CompTIA Security+ 501

CompTIA Security+

SY0-501

Instructor: Ron Woerner, CISSP, CISM

CompTIA Security+ Domain 6 – Cryptography & PKI

6.3 Given a scenario, install and configure security settings

Cybrary - Ron Woerner 1 CompTIA Security+ 501

6.3

● Methods ● protocols ○ PSK vs. Enterprise vs. ○ EAP Open ○ PEAP ○ WPS ○ EAP-FAST ○ Captive portals ○ EAP-TLS ● Cryptographic protocols ○ EAP-TTLS ○ IEEE 802.1x ○ WPA ○ RADIUS Federation ○ WPA2 ○ CCMP ○ TKIP

Wireless Access Methods

● Open authentication – only need to know the network name / SSID ○ Captive portal - web page that is launched first when connecting through a network ● Shared Authentication ○ The client and the must negotiate and share a key prior to initiating communications ○ Pre-shared key (PSK) . Each user uses the same key to connect to the wi-fi network. ● Enterprise ○ A server handles distribution of cryptographic keys and/or digital certificates ○ Extensible Authentication Protocol (EAP)

Cybrary - Ron Woerner 2 CompTIA Security+ 501

Wi-Fi protected setup (WPS)

● Standard to simplify Wireless Access Point (AP) set-up for home users

Three modes: ● PIN entry ● Push-button configuration (PBC) ● Near Field Communication (NFC)

Wireless Cryptographic protocols

(WEP) : This original wireless standard should not be used today ● Wi-Fi Protected Access (WPA) : WPA was developed in response to security concerns over WEP ● Wi-Fi Protected Access Version 2 (WPA2) ○ Required for Wi-Fi certified devices ○ Uses AES for encryption ○ Based on the IEEE 802.11i standard

Cybrary - Ron Woerner 3 CompTIA Security+ 501

Wi-Fi Protected Access

● WPA-Personal (WPA-PSK) ○ Uses a pre-shared key to authenticate and validate users on a wireless LAN (WLAN) or Wi-Fi connection ● WPA-Enterprise (WPA-802.1X) ○ Increased security for larger organizations ○ Requires RADIUS authentication server ● Temporal Key Integrity Protocol (TKIP) ○ Based on RC4 ○ Uses a unique key with each packet ○ Considered depreciated

Wi-Fi Protected Access 2 (WPA2)

● Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) ○ Replaced TKIP ○ Based on AES encryption cipher ○ CCM combines CTR for confidentiality and CBC-MAC for authentication and integrity ● Fully implements the IEEE 802.11i-2004 Wi-Fi security standards

Cybrary - Ron Woerner 4 CompTIA Security+ 501

Authentication protocols

● EAP ○ Requires an authentication server ○ Allows authentication methods beyond username/password ○ Provides support for public certificates ○ Four modes ■ PEAP – Protected EAP ■ EAP-TLS – EAP- ■ EAP-TTLS – EAP Tunneled Transport Layer Security ■ EAP-FAST – EAP Flexible Authentication via Secure Tunneling

Extensible Authentication Protocol (EAP)

● PEAP ● EAP-FAST ● EAP-TLS ● EAP-TTLS

Cybrary - Ron Woerner 5 CompTIA Security+ 501

Authentication protocols

● IEEE 802.1x ○ The IEEE standard for port-based network access control.

● RADIUS Federation ○ Using RADIUS to authenticate between entities. ○ As part of PEAP negotiation, client establishes a TLS session with a RADIUS server ○ Client authenticates with RADIUS server

Exam Preparation

Also known as WPA-Personal, this is a security mechanism used to authenticate and validate users on a wireless LAN (WLAN) or Wi-Fi connection?

A. WPA-PSK B. PEAP C. WPA-TKIP D. WPA-CCMP

Cybrary - Ron Woerner 6 CompTIA Security+ 501

Exam Preparation

This network authentication protocol uses digital certificate-based mutual authentication, which occurs automatically with no intervention by the user.

A. PEAP B. EAP-FAST C. EAP-TLS D. EAP-TTLS

CompTIA Security+ Domain 6 – Cryptography & PKI

6.3 Given a scenario, install and configure wireless security settings

Cybrary - Ron Woerner 7