Network+ and Wireless Encryption

Posted by in Network+ | 0 comments

If you’re preparing for the Network+ exam, you probably realize that a good chunk of it covers wireless topics including wireless encryption. More specifically, two specific objectives address wireless encryption directly:

  • 2.4 Given a scenario, troubleshoot common wireless problems. (This objective includes “Encryption type”.)
  • 5.1 Given a scenario, implement appropriate wireless security measures. (This objective includes “Encryption protocols: WEP, WPA, WPA2, and WPA Enterprise”.)

Network+ Practice Test Questions

Here are a couple of practice test questions you can use to check your knowledge:

Q1. Of the following choices, what provides the most security for a wireless network?
A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q2. Of the following choices, what provides the most security for a wireless network that doesn’t have access to a RADIUS server?

A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q3. Attackers have recently hacked into a small business owner’s wireless network and you are asked to help him secure it. Of the following choices, what provides the best security?

A. WEP
B. WPA
C. Disabling SSID broadcast
D. Selecting alternate channels

Over 275 realistic practice test questions available in the
CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead) Kindle book.
Only $9.99 . Free Kindle apps available for any platform.

WEP

Wired Equivalent Privacy (WEP) was the original security protocol used to secure wireless networks. As the name implies, the goal was to provide the same level of privacy and security within a wireless network as you’d have in a wired network. Unfortunately, WEP has significant vulnerabilities, and attackers have many tools they can use to break into WEP-protected networks. WEP was officially deprecated in 2004 and is not recommended for use. WPA was identified as an interim replacement and WPA2 is a permanent replacement.

WEP uses a key that is similar to a password or passphrase. Each device in the wireless network is configured with same key.

WPA

Wi-Fi Protected Access (WPA) was an intermediate replacement for WEP. It provided a significant increase in security over WEP without requiring users to upgrade their hardware. WPA was never meant to be a permanent replacement for WEP, but instead was intended to provide a temporary replacement while developers created a permanent solution with WPA2.

WPA originally used a stream encryption technique with Temporal Key Integrity Protocol (TKIP). TKIP provides several improvements for WPA over WEP. A benefit of WPA with TKIP is that it can be used on the same hardware used by WEP. It requires different software or firmware upgrades, but the hardware doesn’t need to be replaced. Unfortunately, WPA with TKIP was ultimately cracked too.

Later, WPA was modified so that it could use Advanced Encryption Standard (AES) instead of TKIP. AES is a very strong and efficient encryption algorithm and it is recommended for use in many implementations. Several people have been successful at cracking WPA with TKIP, so whenever possible, it’s best to upgrade WPA to WPA2, or at least use WPA with AES instead of TKIP.

WPA (also known as WPA Personal) uses a password or passphrase sometimes referred to as a pre-shared key (PSK). All devices in the wireless network must be configured with the same PSK.

WPA2

Hardware in most systems today supports Wi-Fi Protected Access v2 (WPA2). It is the permanent replacement for WEP and WPA but it is not supported on legacy hardware designed for WEP. WPA2 (also known as IEEE 802.11i) uses stronger cryptography than both WEP and WPA and the Wi-Fi Alliance requires all devices carrying its WI-FI CERTIFIED logo to meet WPA2 standards.

Just as WPA uses a PSK, WPA2 uses a PSK and all devices in the wireless network need to have the same PSK. When a PSK is used with WPA2 it is known as WPA2 Personal.

Join the conversation and get more free practice test questions on
The Get Certified Get Ahead Facebook Page

Personal and Enterprise Modes

Both WPA and WPA2 operate in either Personal or Enterprise modes. Most home and small business networks use Personal mode while some larger organizations use Enterprise mode.

As mentioned previously, Personal mode uses a passphrase or PSK and is rather simple to implement. You enter the PSK on the WAP and enter the same PSK on each of the wireless devices in the network. In this way, anyone with the PSK can access the wireless network. WPA-PSK or WPA2-PSK both indicate Personal mode.

Enterprise mode provides additional security by adding an authentication server and requiring each user to authenticate through this server. Authentication requires all users to prove their identities and a common way authentication is accomplished is with a username and password.

The authentication server is a separate RADIUS server or an 802.1x server which is configured separately from the access point. After the RADIUS server is configured, you can configure the access point to use Enterprise mode and include details related to the RADIUS server. You’ll commonly enter the IP address of the RADIUS server, the port it is using, and a shared secret that has been preconfigured on the RADIUS server.

Once Enterprise mode is configured properly, users will be challenged to authenticate before they are granted access to the wireless network. The user’s credentials are passed to the RADIUS server and the RADIUS server has access to a database of the user’s credentials used for comparison. If the user provides the correct credentials, the user is granted access. If the credentials are incorrect, the user is blocked from accessing the wireless network.

Enterprise mode is more advanced than most home networks need but many larger organizations use it. It prevents anonymous access to a network and is effective at liming unauthorized access. Similarly, some hotels use pay-as-you-go Wi-Fi access. For example, many hotels provide wireless access for $20 per day. When you attempt to access the wireless network you are challenged to enter a username and password. This is often as simple as entering your room number and your last name. The RADIUS checks the database to verify your room number is associated with your last name and you are granted access.

It’s important to recognize that Enterprise mode provides the strongest level of security for a wireless network. A combination of both a security protocol such as WPA2 and an authentication server significantly reduces the chance of unauthorized personnel accessing a wireless network. Even WPA Enterprise using AES provides stronger security than WPA2 Personal using only a PSK.

Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

Answer to Practice Test Question 1

Q1. Of the following choices, what provides the most security for a wireless network?

A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q1 Answer. D is correct.

Wi-Fi Protected Access v2 (WPA2) Enterprise mode provides greatest amount of security for a wireless network. It adds in an authentication server such as a Remote Authentication Dial-in User Service (RADIUS) server.

WEP provides the least amount of security for a wireless network and is not recommended for use. WEP was temporarily replaced with WPA and WPA2 which provide progressively more security.

WPA and WPA2 are also known as WPA Personal and WPA2 Personal and each use a preshared key or passphrase instead of an authentication server.

Answer to Practice Test Question 2

Q2. Of the following choices, what provides the most security for a wireless network that doesn’t have access to a RADIUS server?

A. WEP
B. WPA
C. WPA2
D. WPA2 Enterprise

Q2 Answer. C is correct.

Wi-Fi Protected Access v2 (WPA2) provides the most security when compared to WEP and WPA.

If a Remote Authentication Dial-in User Service (RADIUS) server was used, you could implement WPA2 Enterprise mode which is even stronger but the question states that a RADIUS server is not available.

Answer to Practice Test Question 3

Q3. Attackers have recently hacked into a small business owner’s wireless network and you are asked to help him secure it. Of the following choices, what provides the best security?

A. WEP
B. WPA
C. Disabling SSID broadcast
D. Selecting alternate channels

Q3 Answer. B is correct.

Wi-Fi Protected Access (WPA) provides the best security of the given choices and WPA2 (not a possible choice) is even better.

WEP is cracked and not recommended for use.

Disabling SSID broadcast hides the wireless network and provides minimal security because attackers can still detect the SSID with a wireless sniffer.

Selecting an alternate channel is effective if there is interference but it doesn’t add to security.

Here are some links to more resources to help you pass the Network+ exam the first time you take it.

 

Leave a Comment

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.