A plus 1002 Sub-objective 2.3 – Dumps4shared

A plus 1002 Sub-objective 2.3

A plus 1002 Sub-objective 2.3 – Compare and contrast wireless security protocols and authentication methods.

Go back to A+ 220-1002 Domain 2.0 table of content

Welcome to ExamNotes for Dumps4shared! This edition will examine the topics covered in A plus 1002 sub-objective 2.3 which discuss security and authentication in the wireless environment. Have fun!

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Protocols and encryption

Wireless signals are un-secure by their very nature. Wireless signals can be intercepted and read by any third party. Packets can be grabbed out of thin air without requiring to be logged on to the network. Unencrypted Wi-Fi sessions are the physical equivalent of someone sitting beside you observing while you read and type. Even the weakest encryption is better than none. It’s important to understand that the encryption process consumes resources on the devices and the transmission itself, referred to as overhead.

Screenshot of VPN Encryption
Example of VPN Encryption

In this edition, we will look at the encryption protocols covered in the objectives as well as how they can be used together in order to create hardened communications that are less likely to be decoded. Wireless encryption is configured on the router used to access the Internet. All wirelessly connected devices use the same encryption method as they won’t understand the connection process. Encryption uses a unique key that is variable in length and subject to frequent changes, in order to keep them secure. Here are the various encryption protocols.

WEP

Wired Equivalent Protocol (WEP) was considered the “go to” encryption method in the early days of wireless networking as it offered the equivalent security of a hard-wired connection. WEP is now considered less than secure due to the sophistication of wireless eavesdropping and the fact that the key is static and never changes, making it easily shareable.

WPA

Wi-Fi Protected Access (WPA) encryption
offers constantly changing keys with a stronger encryption method. WPA was the
best encryption protocol at the time and is considered an upgrade for WEP. Also
called the Temporal Key Integrity Protocol (TKIP), WPA generates changing keys
and is used in conjunction with other encryption protocols in order to harden
them as you will see.

WPA2

Wi-Fi Protected Access 2 (WPA2)
is the best protection method available at the time of this writing and is
based on the Advanced Encryption Standard (AES), the Government standard for
encryption of classified communication and documentation. In order to display
the Wi-Fi logo, WPA2 (AES) support is mandatory. WPA2 is often used with a
Pre-Shared Key (PSK) which is generally the router passphrase.

TKIP

The replacement for WEP, the Temporal Key Integrity
Protocol
 (TKIP) generates frequently changing authentication keys which
add an additional layer of security.

AES

All wireless devices manufactured since 2006 must support Advanced
Encryption Standard 
(AES) in order to be allowed to use the Wi-Fi
logo. AES improves the method used by TKIP in order to generate encryption
keys.

When setting up a wireless “n” router, it is important to know
the devices that will be accessing it. For example, setting a router to WPA
(TKIP) mode for backward compatibility to 802.11b/g/n will slow the router down
dramatically.

To summarize: The strongest and fastest encryption you can use
is WPA2 (AES).

Authentication

Single-factor

There
are several ways that users can be authenticated on the system. The simplest
method is single-factor authentication which is widely used and can be as
simple as a password or PIN. Other single-factor authentication methods are
one-time passwords (OTP) that use random codes generated by a synchronized key
fob or mobile device. ID badges are also used in single-factor authentication.

Multifactor

Multifactor
authentication requires two or more independent authentication methods. In
multifactor authentication, any two or more of the following can be used
together as needed: ID Badge, Password/PIN, OTP, or biometric data. An example
of multifactor authentication is a fingerprint and a PIN. The greater the need
for increased security, the more authentication methods that should be used.

RADIUS

Remote Access Dial-In User Service (RADIUS) provides centralized Authentication, Authorization, and Accounting (AAA) management for users connecting to network resources and services.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

TACACS

Terminal
Access Controller Access-Control System (TACACS) is a group of protocols for
handling remote authentication and services through a centralized server. You
may find that the objectives refer to TACACS as TACACS+ which is a newer version
and supports AAA services. However, TACAS and TACAS+ are separate protocols.
This completes the coverage for objective 2.3!
Good luck on the test!

Pass Your IT Certification Exams With Free Real Exam Dumps and Questions

Full Version 220-1002 Dumps

Tagged ,