Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

More documents

Recommendations

Info

62 CHAPTER 4 Wireless Networking WEP characteristics: ■ ■ ■ ■ WEP utilizes a shared-key authentication that allows for encryption and decryption of wireless transmissions. Up to four keys can be defined on an AP or a client, and they can be rotated to add complexity for a higher security standard in the WLAN policy. The driving force behind WEP was privacy. In cases that require high degrees of security, other mechanisms should be utilized such as authentication, access control, password protection, and virtual private networks (VPNs). Despite its flaws, WEP still offers a better level of security than open wireless connections. EXAM WARNING Most APs advertise that they support WEP in 64-bit encryption, but often the 128-bit option is also supported. For corporate networks, 128-bit encryption-capable devices should be considered as a minimum. With data security enabled in a closed network, the settings on the client for the SSID and the encryption keys must match the AP when attempting to associate with the network or it will fail. WEP provides security and privacy in transmissions held between the AP and the clients. Some of the other benefits of implementing WEP include the following: ■ ■ ■ ■ ■ All messages are encrypted using a CRC-32 checksum to provide some degree of integrity. Privacy is maintained through the RC4 encryption. Without possession of the secret key, the message cannot be decrypted. WEP is extremely easy to implement. All that is required is to set the encryption key on the APs and on each client. WEP provides a basic level of security for WLAN applications. WEP keys are user-definable and unlimited. WEP keys can, and should, be changed often. EXAM WARNING Do not confuse WAP and WEP. Although it may seem that WEP is the privacy system for WAP, you should remember that WTLS is the privacy mechanism for WAP and WEP is the privacy mechanism for 802.11 WLANs. WPA AND WPA2 Because of the relative ease that WEP with a preshared key can be broken, the Wi- Fi Alliance has created a new encryption standard called Wi-Fi protected access (WPA). WPA enhances security over WEP by using the Temporal Key Integrity Protocol (TKIP) to address some of the weaknesses of WEP including per-packet
Wireless Network Concepts 63 mixing, a message integrity check, an extended initialization vector (IV), and dynamic rekeying. Creating Privacy with WEP WEP provides for three implementations: no encryption, 64-bit encryption, and 128-bit encryption. No encryption means no privacy. In 64-bit and 128-bit varieties, the greater the number of characters (bits), the stronger the encryption. The initial configuration of the AP includes the setup of the shared key, which can be in the form of either alphanumeric or hexadecimal strings, and must be matched on the client. WEP uses the RC4 encryption algorithm, a stream cipher, where both the sender and the receiver use the stream cipher to create identical pseudorandom strings from a known shared key. The receiver takes the shared key and identical stream and reverses the process to gain the plaintext transmission. The steps in the process are as follows: 1. The plaintext message is run through an integrity check algorithm (the 802.11 standard specifies the use of CRC-32) to produce an integrity check value (ICV). 2. This value is appended to the end of the original plaintext message. 3. A“random”24-bitIVisgeneratedandprependedto(addedtothebeginning of ) the secret key (which is distributed through an out-of-band method) that is then input to the RC4 Key Scheduling Algorithm (KSA) to generate a seed value for the WEP pseudorandom number generator (PRNG). 4. The WEP PRNG outputs the encrypting cipher-stream. 5. This cipher-stream is then XOR’d with the plaintext/ICV message to produce the WEP ciphertext. 6. The ciphertext is then prepended with the IV (in plaintext), encapsulated, and transmitted. A new IV is used for each frame to prevent the reuse of the keyfromweakeningtheencryption.WEPincorporatesachecksumintoeach frame. Any frame not found to be valid through the checksum is discarded. AUTHENTICATION There are two authentication methods in the 802.11 standard: open and sharedkey. Open authentication is more precisely described as device-oriented authentication and can be considered a null authentication – all requests are granted. Without WEP, open authentication leaves the WLAN wide open to any client who knows the SSID. With WEP enabled, the WEP secret key becomes the indirect authenticator. EXAM WARNING Open authentication can also require the use of a WEP key. Do not assume that just because the Network+ exam discusses open authentication that a WEP key should not be set.
