Cisco CCNA Study Guide - Router Alley

More documents

Recommendations

Info

CCNA Study Guide v2.62 – Aaron Balchunas 130 Wireless Equivalence Protocol (WEP) The emergence of 802.11 technologies has introduced new security concerns, due to the open-air nature of wireless transmissions. Such transmissions are easily intercepted, which necessitates mechanisms to not only authenticate wireless clients, but also to secure data transfer (using encryption) and to ensure data integrity (using a 32-bit CRC). Wireless Equivalence Protocol (WEP) was developed as part of the original 802.11 standard. WEP utilizes the RC4 stream cipher for encryption, which combines a key with a randomly-generated initialization vector (IV) to provide confidentiality. WEP comes in two common forms: • 64-bit WEP – employs a 40-bit key with a 24-bit IV. • 128-bit WEP – employs a 104-bit key with a 24-bit IV. The 128-bit WEP key is represented as a 26-digit hexadecimal string. WEP can be used with both Open and Shared-Key authentication. With Open authentication, the WEP key is used only for encrypting data. With Shared-Key authentication, the WEP key used for both authenticating the wireless client and encrypting data. Regardless of the authentication method, the WEP key(s) must be identical on both the wireless client and the WAP. WEP Shared-Key authentication employs a four-way handshake: 1. The client makes an authentication request to the WAP. 2. The WAP responds with a clear-text challenge. 3. The client encrypts the challenge with its WEP key. 4. The WAP decrypts the encrypted challenge and compares it to the original clear-text challenge. The authentication process will only be successful if the WEP key is identical on both the WAP and the client. Surprisingly, Shared-Key authentication is less secure than Open authentication. A malicious attacker can intercept both the clear-text and encrypted challenges, and thus somewhat easily derive the encryption key. WEP is no longer considered a viable security mechanism, as it is easily compromised. Additionally, WEP provides only one-way authentication; there is no mechanism within WEP for a client to authenticate the WAP. (Reference: http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy; http://www.wi-fiplanet.com/tutorials/article.php/1368661) * * * All original material copyright © 2013 by Aaron Balchunas (aaron@routeralley.com), unless otherwise noted. All other material copyright © of their respective owners. This material may be copied and used freely, but may not be altered or sold without the expressed written consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
CCNA Study Guide v2.62 – Aaron Balchunas 131 Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) was developed by the Wi-Fi Alliance to address the shortcomings of WEP. WPA incorporates some of the techniques and protocols that were eventually standardized as part of the 802.11i amendment. Temporal Key Integrity Protocol (TKIP) is the core component of WPA. Though TKIP employs a RC4 stream cipher like WEP, it offers several improvements, including: • Per-Packet Key Hashing • 64-bit Message Integrity Check (MIC) • Broadcast Key Rotation • Sequence Counting Note: Cisco developed a proprietary implementation of TKIP that is not compatible with WPA TKIP. However, Cisco devices will often support both the standardized and propriety forms of TKIP. WPA2, also developed by the Wi-Fi Alliance, incorporates all portions of the 802.11i amendment. It added support for Advanced Encryption Standard (AES) encryption with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES-CCMP is considered significantly more secure than the RC4 stream cipher used by WEP/TKIP. WPA2 also added native support for Intrusion Detection Systems (IDS). Both WPA and WPA2 support two modes, Personal and Enterprise. WPA Personal employs pre-shared key (or passphrase) for authentication, and is often referred to as WPA-PSK (Pre-Shared Key). The WPA key can be represented as a 64-digit hexadecimal string, or an 8 to 63 character ASCII string. As with WEP, this key-string must be identical on both the client and the WAP. WPA Enterprise employs an 802.1X/EAP server (such as a RADIUS server) for centralized authentication. An authentication server eliminates the need for static encryption/authentication keys to be configured on both the client and the WAP. 802.1X/EAP authentication is covered in detail in the next sections. (Reference: http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access; http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/ps4076/prod_brochure09186a00801f7d0b.html) * * * All original material copyright © 2013 by Aaron Balchunas (aaron@routeralley.com), unless otherwise noted. All other material copyright © of their respective owners. This material may be copied and used freely, but may not be altered or sold without the expressed written consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
Page 1 and 2:
CCNA Study Guide v2.62 - Aaron Balc
Page 3 and 4:
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75:
Page 78 and 79:
Page 80 and 81: CCNA Study Guide v2.62 - Aaron Balc
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 304:
show all

Cisco CCNA Study Guide - Router Alley

Create successful ePaper yourself

Delete template?

Save as template?