Weak encryption.
Uses small Initialization Vector (IV) which is static and does not change.
Uses 64-bit and 128-bit keys sizes.
Uses the RC4 stream cipher for data encryption.
Provides a 24-bit Cyclic Redundancy Checksum (CRC) for integrity checking.
WPA is the replacement for the vulnerable WEP wireless security standard.
WPA uses the RC4 cipher with the Temporal Key Integrity Protocol (TKIP) for data encryption.
WPA also uses a 128-bit key for data encryption.
Uses a secret key with the Initialization Vector (IV).
Encrypts each packet with a unique key.
Provides a 48-bit Checksum.
A benefit of using TKIP is the protocol inserts a sequence counter on each message to prevent a hacker from performing a replay attack on the wireless network.
Currently used on most wireless networks today.
Uses the Advanced Encryption Standard (AES) algorithm for data encryption.
WPA2 also uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).
Implemented in AES for data encryption.
Uses a 128-bit key for encryption of 128-bit blocks of data.
Provides strong data security on wireless networks.
Uses Simultaneous Authentication of Equals (SAE).
SAE-Personal - Uses 128-bit key.
SAE-Enterprise - Uses 192-bit key.
Extensible Authentication Protocol
This is a framework rather than a protocol for wireless security
This is a type of EAP.
EAP Flexible Authentication via Secure Tunneling
This version of EAP was developed by Cisco as a replacement for the Lightweight EAP (LEAP) version which was used in WEP.
EAP over Transport Layer Security
Providers stronger security on a network
Protected EAP
This version of EAP encapsulated EAP messages inside a Transport Layer Security (TLS) tunnel.
EAP Tunneled Transport Layer Security
This version of EAP supports TLS tunnel
Network Access Control (NAC)
Provides authentication for accessing a wired network.
Used with AAA, RADIUS and TACACS+
Contains 3 components: Supplicant, Authenticator and Authentication Server.
This allows more than one organization to share a single RADIUS server for authentication.
Someone from one organization can authenticate to a network owned by another organization using their same credentials.
Allows you to configure a password or passphrase to access the wireless network
With PSK, all authorized users will know and share the same key for the network.
This options allows the wireless router or Access Point to act as an Authenticator to an Authentication Server.
Each user credentials are stored on the Authentication Server.
The Authentication Server can be either RADIUS or TACACS+.
No authentication
No encryption
Anyone can connect to the network
Wi-Fi Protected Setup
Eliminates the need for a passphrase on network.
Provides an easy way to authenticate to a wireless network.
Uses an 8 digit pin to access the network.
Contains a known security vulnerability which allows an attack to retrieve the WPS Pin.
This is a web portal which prompts the user to provide user credentials
Commonly found at hotels, coffee shops, etc.
Site surveys
Heat maps
WiFi analyzers
Channel overlaps
Wireless access point
(WAP) placement
Controller and access point security