Networking Fundamentals, 3rd Edition page 463

Copyright Goodheart-Willcox Co., Inc. 463 Chapter 15 Network Security networks, such as a business where fi nancial transactions are commonplace. Creat- ing a VPN, however, can compensate for WEP vulnerability. A VPN can incorporate an authentication and an encryption method, adding to the security set in place by WEP. Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) was developed by the Wi-Fi organization and is not an IEEE standard. When vulnerabilities were discovered in the algorithm used for WEP, a more restrictive encryption was needed to protect data transferred across a wire- less network. Th e Wi-Fi organization sponsored the development of Wi-Fi Protected Access (WPA) as a solution to the vulnerabilities discovered in WEP. WPA uses a more complex encryption technique to protect data. It has become the replacement for WEP. WPA is designed to be compatible with 802.11 devices and uses Temporal Key Integrity Protocol (TKIP) to change keys frequently. Th is makes the network more secure. Wi-Fi Protected Access 2 (WPA2) Wi-Fi Protected Access 2 (WPA2) was developed by the Wi-Fi organization as an en- hanced version of WPA. It is designed to be compatible with the IEEE 802.11i stan- dard. WPA2 uses Counter Mode-Cipher Block Chaining Message Authentication Code Protocol (CCMP). Th e details of this protocol are beyond the scope of the Network+ Exam. However, you should be aware that it ensures confi dentiality and integrity of messages. 802.11i Th e IEEE ratifi ed the IEEE 802.11i standard in June of 2004 to remedy the original security fl aws in 802.11. Th e 802.11i standard specifi es the use of a 128-bit Advanced Encryption Standard (AES) for data encryption. It also incorporates a mechanism for generating a fresh set of keys for each new connection. Th is results in enhanced security because the keys are constantly changed rather than reused. 802.11i is down- ward compatible with existing 802.11 devices. However, this does not mean that the security standards of the 802.11 devices are improved. It simply means that an 802.11i device will use WEP for security when communicating with an 802.11 device. 802.1x Authentication 802.1x provides port-based, network access control. Port-based network access con- trol supports authentication for Ethernet network access. Th e term port-based refers to any location point represented as a point of access. Do not confuse the term port- based with the term port, which is used in conjunction with an IP address to identify a service, such as port 80 for HTTP. 802.1x is primarily used for client/server-based networks. It allows the network server to authenticate a wireless network device when the wireless network device attempts to connect to the wired network through a WAP. Older wireless network hardware does not support Advanced Encryption Standard (AES) and therefore cannot fully support the 802.1x enhancements. 802.1x requires three components: supplicant, authenticator, and authenti- cation server, as illustrated in Figure 15-15. Th e supplicant is the wireless network device that is requesting network access. Th e WAP functions as the authenticator and does not allow any type of access to the network without proper authentication. A server running Remote Authentication Dial-In User Service (RADIUS) acts as the authentication server. Remote Authentication Dial-In User Service (RADIUS) is a service that allows remote access servers to authenticate to a central server. 4.3 NET 4.3 NET 2.3, 4.2 NET 2.3 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 463 (485 of 720)

Resources and Downloads

Help