92 lines
1.4 KiB
Markdown
92 lines
1.4 KiB
Markdown
# Lab SEC-3: Wireless Security Inspection
|
|
|
|
Domain:
|
|
- 2.0 Security
|
|
|
|
Works on:
|
|
- Windows
|
|
- Linux
|
|
- Optional macOS
|
|
|
|
## Goal
|
|
|
|
Inspect wireless security settings without changing router configuration.
|
|
|
|
## Windows Steps
|
|
|
|
Run:
|
|
|
|
```powershell
|
|
netsh wlan show interfaces
|
|
netsh wlan show profiles
|
|
ipconfig /all
|
|
ncpa.cpl
|
|
```
|
|
|
|
Record:
|
|
- SSID:
|
|
- Authentication:
|
|
- Cipher:
|
|
- Wi-Fi adapter name:
|
|
- DHCP enabled:
|
|
- DNS server:
|
|
|
|
## Linux Steps
|
|
|
|
Run:
|
|
|
|
```bash
|
|
nmcli device status
|
|
nmcli connection show
|
|
ip addr
|
|
```
|
|
|
|
Optional:
|
|
|
|
```bash
|
|
iw dev
|
|
```
|
|
|
|
Record:
|
|
- Wireless interface:
|
|
- Active connection:
|
|
- IP address:
|
|
- Tool availability:
|
|
|
|
## Optional macOS Steps
|
|
|
|
Run:
|
|
|
|
```bash
|
|
networksetup -listallhardwareports
|
|
```
|
|
|
|
Optional, if available:
|
|
|
|
```bash
|
|
airport -I
|
|
```
|
|
|
|
Record:
|
|
- Wi-Fi hardware port:
|
|
- SSID/security details if visible:
|
|
|
|
## Scenario Matching
|
|
|
|
Choose the best answer:
|
|
- Home network, newest supported security:
|
|
- Business Wi-Fi with individual user login:
|
|
- Legacy setting that should be replaced:
|
|
- Strong encryption used with WPA2:
|
|
- Authentication server for 802.1X:
|
|
- Microsoft domain authentication:
|
|
- Cisco/network device admin authentication:
|
|
|
|
## What You Should Learn
|
|
|
|
- WEP and TKIP are weak/legacy choices.
|
|
- WPA2-AES is a common secure baseline.
|
|
- WPA3 is preferred when supported.
|
|
- Personal mode uses a shared password.
|
|
- Enterprise mode uses individual authentication, usually with RADIUS.
|
|
|