Cisco® CCNA Exam Cram Notes :Wireless Security Protocols

VIII. Security Fundamentals

12. Wireless Security Protocols

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are three security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. WPA3 is the strongest and recently released.

Wired Equivalent Privacy (WEP): WEP stands for Wired Equivalent Privacy. The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken. The key features of the protocol are given below:

  • WEP uses the RC4 cipher algorithm to make every wireless data frame private and hidden from eavesdroppers.

  • The same algorithm encrypts data at the sender and decrypts it at the receiver.

  • The algorithm uses a string of bits as a key, commonly called a WEP key, to derive other encryption keys- one per wireless frame.

  • As long as the sender and receiver have an identical key, one can decrypt what the other encrypts.

  • WEP is known as a shared-key security method. The same key must be shared between the sender and receiver ahead of time, so that each can derive other mutually agreeable encryption keys.

  • In fact, every potential client and AP must share the same key ahead of time so that any client can associate with the AP.

  • WEP keys can be either 40 or 104 bits long, represented by a string of 10 or 26 hex digits.

  • Both WEP encryption and WEP shared-key authentication are widely considered to be weak methods to secure a wireless LAN.

Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11i wireless security standard was being developed. Most current WPA implementations use a preshared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP, pronounced tee-kip) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates.

Wi-Fi Protected Access version 2 (WPA2): Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption. The security provided by AES is sufficient (and approved) for use by the U.S. government to encrypt information classified as top secret - it’s probably good enough to protect the secrets as well.

WPA3 [Wi-Fi Protected Access III]: WPA3 is relatively new, this new protocol brings better encryption on the public networks, apparently preventing hackers from harvesting your data for their good. WPA3 is a new WFA security standard for personal and enterprise networks. It aims to improve overall Wi-Fi security by using modern security algorithms and stronger cipher suites. WPA3 has two parts:

1. WPA3-Personal:Uses simultaneous authentication of equals (SAE) instead of pre-shared key (PSK), providing users with stronger security protections against attacks such as offline dictionary attacks, key recovery, and message forging.

2. WPA3-Enterprise: Offers stronger authentication and link-layer encryption methods, and an optional 192-bit security mode for sensitive security environments.

Following table summarizes the basic differences between WPA, WPA2, and WPA3

Authentication and Encryption Feature support WPA WPA2 WPA3
Authentication with Pre-Shared Keys Yes Yes Yes
Authentication with 802.1x Yes Yes Yes
Encryption and MIC with TKIP Yes No No
Encryption and MIC with AES and CCMP Yes Yes No
Encryption and MIC with AES and GCMP No No Yes

Previous    Contents    Next

CCNA Cram Notes Contents
certexams ad

simulationexams ad