Page 2 and 3:
Syngress is an imprint of Elsevier
Page 4 and 5:
xii About the Authors Technical Edi
Page 6 and 7:
2 CHAPTER 1 Network Fundamentals Ne
Page 8 and 9:
4 CHAPTER 1 Network Fundamentals re
Page 10 and 11:
6 CHAPTER 1 Network Fundamentals
Page 12 and 13:
8 CHAPTER 1 Network Fundamentals Wh
Page 14 and 15:
10 CHAPTER 1 Network Fundamentals d
Page 16 and 17: 12 CHAPTER 1 Network Fundamentals
Page 18 and 19: 14 CHAPTER 1 Network Fundamentals T
Page 20 and 21: 16 CHAPTER 1 Network Fundamentals T
Page 22 and 23: 18 CHAPTER 1 Network Fundamentals I
Page 24 and 25: 20 CHAPTER 2 Network Media DID YOU
Page 26 and 27: 22 CHAPTER 2 Network Media Table 2.
Page 28 and 29: 24 CHAPTER 2 Network Media ■ Perf
Page 30 and 31: 26 CHAPTER 2 Network Media Table 2.
Page 32 and 33: 28 CHAPTER 2 Network Media LAN TECH
Page 34 and 35: 30 CHAPTER 2 Network Media CONNECTO
Page 36 and 37: 32 CHAPTER 2 Network Media EXAM WAR
Page 38 and 39: 34 CHAPTER 2 Network Media problems
Page 40 and 41: 36 CHAPTER 2 Network Media electrom
Page 42 and 43: 38 CHAPTER 3 Network Devices Table
Page 44 and 45: 40 CHAPTER 3 Network Devices some o
Page 46 and 47: 42 CHAPTER 3 Network Devices ■
Page 48 and 49: 44 CHAPTER 3 Network Devices ■
Page 50 and 51: 46 CHAPTER 3 Network Devices EXAM W
Page 52 and 53: 48 CHAPTER 3 Network Devices ■ Du
Page 54 and 55: 50 CHAPTER 3 Network Devices Proxy
Page 56 and 57: 52 CHAPTER 3 Network Devices Top Fi
Page 58 and 59: 54 CHAPTER 3 Network Devices the co
Page 60 and 61: 56 CHAPTER 4 Wireless Networking
Page 64 and 65: 60 CHAPTER 4 Wireless Networking Ta
Page 68 and 69: 64 CHAPTER 4 Wireless Networking Th
Page 70 and 71: 66 CHAPTER 4 Wireless Networking us
Page 74 and 75: 70 CHAPTER 4 Wireless Networking si
Page 76 and 77: 72 CHAPTER 4 Wireless Networking co
Page 78 and 79: 74 CHAPTER 5 The OSI Model and Netw
Page 94 and 95: 90 CHAPTER 6 TCP/IP and Routing ■
Page 96 and 97: 92 CHAPTER 6 TCP/IP and Routing For
Page 98 and 99: 94 CHAPTER 6 TCP/IP and Routing UND
Page 100 and 101: 96 CHAPTER 6 TCP/IP and Routing ■
Page 102 and 103: 98 CHAPTER 6 TCP/IP and Routing Sub
Page 104 and 105: 100 CHAPTER 6 TCP/IP and Routing co
Page 106 and 107: 102 CHAPTER 6 TCP/IP and Routing
Page 108 and 109: 104 CHAPTER 6 TCP/IP and Routing al
Page 110 and 111: CHAPTER 7 Wide Area Networking 107
Page 112 and 113: WAN Protocols and Properties 109 In
Page 114 and 115: WAN Protocols and Properties 111 Cr
Page 116 and 117:
Internet Access Methods 113 EXAM WA
Page 118 and 119:
Internet Access Methods 115 Wireles
Page 120 and 121:
Internet Access Methods 117 Top Fiv
Page 122 and 123:
Internet Access Methods 119 with th
Page 124 and 125:
122 CHAPTER 8 Security Standards an
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
144 CHAPTER 9 Network Management
Page 148 and 149:
146 CHAPTER 9 Network Management Wi
Page 150 and 151:
148 CHAPTER 9 Network Management Cr
Page 152 and 153:
150 CHAPTER 9 Network Management
Page 154 and 155:
152 CHAPTER 9 Network Management An
Page 156 and 157:
154 CHAPTER 9 Network Management Lo
Page 158 and 159:
156 CHAPTER 10 Network Troubleshoot
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Glossary 177 Access Determines who
Page 180 and 181:
Glossary 179 Extensible Authenticat
Page 182 and 183:
Glossary 181 Oscilloscope A cable t
Page 184 and 185:
Glossary 183 Wireless Network A net
Page 186 and 187:
186 Index Data link layer, 74-75 fu
Page 188 and 189:
188 Index Network troubleshooting,
show all

Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

Create successful ePaper yourself

Delete template?

Save as template?