31 Days Before Your CCNA Exam

258 31 Days Before Your CCNA ExamWireless Security StandardsThe initial security standard for WLANs, called Wired Equivalent Privacy (WEP), had many problems.The next three standards represent a progression whose goal in part was to fix the problemscreated by WEP. In chronological order, Cisco first addressed the problem with some proprietarysolutions. Then the Wi-Fi Alliance helped fix the problem by defining an industrywide standard.Finally, the IEEE completed work on an official public standard, 802.11i.The following is a brief review of these four security standards:■WEP: In 1997, the original security standard provided authentication and encryption, whichcan be easily cracked. Main issues included:— Static preshared keys (PSKs) that required manual configuration, thus people simply leftthe defaults.— PSK values were short with only 40 unique bits, making them easy to crack.■Cisco Interim Solution: Cisco’s proprietary answer to the problems with WEP came out in2001 to provide a solution quicker than the Wi-Fi Alliance or IEEE promised solutions. TheCisco answer included some proprietary improvements for encryption, along with the IEEE802.1x standard for end user authentication. The main features of Cisco enhancements includedthe following:— Dynamic key exchange so that if a key is discovered, it is short-lived— A new encryption key for each packet— User authentication using 802.1x instead of device authentication■■Wi-Fi Protected Access (WPA): WPA came out in 2003 and essentially does the same thingas the Cisco interim solution. WPA includes the option to use dynamic key exchange, usingthe Temporal Key Integrity Protocol (TKIP). Cisco used a proprietary version of TKIP. WPAallows for the use of either IEEE 802.1X user authentication or simple device authenticationusing preshared keys. The encryption algorithm uses the Message Integrity Check (MIC)algorithm, again similar to the process used in the Cisco-proprietary solution. WPA improvedsecurity and, through the Wi-Fi Alliance certification program, gave vendors an incentive tohave their products carry the Wi-Fi certification label.802.11i (WPA2): In 2005, IEEE ratified 802.11i, which includes dynamic key exchange,much stronger encryption using the Advanced Encryption Standard (AES), and user authentication.802.11i is not backward compatible with either Cisco’s solution or WPA. Because theWi-Fi Alliance certification is so popular and well known, 802.11i products are certified withthe WPA2 label.Table 10-7 summarizes the key features of the various WLAN security standards.