CompTIA Security+ 501
CompTIA Security+
SY0-501
Instructor: Ron Woerner, CISSP, CISM
CompTIA Security+ Domain 6 – Cryptography & PKI
6.3 Given a scenario, install and configure wireless security settings
Cybrary - Ron Woerner 1 CompTIA Security+ 501
● Methods ● Authentication protocols ○ PSK vs. Enterprise vs. ○ EAP Open ○ PEAP ○ WPS ○ EAP-FAST ○ Captive portals ○ EAP-TLS ● Cryptographic protocols ○ EAP-TTLS ○ IEEE 802.1x ○ WPA ○ RADIUS Federation ○ WPA2 ○ CCMP ○ TKIP
Wireless Access Methods
● Open authentication – only need to know the network name / SSID ○ Captive portal - web page that is launched first when connecting through a network ● Shared Authentication ○ The client and the wireless access point must negotiate and share a key prior to initiating communications ○ Pre-shared key (PSK) . Each user uses the same key to connect to the wi-fi network. ● Enterprise ○ A server handles distribution of cryptographic keys and/or digital certificates ○ Extensible Authentication Protocol (EAP)
Cybrary - Ron Woerner 2 CompTIA Security+ 501
Wi-Fi protected setup (WPS)
● Standard to simplify Wireless Access Point (AP) set-up for home users
Three modes: ● PIN entry ● Push-button configuration (PBC) ● Near Field Communication (NFC)
Wireless Cryptographic protocols
● Wired Equivalent Privacy (WEP) : This original wireless encryption standard should not be used today ● Wi-Fi Protected Access (WPA) : WPA was developed in response to security concerns over WEP ● Wi-Fi Protected Access Version 2 (WPA2) ○ Required for Wi-Fi certified devices ○ Uses AES for encryption ○ Based on the IEEE 802.11i standard
Cybrary - Ron Woerner 3 CompTIA Security+ 501
Wi-Fi Protected Access
● WPA-Personal (WPA-PSK) ○ Uses a pre-shared key to authenticate and validate users on a wireless LAN (WLAN) or Wi-Fi connection ● WPA-Enterprise (WPA-802.1X) ○ Increased security for larger organizations ○ Requires RADIUS authentication server ● Temporal Key Integrity Protocol (TKIP) ○ Based on RC4 ○ Uses a unique key with each packet ○ Considered depreciated
Wi-Fi Protected Access 2 (WPA2)
● Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) ○ Replaced TKIP ○ Based on AES encryption cipher ○ CCM combines CTR for confidentiality and CBC-MAC for authentication and integrity ● Fully implements the IEEE 802.11i-2004 Wi-Fi security standards
Cybrary - Ron Woerner 4 CompTIA Security+ 501
Authentication protocols
● EAP ○ Requires an authentication server ○ Allows authentication methods beyond username/password ○ Provides support for public certificates ○ Four modes ■ PEAP – Protected EAP ■ EAP-TLS – EAP-Transport Layer Security ■ EAP-TTLS – EAP Tunneled Transport Layer Security ■ EAP-FAST – EAP Flexible Authentication via Secure Tunneling
Extensible Authentication Protocol (EAP)
● PEAP ● EAP-FAST ● EAP-TLS ● EAP-TTLS
Cybrary - Ron Woerner 5 CompTIA Security+ 501
Authentication protocols
● IEEE 802.1x ○ The IEEE standard for port-based network access control.
● RADIUS Federation ○ Using RADIUS to authenticate between entities. ○ As part of PEAP negotiation, client establishes a TLS session with a RADIUS server ○ Client authenticates with RADIUS server
Exam Preparation
Also known as WPA-Personal, this is a security mechanism used to authenticate and validate users on a wireless LAN (WLAN) or Wi-Fi connection?
A. WPA-PSK B. PEAP C. WPA-TKIP D. WPA-CCMP
Cybrary - Ron Woerner 6 CompTIA Security+ 501
Exam Preparation
This network authentication protocol uses digital certificate-based mutual authentication, which occurs automatically with no intervention by the user.
A. PEAP B. EAP-FAST C. EAP-TLS D. EAP-TTLS
CompTIA Security+ Domain 6 – Cryptography & PKI
6.3 Given a scenario, install and configure wireless security settings
Cybrary - Ron Woerner 7