Configuring Wireless Security

If you’re planning to take the Security+ exam, you should have a basic understanding of troubleshooting security issues related to wireless networking such as configuring wireless security.

For example, can you answer this question?

Q. Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

A. An authentication server with a digital certificate installed on the authentication server

B. An authentication server with DHCP installed on the authentication server

C. An authentication server with DNS installed on the authentication server

D. An authentication server with WEP running on the access point

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

IEEE 802.1x

An 802.1x server is integrated with a database of accounts and it provides port-based authentication by requiring users and devices to authenticate before granting them access to a network. When systems connect, the 802.1x server challenges them to authenticate and prevents full network access until it receives valid credentials. This prevents rogue devices from being able to access network resources.

You can implement IEEE 802.1x as a Remote Authentication Dial-In User Service (RADIUS) server. RADIUS provides centralized authentication. When implemented with WPA or WPA2, 802.1x provides an added layer of protection by ensuring users can authenticate before granting them access to the wireless network.

At some point, people started saying that 802.1x is shorthand for multiple wireless protocols such as 802.11a, 802.11b, and so on. It is not. You can implement 802.1x with WPA and WPA2 using Enterprise mode.

CompTIA Security+ Study Guide

The 601 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide is an update to the top-selling SY0-201, SY0-301, SY0-401, and SY0-501 study guides, which have helped thousands of readers pass the exam the first time they took it. It includes the same elements readers raved about in the previous four versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

A 75 question pre-test
A 75 question post-test
Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Personal Versus Enterprise Modes

Both WPA and WPA2 can operate in either Personal or Enterprise modes. When using Personal mode, users access the wireless network anonymously with a preshared key (PSK) or passphrase. This doesn’t provide authentication. As a reminder, authentication proves a user’s identity with the use of credentials such as a username and password. Users claim an identity with a username and prove their identity with a password.

In contrast, WPA or WPA2 Enterprise mode forces users to authenticate with unique credentials before granting them access to the wireless network. Enterprise mode uses an 802.1x server, often implemented as a RADIUS server, which accesses a database of accounts. If users don’t have the proper credentials, Enterprise mode (using an 802.1x server) blocks their access. Also, an 802.1x server has a certificate on it to secure the authentication process.

Full Security+ Course

SY0-601 Full Security+ Course

Helping you Pass the First Time

This course includes all of the multiple-choice practice test questions, performance-based questions, audio, and flashcards from the but adds the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide within an online course.

Test your readiness with these quality materials

Here’s what you get

All of the content from the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. All questions include explanations so you’ll know why the correct answers are correct, and why the incorrect answers are incorrect.

Performance-based Questions

These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions.

Online Flashcard Set

Online Security+ Remember This Slide from the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide
Online Security+ Question and Answer Flashcards organized by domain
Online Security+ Acronyms Flashcards

Audio – SY0-601 Security+ Remember This Audio Files

Learn by Listening (MP3 downloads.)

Audio – SY0-601 Security+ Question and Answer Audio Files

Learn by Listening (MP3 downloads.)

Bonus #1

The same set of questions organized by domain including questions in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide plus extra practice test questions.

Bonus #2

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide.

Bonus #3

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. This includes labs, extra practice test questions, and supplementary materials.

Bonus #4

Extended access. Access the study materials for a total of 60 days because sometimes life happens.

Bonus #5

10% off Voucher Code. Access to a coupon code that will give you 10% off your exam voucher. At the current price of $370 USD for the Security+ voucher, this can save you $37.

Get the SY0-601 Full Security+ Course Here

The figure shows two screenshots of a Cisco wireless router with the Wireless Security section selected. By clicking in the box next to Security Mode, you can select a variety of different security modes such as WEP, WPA Personal, WPA2 Personal, WPA Enterprise, or WPA2 Enterprise. When you select one of the Personal settings such as WPA2 Personal in the top portion of the figure, it shows a passphrase. It can be as many as 63 characters long and the passphrase you enter here is the same passphrase you would enter on all the wireless devices. Many security experts recommend using a passphrase at least 20 characters long, with a mix of uppercase, lowercase, numbers, and special characters.

Configuring Wireless Security

Configuring wireless security

If you select WPA2 Enterprise, as shown in the bottom portion of the figure, it displays different information. You would need to put in the IP address of the RADIUS (or 802.1x) server, the port it is using, and a shared secret. The official default port for RADIUS is 1812. However, some vendors have used other ports such as 1645. The key is that you must enter the same port here that the server is using. The shared secret is similar to a password and you must enter it here exactly as it is entered on the server.

After configuring WPA2 Enterprise on a WAP, it redirects all attempts to connect to the RADIUS server to authenticate. After users authenticate, the RADIUS server tells the WAP to grant them access.

Wireless authentication systems using an 802.1x server are more advanced than most home networks need, but many larger organizations use them. In other words, most home networks use Personal mode, whereas many organizations use Enterprise mode to increase security. A combination of both a security protocol such as WPA2 and an 802.1x authentication server significantly reduces the chance of a successful access attack against a wireless system.

Remember this

Personal mode (or WPA-PSK and WPA2-PSK) uses a preshared key and does not provide individual authentication. WPA/WPA2 Enterprise mode is more secure than Personal mode, and it provides strong authentication. Enterprise mode uses an 802.1x server (implemented as a RADIUS server) to add authentication.

Security+ (SY0-601) Practice Test Questions

SY0-601 Practice Test Questions

Over 385 realistic Security+ practice test questions

At least 10 performance-based questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Upgrade Your Resume with the Security+ New Version

Multiple quiz formats to let you use these questions based on the way you learn.

Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

Pass the First Time You Take It

Get the full bank of SY0-601 Practice Test Questions Here

Click here if you’re looking for SY0-501 Online Study Package