Wireless Security Protocols & Authentication | CompTIA A+ 220-1002 | 2.3

In this video you will learn about wireless security protocols such as: WEP, WPA, WPA2, WPA3. You will also learn about authentication methods such as: single-factor, multi-factor, RADIUS, & TACACS.

Protocols & Encryption

Standards for wireless encryption:

  • WEP (Wired Equivalent Privacy):  A security algorithm for IEEE 802.11 wireless networks. Its intention was to provide data confidentially comparable to that of a traditional wired network. WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely in use and was often the first security choice presented to users by router configuration tools. However, WEP encryption has aged, and is no longer strong enough to resist attacks from hackers due to its short encryption keys and some of the transmissions for the handshaking process being unencrypted.
  • WPA (WiFi Protected Access) versions:  Designed to replace WEP. Three types of WPA encryption:
    • WPA: Uses TKIP (Temporal Key Integrity Protocol) encryption; provides better encryption than WEP.
    • WPA2: Uses AES (Advanced Encryption Standard) which uses 128-bit blocks & supports variable key lengths of 128, 192, & 256 bits. Allows up to 63 alphanumeric characters (including punctuation & special characters) or 64 hexadecimal characters. Supports the use of RADIUS authentication servers.
    • WPA3: Uses 128-bit encryption (192-bit for enterprise version). Not currently part of the A+ 220-1002 exam objectives.

Temporal Key Integrity Protocol (TKIP) is a security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed as an interim solution to replace WEP without requiring replacement of legacy software. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware. However, TKIP itself is no longer considered secure, and was deprecated in the 2012 revision of the 802.11 standard.

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001 and is considered much more secure than TKIP. AES is based on a design principle known as a substitution-permutation network, and is efficient in both software and hardware.

Authentication

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing’s identity, authentication is the process of verifying that identity. There are four types of authentication methods used for wireless/wired networks:

  • Single-Factor: The traditional user authentication process for accessing computer resources. With single-factor authentication, only one category of credentials is specified, i.e., username and password.
  • Multi-factor (MFA): An electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (factors) to an authentication mechanism.
    • Knowledge: something only the user knows, i.e. username/password
    • Possession: something only the user has, i.e., token
    • Inherence: something only the user is, i.e., fingerprint
  • RADIUS: Remote Authentication Dial-In User Service is a network protocol, operating on ports 1812 & 1813, that provides centralized authentication, authorization, and accounting (Triple A) management for users who connect and use a network service. Users who want access to a network or an online service can contact a RADIUS server and provide a username & password to attempt to gain access. The server would then authenticate or decline access to the network or service.
  • TACACS: Terminal Access Controller Access-Control System refers to a family of related protocols handling protocols remote authentication and related services for networked access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks. A user already authenticated via TACACS into the network was automatically logged into other resources in the system as well. TACACS in its original form is not very secure and has been updated and replaced by TACACS+ which is a proprietary form by Cisco Systems.