The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including CWSP-206: CWSP Certified Wireless Security Professional Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Module 01 - WLAN Security Overview

18. 802.11i and WPA Part1

Now, when we started off with the 811I in 2004, it defined a stronger encryption and authentication method as a part of the definition of the RSN, the robust security network. So what we're going to see is that we've started working with better encryption. In other words, we started using the advanced encryption standard AES instead of the RC4 cypher that we had with Web; it defined things like counter mode with cipher and the blockchaining message authentication code protocol. I'm glad I don't have to say that every time I CCMP. And it also added some additional encryption options, like the Temporal Key Integrity Protocol, or TKIP. And again, you're saying, well, why don't you tell me more about those? I will as we continue to move on through our course.

19. 802.11i and WPA Part2

Now, the other enhancements that came with 8211I were things like what we call "port-based authentication," eight two one X. Now, take note of what I just said: 821 or 821 dot 1 is not the same as 8211. The IEEE standard for 8211 deals with bridging or switching. So that's why I call it port-based authentication. But we can take that standard and use it because, if you think about it, we are still at an access layer if you want to think of your access point as a port. And we can apply that so that you cannot even make an association without having some sort of authentication proving who you are again. We also started using better communication protocols to exchange credentials through the extensible authentication protocol that we call EAPP. And of course, that still had a standard for the use of preshard keys, which we should often call the PSK. Again, we're going to talk more about how we can create dynamic keys. So with that, the 800 and 211 I 2007 standards created the enterprise solution where we were using it, and this is the big thing: we were using port-based authentication (802.1x) and the extensible authentication protocol (EAP) to be able to take care of the secure communications between the authentication server and the access point and the end user or the station. And that was also asking the user to prove who they were or to make the machine prove who they were. Again, we'll get into more details as we're going through, but we often refer to that as WPA too.

20. 802.11i and WPA Part3

Well, normally we don't like to look at charts and tables, but let's just kind of take a look at some of the different standards and what the Wi-Fi Alliance is going to try to certify us for and the types of authentication and encryption. And most of this we're going to really see in more detail, like I said more detail legacy.when we had a kind of bad feeling about it being safe. We had an open system, meaning open authentication. You didn't need to know anything other than the SSID of the wireless network. If we did have encryption, it was Web that used the Rivest cipher, version 4, or the RC4 cipher. And the keys were static. If you were using Web, you had to type them in for each client. Then, of course, we began to transition into the WPA Personal. Remember, our goal was to have something better than the Web. But as we were still trying to ratify and come to grips with what WPA Two was going to be, again, we had better keys anyway; with passphrases or preshared keys, they had both the RC4 and the temporal key that could be used. Key generation could also be dynamic, which was great because that's one way of making it harder for people to decrypt your traffic by using the same key; over time, they're going to figure out what it is. We also have the WPA Enterprise, which was using port-based authentication. As I said again, TCP and RC four dynamic keys. Then when we got to the 8112007, we had two versions there. We talked about personal enterprise, which is great for home use. Passphrases, probably most of you have that now if youget your access point from your service provider, generally speaking,they have the past phrase sitting on the box somewhere,but as long as they don't break into your home,I guess they won't know what it is.mandatory use of CCMP, which is part of what we use with AES. Optionally, we could use the TKIP as an addon, by the way, to the encryption, or we could do it down to RC Four.And I don't want to say anything about RC Four. I mean, it's a good encryption algorithm, just not as strong or as flexible for growth as AES. And for the enterprise right there, we went into the authentication again: CCMP, AES, mandatory dynamic keys, and the options again of adding the temporary key or going down to RC4.

21. RSN (Robust Security Network)

So the idea of going through the 811 eye was to create what we call the RSN. So, one last time. the robust security network. From now on, I'll just call it the RSN. And also the associations. The Rs and the Robust Security Network Association That's the two stations that have to have a procedure to be able to authenticate and associate with each other's.Now, the nice thing about that is that it defines a method for us to be able to create dynamic keys. Remember, I think the dynamic keys are great because every time we make a new connection, we have a different key. So over time, one of the easiest ways to break into encryption is to keep the same key. Now, we'll go over the four-way handshake that occurs in order to generate these dynamic keys later on. And so you might be sitting there saying, "Okay, you keep mentioning this. We will get more detail, I promise you."

22. Future of 802.11 Security Part1

Now, of course, the future of 8 or 211 security sounds like the past, even though you might say, "Okay, well, come on, 8 or 211 R 2008 sound like the past." There are still more advancements that we're going to see coming up in the future. But it was about things that we called the fast basic service set transition. It was an amendment to the 811 standard to be able to permit what we call continuous connectivity aboard a wireless device in motion. And that's important because one of the things that we really see in an enterprise is that a person may literally be taking a tablet and having to bounce from one access point to another. And we want to have fast and secure handoffs from one of those stations to the other and do that in a seamless manner. I mean, if you just think about today's world's large restaurants, you see your waiters and waitresses holding some sort of handheld device, putting in your order, and doing everything else. So they are being more efficient. But if they have to roam through a large restaurant, they may be bouncing off of different access points, as one example. Anyway. Now, most of this is going to be done through a wireless land controller. We often call it mobility, and we'll talk about that when we get into the ideas of that centralised control. But basically the idea is that all of the outlying access points are going to talk to the same wireless LAN controller. And so when you move from one access pointto another one and the reports that you've movedthe wireless LAN controller can make sure that youkeep all of the same network settings that youhad before and recognise your device. You don't have to basically have a hard handoff, which means that you normally have to reenter usernames passwords and all that sort of stuff. So again, that's called the mobile solution or mobility.