kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
comptia-a-plus-core2/notes/SEC-3-wireless-security.md

251 lines
5.1 KiB
Markdown
Raw Blame History

# SEC-3: Wireless Security and Authentication Methods
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.3 Wireless security
## What You Need To Know
Wireless security questions usually ask which encryption/authentication method is safest or most appropriate.
Core ideas:
- WEP is obsolete and should not be used.
- WPA was a temporary improvement over WEP.
- WPA2 with AES is still common and acceptable.
- WPA3 is newer and stronger.
- Personal/PSK uses one shared password.
- Enterprise/802.1X authenticates users individually, usually with RADIUS.
## Memory Trick
Use **3 beats 2, AES beats TKIP, Enterprise beats shared password**.
Order to remember:
- **WEP = Weak**
- **WPA = temporary**
- **WPA2-AES = solid**
- **WPA3 = strongest common choice**
Mode shortcut:
- **Personal = shared pre-shared key**
- **Enterprise = individual user authentication**
## Wireless Encryption
WEP:
- Wired Equivalent Privacy.
- Broken/obsolete.
- Do not choose it unless the question asks what should be replaced.
WPA:
- Wi-Fi Protected Access.
- Temporary replacement for WEP.
- Uses TKIP.
TKIP:
- Older encryption method used with WPA.
- Avoid when better options exist.
WPA2:
- Stronger replacement for WPA.
- Uses AES.
AES:
- Advanced Encryption Standard.
- Stronger than TKIP.
WPA3:
- Newer than WPA2.
- Improves encryption and key exchange.
- Best default answer when supported.
## Wireless Modes
Open:
- No password.
- Avoid for private/business networks.
WPA2/WPA3-Personal:
- Uses a pre-shared key.
- Good for home/SOHO networks.
- Everyone uses the same Wi-Fi password.
WPA2/WPA3-Enterprise:
- Uses 802.1X.
- Authenticates users individually.
- Usually uses RADIUS.
- Best for business networks when supported.
## Authentication Methods
RADIUS:
- Remote Authentication Dial-in User Service.
- Centralized AAA service.
- Common for VPN, wireless 802.1X, network devices, and server authentication.
TACACS+:
- Authentication protocol common with Cisco/network device administration.
- Exam clue: network device admin authentication, especially Cisco.
Kerberos:
- Ticket-based network authentication.
- Common in Microsoft/Active Directory environments.
- Supports SSO-style access in Windows domains.
MFA:
- Multi-factor authentication.
- Uses more than one factor type:
- Something you know
- Something you have
- Something you are
- Somewhere you are
- Something you do
## Scenario Shortcuts
Home Wi-Fi:
- WPA3-Personal if supported.
- WPA2-AES if WPA3 is not available.
Business Wi-Fi:
- WPA3-Enterprise or WPA2-Enterprise with 802.1X/RADIUS.
Legacy weak network:
- Replace WEP/WPA/TKIP.
VPN authentication server:
- RADIUS is a common answer.
Cisco/network device admin authentication:
- TACACS+ is a common answer.
Microsoft domain authentication:
- Kerberos is a common answer.
## Commands To Enter
Windows:
```powershell
netsh wlan show interfaces
```
What it does:
- Shows current Wi-Fi interface, SSID, authentication, and cipher details.
- Works only if Wi-Fi is present and connected.
```powershell
netsh wlan show profiles
```
What it does:
- Lists saved Wi-Fi profiles.
```powershell
ipconfig /all
```
What it does:
- Shows network adapter details, including DHCP and DNS information.
```powershell
ncpa.cpl
```
What it does:
- Opens Network Connections.
Linux:
```bash
nmcli device status
```
What it does:
- Shows network devices and connection state when NetworkManager is installed.
```bash
nmcli connection show
```
What it does:
- Shows configured network connections when NetworkManager is installed.
```bash
iw dev
```
What it does:
- Shows wireless interface information if wireless tools are installed.
```bash
ip addr
```
What it does:
- Shows network interfaces and IP addresses.
macOS, if available:
```bash
networksetup -listallhardwareports
```
What it does:
- Lists network hardware ports, including Wi-Fi.
```bash
airport -I
```
What it does:
- Shows current Wi-Fi details on many macOS systems.
- On some macOS versions, the `airport` command path may require lookup or may be deprecated.
## Mini Lab
Goal:
- Identify current wireless mode/security without changing router settings.
Windows:
1. Connect to a known Wi-Fi network.
2. Run `netsh wlan show interfaces`.
3. Run `netsh wlan show profiles`.
4. Run `ipconfig /all`.
5. Record:
- SSID:
- Authentication:
- Cipher:
- DHCP enabled:
- DNS server:
Linux:
1. Run `nmcli device status`.
2. Run `nmcli connection show`.
3. Run `ip addr`.
4. Optional: run `iw dev`.
5. Record:
- Wireless interface name:
- Active connection:
- IP address:
Router review, if you own/admin the network:
1. Look at Wi-Fi security mode.
2. Confirm WEP/TKIP are not used.
3. Prefer WPA3 or WPA2-AES.
4. Do not change settings unless you understand the impact.
## Quick Check Before Quiz
You are ready for the SEC-3 quiz when you can answer these without looking:
- Which wireless security should be avoided?
- Which is stronger: TKIP or AES?
- Which mode uses one shared password?
- Which mode uses 802.1X/RADIUS?
- Which authentication protocol is common in Microsoft domains?
- Which authentication protocol is common for VPN/wireless AAA?
Reference in a new issue View git blame Copy permalink