11.5.6 Wireless Encryption and Authentication

Questions and Answers

What does WPA stand for in the context of wireless networking?

Wi-Fi Protocol Access

Wireless Protected Access

Wi-Fi Protected Access (correct)

Wireless Personal Access

Which encryption method is vulnerable and no longer considered secure for modern wireless networks?

AES

RC4

TKIP (correct)

Rijndael

What is the maximum key length that AES can use?

192 bits

256 bits

Both B and C (correct)

128 bits

Which protocol is usually paired with AES for encryption?

CCMP (B)

How does TKIP improve security compared to WEP?

Generates a unique key for each packet (D)

What type of ciphers does AES use for encryption?

Block ciphers (D)

What is the primary purpose of authentication protocols in wireless networks?

To ensure only authorized users connect (A)

Which encryption method was commonly used with WPA and WPA2 standards?

TKIP (A)

What does RADIUS primarily use for sending user credentials to the server?

UDP packets (D)

Which port does RADIUS use for authentication and authorization?

1812 (A)

What is a key difference between TACACS+ and RADIUS?

TACACS+ encrypts all packets (D)

Which of the following functions does Kerberos NOT provide?

Authorization (C), Accounting (D)

What protocol is often used alongside Kerberos to enhance security?

RADIUS (B)

What is the primary role of AAA protocols?

Providing authentication, authorization, and accounting (B)

What does the KDC in Kerberos stand for?

Key Distribution Center (C)

What type of packet does TACACS+ use to send user credentials?

TCP packet (A)

What was the primary goal of developing TACACS+?

To enhance security over RADIUS (B)

Which authentication protocol was developed by MIT?

Kerberos (B)

Study Notes

Wireless Network Security

• TKIP: Older encryption method for WPA and WPA2 networks, designed to improve upon WEP's weaknesses. Uses a unique key for each packet by combining a base key, access point's MAC address, and a packet serial number.
• AES: Currently the strongest and recommended encryption protocol for wireless networks. Uses block ciphers of 128 bits with a key of up to 256 bits in length. Utilizes the Rijndael algorithm and commonly works with CCMP.

Authentication Protocols

• RADIUS: Open-standard protocol for authentication. Uses UDP packets to send credentials for validation to the RADIUS server. Uses port 1812 for authentication/authorization and 1813 for accounting.
• TACACS+: Developed by Cisco, addresses security concerns in RADIUS. Similar functionality but uses TCP packets to port 49 and encrypts all packets. Primarily utilized on Cisco devices.
• Kerberos: Developed by MIT, default authentication protocol for Windows 2000 and newer, a key part of Active Directory. Uses a three-part system: client, authentication server, and KDC. Provides seamless authentication for users and servers but lacks authorization and accounting. Often used with RADIUS or TACACS+ to provide more security.

AAA Protocols

• Authentication, Authorization, and Accounting. RADIUS and TACACS+ are both considered AAA protocols as they provide these three functions.

Description

This quiz covers key concepts in wireless network security, including encryption methods like TKIP and AES, as well as authentication protocols such as RADIUS and TACACS+. Test your knowledge on how these methods help secure wireless communications and the differences between them. Ideal for students and professionals in network security.