# Lab SEC-3: Wireless Security Inspection

Domain:
- 2.0 Security

Works on:
- Windows
- Linux
- Optional macOS

## Goal

Inspect wireless security settings without changing router configuration.

## Windows Steps

Run:

```powershell
netsh wlan show interfaces
netsh wlan show profiles
ipconfig /all
ncpa.cpl
```

Record:
- SSID:
- Authentication:
- Cipher:
- Wi-Fi adapter name:
- DHCP enabled:
- DNS server:

## Linux Steps

Run:

```bash
nmcli device status
nmcli connection show
ip addr
```

Optional:

```bash
iw dev
```

Record:
- Wireless interface:
- Active connection:
- IP address:
- Tool availability:

## Optional macOS Steps

Run:

```bash
networksetup -listallhardwareports
```

Optional, if available:

```bash
airport -I
```

Record:
- Wi-Fi hardware port:
- SSID/security details if visible:

## Scenario Matching

Choose the best answer:
- Home network, newest supported security:
- Business Wi-Fi with individual user login:
- Legacy setting that should be replaced:
- Strong encryption used with WPA2:
- Authentication server for 802.1X:
- Microsoft domain authentication:
- Cisco/network device admin authentication:

## What You Should Learn

- WEP and TKIP are weak/legacy choices.
- WPA2-AES is a common secure baseline.
- WPA3 is preferred when supported.
- Personal mode uses a shared password.
- Enterprise mode uses individual authentication, usually with RADIUS.