Authentication to wireless networks is implemented

Info icon This preview shows pages 43–45. Sign up to view the full content.

View Full Document Right Arrow Icon
Authentication to wireless networks is implemented using the following methods: Method Description Open Open authentication requires that clients provide a MAC address in order to connect to the wireless network. You can use open authentication to allow any wireless client to connect to the AP. Open authentication is typically used on public networks. You can implement MAC address filtering to restrict access to the AP to only known (or allowed) MAC addresses. Because MAC addresses are easily spoofed, this provides little practical security. Shared key With shared key authentication, clients and APs are configured with a shared key (called a secret or a passphrase ). Only devices with the correct shared key can connect to the wireless network. All APs and all clients use the same authentication key. Use shared key authentication on small, private networks. Shared key authentication is relatively insecure, as hashing methods used to protect the key can be easily broken. 802.1x 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Originally designed for Ethernet networks, the 802.1x standards have been adapted for use in wireless networks to provide secure authentication. 802.1x authentication requires the following components: A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate Use 802.1x authentication on large, private networks. Users authenticate with unique usernames and passwords. Security for wireless networking is provided from the following standards: Method Description Wired Equivalent Privacy (WEP) WEP is an optional component of the 802.11 specifications that were deployed in 1997. WEP has the following weaknesses: A static pre-shared key (PSK) is configured on the AP and the client and cannot be dynamically changed or exchanged without administration. As a result, every host on large networks usually uses the same key. Because key values are short and don't change, the key can be captured and easily broken. Because of the inherent security flaws, avoid using WEP whenever possible. If using WEP cannot be avoided, only implement it using open authentication. Shared key authentication with WEP uses the same key for both
Image of page 43

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
encryption and authentication, exposing the key to additional attacks. Wi-Fi Protected Access (WPA) WPA is the implementation name for wireless security based on initial 802.11i drafts that was deployed in 2003. It was intended to be an intermediate measure to take the place of WEP while a fully secured system (802.11i) was prepared. WPA: Uses Temporal Key Integrity Protocol (TKIP) for encryption Supports both pre-shared key (WPA-PSK or WPA Personal) and 802.1x (WPA Enterprise)
Image of page 44
Image of page 45
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern