Security Essentials, Textbook page 451

Copyright Goodheart-Willcox Co., Inc. 451 Chapter 14 Wireless Network Security legacy protocols, simplify Wi-Fi security, and increase cryptographic strength. WPA3 also maintains interoperability with WPA2 devices. There are two variations of WPA3: WPA3-Personal and WPA3-Enterprise. ■ ■ WPA3-Personal provides stronger protections to users by providing a more robust password-based authentication, even if users choose less recommended complexity choices in their passwords. This is possible due to a technology called SAE. Simultaneous Authentication of Equals (SAE) is a password-based security authentication method that replaced the PSK method used by WPA2. SAE allows for additional functionality that protects a password or passphrase from being easily cracked by off-site brute-force or dictionary-based attacks. WPA3 also offers an individualized encryption process in which users are unable to snoop on another’s WPA3-personal traffic, even if they have the password and are connected to the Wi-Fi network. ■ ■ WPA3-Enterprise offers greater security for the enterprise networks. WPA3-Enterprise features an optional mode that uses 192-bit minimum-strength security protocols and cryptographic tools. Authentication encryption uses 256-bit Galois/Counter Mode Protocol (GCMP-256). Devices capable of running WPA3 must connect to wireless networks also using WPA3 in order to take full advantage of all of WPA3’s features. Likewise, WPA2 devices are still supported on WPA3 equipment, but not with the enhanced security offered. Wireless Installations The first step in building a secure wireless environment begins with decisions regard- ing equipment, placement, encryption, and protocol usage. It is important to know the location of your network infrastructure, including access points and their broad- cast reach in order to secure them effectively. Important steps taken with wireless installations include conducting a site survey. Site Survey The first step in building a secure wireless network is to conduct a wireless site sur- vey. A wireless site survey is the process of planning, designing, and documenting a wireless network environment. Site surveys identify signal ranges, lack of coverage areas—called dead zones, and channel overlays, which are overlapping channels that enable resiliency in a wireless network. Site surveys also identify areas of a net- work that will likely have more users than other areas, the number of devices likely to connect on each floor or in each room, and the materials used when walls and floors were constructed. There are two general types of site surveys: predictive and Wi-Fi. Predictive Site Survey A predictive site survey, also called a wireless heat map, is a visual representation of wireless signal strength, often depicted as a map, within a network, as shown in Fig- ure 14-3. Depending on the software used to create it, a heat map is often generated by dropping access points at their installation point and signals being retrieved by the software. This information is then used to demonstrate coverage. Most heat maps provide continuous updates, while others can map connected devices in addition to showing coverage. Heat maps are an excellent tool to locate dead zones or unautho- rized access points that may be malicious. Using heat maps, network engineers can determine how strong a signal will be in a given location. Engineers can also determine how far a signal will extend out- side an organization’s physical setting. This information can provide insight into the 3.4 3.4 3.4

Previous Page Next Page

Security Essentials, Textbook Page 451 (465 of 704)

Help