost always support WPA2, while devices that require WPA will almost never support AES encryption. So, this option makes little sense.
WPA-PSK (TKIP):
This uses the original version of the WPA protocol (essentially WPA1). It has been superseded by WPA2 and isn't secure.
AES was introduced with WPA2 and superseded WPA. T/F
True
AUTHENTICATION is one of the functions provided by RADIUS and TACACS servers. T/F
True
Are the Features of WPA/WPA2 Enterprise -Suitable for large corporate networks -Requires RADIUS authentication server T/F
True
TKIP was introduced with WPA to take over WEP. T/F
True
The short version is that TKIP is an older encryption standard used by the WPA standard. AES is a newer Wi-Fi encryption solution used by the new-and-secure WPA2 standard. T/F
True
There are two versions of WPA2: Personal (for home and office use) and Enterprise (for corporate use) editions.
True
WEP, WPA, WPA2 are all security Algorithms for wireless security. T/F
True
WPA2 certification became available in 2004, ten years ago.
True
WPA2 is really a Standard. It is called a protocol but is really a Standard.
True
Accounting
wat u did? -proof for billing, statistics
WEP 128 (risky):
Larger encryption but still risky.