Wireless Network Security | CompTIA Network+ N10-007 | 4.3

In this video you are going to learn about the basics of a wireless network such as:  WPA, WPA2, TKIP, CCMP, EAP, & geofencing.

WPA (WiFi Protected Access)

WPA is an encryption standard that replaced WEP (Wired Equivalent Privacy) with the introduction of the 802.11g WiFi standard.  Software & firmware updates were made available by many vendors for the older 802.11b & 802.11a devices to add WPA support.  WPA also uses a pre-shared key (PSK), but unlike WEP, the key can be of varying length (up to 63 ASCII characters, including punctuation), the original key is used as the basis for frequent changes, and it is encrypted using Temporal Key Integrity Protocol (TKIP) encryption.  TKIP has many features that make it stronger than WEP.

Side Note:  In cryptography, a pre-shared key is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

WPA2 (WiFi Protected Access 2)

WPA2 is an improved version of WPA.  WPA2 uses the even stronger Advanced Encryption Standard (AES) encryption technology.  When possible, use WPA2 (also known as WPA/AES) on your wireless network.  If your wireless router/access point has a WPA/WPA2 setting, it can support either type of encryption on the same network.  Use this option if you have devices that support WPA but do not support WPA2.

TKIP (Temporal Key Integrity Protocol)

TKIP is a security protocol used in the IEEE 802.11 wireless networking standard.  TKIP was designed as an interim solution to replace WEP without requiring replacement of legacy software.  This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware.  However, TKIP itself is no longer considered secure, and was deprecated in the 2012 revision of the 802.11 standard.


Counter Mode Cipher Block Chaining Message Authentication Code Protocol is an encryption protocol designed for WLAN products that implements the standards of the IEEE 802.11 standard.  CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP of WPA.  CCMP provides the following security services:[1]

  • Data confidentiality; ensures only authorized parties can access the information
  • Authentication; provides proof of genuineness of the user
  • Access control in conjunction with layer management

Authentication & Authorization

EAP (Extensible Authentication Protocol)

EAP is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.  EAP is used on encrypted networks to provide a secure way to send identifying information to provide network authentication.  It supports various authentication methods, including as token cards, smart cards, certificates, one-time passwords and public key encryption.[2]

  • PEAP (Protected EAP)
    • PEAP authenticates clients using server-side certificates.  It creates a TLS tunnel from the server to the client so the client can be authenticated through that encrypted tunnel.[2]
  • EAP-FAST (Flexible Authentication via Secure Tunneling)
    • EAP-FAST uses a tunnel to provide mutual authentication like PEAP.  EAP-FAST does not have the server authenticate itself with a digital certificate.  Instead, it uses a Protected Access Credential, which creates a one-time provisioning exchange with a shared secret, or PAC key.  The PAC key handles the authentication.[2]
  • EAP-TLS (Transport Layer Security)
    • EAP-TLS provides certificate-based, mutual authentication of the network & the client.  Both the client and the server must have certificates to perform this authentication.  EAP-TLS randomly generates session-based, user-based WEP keys.  These keys secure communications between the AP and the WLAN client.  One disadvantage of EAP-TLS is the server & client side both must manage the certificates.[2]


A geofence is a virtual perimeter for a real-world geographic area.[3]  A geofence could be dynamically generated (as in a radius around a point location) or match a predefined set of boundaries (such as school zones or neighborhood boundaries).  The use of a geofence is called geofencing, and one example of its use involves a location-aware device of a location-based service user entering or exiting a geofence.  This activity could trigger an alert to the device’s user as well as messaging to the geofence operator.  This info, which could contain the location of the device, could be sent to a mobile telephone or an email account.  Examples of geofencing applications include:

  • Child location services that can notify parents if a child leaves a designated area.
  • Location-based messaging for tourist safety & communication.
  • Sending an alert if a vehicle is stolen
  • Used by the human resource department to monitor employees working in special locations especially those doing field work.


  1. Ciampa, M. (2009). Security Guide to Network Security Fundamentals.
  2. Webster, E. Extensible Authentication Protocol (EAP). TechTarget.
  3. Rouse, M. (2016). What is Geo-Fencing? TechTarget.