Term
|
Definition
Authentication Method which requires that clients provide a MAC address in order to connect to the wireless network.
• You can use to allow any wireless client to connect to the access point. Open authentication is typically used on public networks.
• You can implement MAC address filtering to restrict access to the access point to only known (or allowed) MAC addresses. Because MAC addresses are easily spoofed, this provides little practical security. |
|
|
Term
|
Definition
Authentication Method where clients and access points are configured with a shared key (called a secret or a passphrase). Only devices with the correct shared key can connect to the wireless network.
• all access points and all clients use the same authentication key.
• Use this authentication method on small, private networks.
• is relatively insecure as hashing methods used to protect the key can be easily broken.
|
|
|
Term
|
Definition
Authentication Method that uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Originally designed for Ethernet networks, its standards have been adapted for use in wireless networks to provide secure authentication. It requires the following components:
• A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information.
• A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate.
Use on large, private networks. Users authenticate with unique usernames and passwords.
|
|
|
Term
| Wired Equivalent Privacy (WEP) |
|
Definition
This security standard was designed to provide wireless connections with the same security as wired connections. It the following weaknesses:
• Static Pre-shared Keys (PSK) are configured on the access point and the client and cannot be dynamically changed or exchanged without administration. As a result, every host on large networks usually uses the same key.
• Because it doesn't change, the key can be captured and easily broken. The key values are short, making it easy to predict.
Note: When using this standard, use open authentication. Using shared key authentication uses the key that is used for encryption for authentication as well. This use exposes the key to additional attacks, making this standard more susceptible to being compromised. |
|
|
Term
| Wi-Fi Protected Access (WPA) |
|
Definition
This Security Standard is the implementation name for wireless security based on initial 802.11i drafts and was deployed in 2003. It was intended as an intermediate measure to take the place of WEP while a fully secured system (802.11i) was prepared.
This Standard:
• Uses TKIP for encryption.
• Supports both Pre-shared Key (referred to as &*&-PSK or &*& Personal) and 802.1x (referred to as &*& Enterprise) authentication.
• Can use dynamic keys or pre-shared keys.
• Can typically be implemented in WEP-capable devices through a software/firmware update. |
|
|
Term
| Wi-Fi Protected Access 2 (WPA2) or 802.11i |
|
Definition
This Security Standard is the implementation name for wireless security that adheres to the 802.11i specifications and was deployed in 2005. It is built upon the idea of Robust Secure Networks (RSN). Like its predecesor, it resolves the weaknesses inherent in WEP, and is intended to eventually replace both WEP and its predecesor.
This Standard:
• Uses Advanced Encryption Standard (AES) as the encryption method. It is similar to and more secure than TKIP, but requires special hardware for performing encryption.
• Supports both Pre-shared Key (referred to as &*&-PSK or WPA2 Personal) and 802.1x (referred to as &*& Enterprise) authentication.
• Can use dynamic keys or pre-shared keys.
Note: This standard has the same advantages over WEP as its predecesor. While more secure than its predecesor, its main disadvantage is that it requires new hardware for implementation. |
|
|
