CompTIA Security+ 501

CompTIA Security+
SY0-501

Instructor: Ron Woerner, CISSP, CISM

CompTIA Security+
Domain 6 –
Cryptography & PKI
6.3 Given a scenario, install
and configure wireless
security settings

Cybrary - Ron Woerner 1

 CompTIA Security+ 501

6.3 Wireless Security

● Methods ● Authentication protocols

○ PSK vs. Enterprise vs. ○ EAP
Open ○ PEAP
○ WPS ○ EAP-FAST
○ Captive portals ○ EAP-TLS
○ EAP-TTLS
● Cryptographic protocols
○ IEEE 802.1x
○ WPA
○ RADIUS Federation
○ WPA2
○ CCMP
○ TKIP

Wireless Access Methods

● Open authentication – only need to know the network name / SSID

○ Captive portal - web page that is launched first when connecting through a
network
● Shared Authentication
○ The client and the wireless access point must negotiate and share a key prior
to initiating communications
○ Pre-shared key (PSK). Each user uses the same key to connect to the wi-fi
network.
● Enterprise
○ A server handles distribution of cryptographic keys and/or digital certificates
○ Extensible Authentication Protocol (EAP)

Cybrary - Ron Woerner 2

 CompTIA Security+ 501

Wi-Fi protected setup (WPS)

● Standard to simplify Wireless Access Point (AP) set-up for home users

Three modes:
● PIN entry
● Push-button configuration (PBC)
● Near Field Communication (NFC)

Wireless Cryptographic protocols

● Wired Equivalent Privacy (WEP): This original wireless
encryption standard should not be used today
● Wi-Fi Protected Access (WPA): WPA was developed in
response to security concerns over WEP
● Wi-Fi Protected Access Version 2 (WPA2)
○ Required for Wi-Fi certified devices
○ Uses AES for encryption
○ Based on the IEEE 802.11i standard

Cybrary - Ron Woerner 3

 CompTIA Security+ 501

Wi-Fi Protected Access

● WPA-Personal (WPA-PSK)
○ Uses a pre-shared key to authenticate and validate
users on a wireless LAN (WLAN) or Wi-Fi connection
● WPA-Enterprise (WPA-802.1X)
○ Increased security for larger organizations
○ Requires RADIUS authentication server
● Temporal Key Integrity Protocol (TKIP)
○ Based on RC4
○ Uses a unique key with each packet
○ Considered depreciated

Wi-Fi Protected Access 2 (WPA2)

● Counter Mode with Cipher Block Chaining Message Authentication Code
Protocol (CCMP)
○ Replaced TKIP
○ Based on AES encryption cipher
○ CCM combines CTR for confidentiality and CBC-MAC for authentication and
integrity
● Fully implements the IEEE 802.11i-2004 Wi-Fi security standards

Cybrary - Ron Woerner 4

 CompTIA Security+ 501

Authentication protocols
● EAP
○ Requires an authentication server
○ Allows authentication methods beyond username/password
○ Provides support for public certificates
○ Four modes
■ PEAP – Protected EAP
■ EAP-TLS – EAP-Transport Layer Security
■ EAP-TTLS – EAP Tunneled Transport Layer Security
■ EAP-FAST – EAP Flexible Authentication via Secure Tunneling

Extensible Authentication Protocol (EAP)

● PEAP
● EAP-FAST
● EAP-TLS
● EAP-TTLS

Cybrary - Ron Woerner 5

 CompTIA Security+ 501

Authentication protocols
● IEEE 802.1x
○ The IEEE standard for port-based network access control.

● RADIUS Federation
○ Using RADIUS to authenticate between entities.
○ As part of PEAP negotiation, client establishes a TLS
session with a RADIUS server
○ Client authenticates with RADIUS server

Exam Preparation
Also known as WPA-Personal, this is a security
mechanism used to authenticate and validate
users on a wireless LAN (WLAN) or Wi-Fi
connection?

A. WPA-PSK
B. PEAP
C. WPA-TKIP
D. WPA-CCMP

Cybrary - Ron Woerner 6

 CompTIA Security+ 501

Exam Preparation
This network authentication protocol uses digital
certificate-based mutual authentication, which occurs
automatically with no intervention by the user.

A. PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-TTLS

CompTIA Security+
Domain 6 –
Cryptography & PKI
6.3 Given a scenario, install
and configure wireless
security settings

Cybrary - Ron Woerner 7