Chapter 11 - 03 - Discuss Different Types of Wireless Network Authentication Methods - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCRed
Tags
Related
- Chapter 11 - 01 - Understand Wireless Network Fundamentals - 01_ocred.pdf
- Wireless Network Fundamentals PDF
- Chapter 11 - 02 - Understand Wireless Network Encryption Mechanisms - 01_ocred.pdf
- Chapter 11 - 02 - Understand Wireless Network Encryption Mechanisms - 03_ocred.pdf
- Chapter 11 - 03 - Discuss Different Types of Wireless Network Authentication Methods - 02_ocred.pdf
- Chapter 11 - 01 - Understand Wireless Network Fundamentals - 01_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Wi-Fi Authentication Methods: Open System...
Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Wi-Fi Authentication Methods: Open System Authentication (((. Any wireless device can be authenticated with the AP, thus allowing the device to transmit data only when its WEP key matches to that of the AP Probe response (security parameters) Q Qrasecieigenuoceeatoyroesisnnsesssnsrnnsesssnassid @ @...... vt 1o v e sy v AR Nz Open system < Opensystem authenticationresponse = [IRINR «+« Acce(;s:)’olnt Modem Clent aEMPUNE g.rerrsirerr Amodationresponse. intemet to connect Wi-Fi Authentication Methods: Shared Key Authentication O The station and AP use the to provide authentication, which means that this key should be and configured manually on both the AP and @ Authenticationrequestsent to AP | o Lo < AP sends challenge text @ Client encrypts challenge. UL S S (( [ )) e................ @ = ess Point (AP) g Switch or Cable _ Acc stamptingto - ()i STy Client Client connectsto network s ‘ internet connect Wi-Fi Authentication Methods Methods used to perform Wi-Fi authentication include open system authentication and shared key authentication. = Open system authentication process: Open system authentication is a null authentication algorithm that does not verify whether it is a user or a machine requesting network access. It uses cleartext transmission to allow the device to Module 11 Page 1449 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security associate with an AP. In the absence of encryption, the device can use the SSID of an available WLAN to gain access to a wireless network. The enabled WEP key on the AP acts as an access control to enter the network. Any user entering the wrong WEP key cannot transmit messages via the AP even if the authentication is successful. The device can only transmit messages when its WEP key matches with the WEP key of the AP. This authentication mechanism does not depend on a RADIUS server on the network. In the open system authentication process, any wireless client that wishes to access a Wi-Fi network sends a request to the wireless AP for authentication. In this process, the station sends an authentication management frame containing the identity of the sending station for authenticating and connecting with the other wireless stations. The AP then returns an authentication frame to confirm access to the requested station and completes the authentication process. Probe request OLaond ) 5 L N ) W 0 Lk thenticati A &4 TR TR muthentication remones... @ """""" —_— T Switch or Cable (B s equest (security parameters) | o Acce(;s;;o-nt Association request (securi rameters, i Mclie Client Association response Internet attempting to Creressrssansinassssnsnsisiiarsssaseesanns connect Figure 11.10: Open system authentication process Advantage o This mechanism can be used with wireless devices that do not support complex authentication algorithms. Disadvantage o There is no way to check whether someone is a genuine client or an attacker. Anyone who knows the SSID can easily access the wireless network. = Shared key authentication process: In this process, each wireless station receives a shared secret key over a secure channel that is distinct from the 802.11 wireless network communication channels. The following steps illustrate the establishment of a network connection using the shared key authentication process: o The station sends an authentication frame to the AP. o The AP sends a challenge text to the station. o The station encrypts the challenge text using its configured 64-bit or 128-bit key and sends the encrypted text to the AP. o The AP uses its configured Wired Equivalent Privacy (WEP) key to decrypt the encrypted text. The AP compares the decrypted text with the original challenge text. If they match, the AP authenticates the station. o The station connects to the network. Module 11 Page 1450 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security The AP can reject the station if the decrypted text does not match the original challenge text; then, the station will be unable to communicate with either the Ethernet network or the 802.11 networks. @ Authentication request sent to AP > D NT N, N VO ¢¥ 1AP sonds VA ad challenge 3 oy S text.... ( I ) AP decrypts challenge text, and if N sosesssnscnse M M N M secccees PN A oforeofers T PP PRGNOB Lol e veenl @ s‘Access 8= o= oy vorey e N] Point (AP) Access Point (AP) Switch or Cable Switch or Cable C|l9|‘]t Cheqt Client connects to network Modem attempting to...@......................................... > Internet connect Figure 11.11: Shared key authentication process Module 11 Page 1451 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Wi-Fi Authentication Process Using a Centralized Authentication Sexver Server 7(@ : o Client requests connection I: Access Point Access Point RADIUS RADIUS Client Forwards the identity to the RADIUS server using the uncontrolled uncontrolled port port > Sends a request to the wireless client via the AP Sends a multicast/global authentication key Sends an encrypted authentication §< encrypted with a per-station unicast session key 9 < key to the AP if the credentials are acceptable Py Wi-Fi Authentication Process Using a Centralized Authentication Server The 802.1X standard provides centralized authentication. For 802.1X authentication to work in a wireless network, the AP must be able to securely identify the traffic from a specific wireless client. In this Wi-Fi authentication process, a centralized authentication server known as Remote Authentication Dial-in User Service (RADIUS) sends authentication keys to both the AP and the clients that attempt to authenticate with the AP. This key enables the AP to identify a particular wireless client. Module 11 Page 1452 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security 17z@ (@ -) w ) client Client §§ o o Client requests Client requests connection connection )_ > Access Access Point Point RADIUS RADIUS § : : Server :.5< AP sends an EAP-Request to determine identity : § :E :e Forwards the identity to the S Hi 9 EAP- EAP-Response Responsa with identity identity >~. RADIUS RADIUS server server using the uncontrolled port > H e ssssssssssssssessssnnssnnsnRntRan. “sssssssess >‘~- ssssssssssssssssnnne..----..-..--..u.-......): E : Sends a request to the wireless client via the AP Sendt : H. specifyingg the authentication authenticati mechanism hanism to be used H :§ Sends aa Sends multicast/global multicast/global authenti hentication key. Sends an Sends an encrypted authentication encrypted authentication : y; A e e e et e 99 encrypted with a per-station unicast session key