356 Chapter 15 ■ Wireless Networking
(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).
The standard also comes in a version that uses stronger systems such as Extensible
Authentication Protocol (EAP), TKIP, and AES (with longer keys).
■ WPA2 Enterprise is a version that incorporates EAP standards as a way to strengthen
security as well as scale the system up to large enterprise environments.
■ TKIP is used as an enhancement to WPA over WEP.
■ AES is a symmetric-key encryption, used in WPA2 as a replacement for TKIP.
■ EAP is incorporated into multiple authentication methods, such as token cards,
Kerberos, and certificates.
■ Lightweight Extensible Authentication Protocol (LEAP) is a proprietary WLAN
authentication protocol developed by Cisco.
■ Remote Authentication Dial-In User Service (RADIUS) is a centralized authentication
and authorization management system.
■ 802.11i is an IEEE standard that specifies security mechanisms for 802.11 wireless
networks.
■ CCMP uses 128-bit keys, with a 48-bit initialization vector (IV) for replay detection.Let’s look at some of these protocols a little more closely so you can gain a better
understanding of them. We’ll start by looking at WEP.WEP Encryption: A Closer Look
WEP is the oldest of the wireless encryption protocols and is also the most maligned of
all of the available methods. When originally introduced and integrated into the 802.11b
standard, it was viewed as a way of providing security of data transmissions more or
less on a par with that of wired networks. As designed, WEP made use of some existing
technologies, including RC4, as encryption mechanisms. Although WEP was intended to
provide security on the same level as wired networks, it failed in that regard.Pay particular attention to the WEP security protocol as you will be
expected to understand how it works. Know its flaws and vulnerabilities,
and be able to describe why these problems arise.First you need to understand what WEP was originally designed to provide. WEP was
intended to achieve the following:
■ Defeat eavesdropping on communications and attempts to reduce unauthorized
disclosure of data.
■ Check the integrity of data as it flows across the network.
■ Use a shared secret key to encrypt packets prior to transmission.
■ Provide confidentiality, access control, and integrity in a lightweight, efficient system.