20 Wireless LAN security

 

This chapter covers

  • Applying the CIA triad to wireless communications
  • Authenticating wireless LAN clients before allowing them to communicate
  • Maintaining the confidentiality and integrity of communications in a wireless LAN
  • The WPA, WPA2, and WPA3 security certification programs

Imagine that you are in a room full of people. You have to communicate a private message to your friend on the other side of the room, but all you can do is shout at the top of your lungs. Basically, that’s how communication in a wireless LAN works. Security is a major concern in all networks, but the unbounded nature of the medium means that securing communications in wireless LANs is even more critical.

In this chapter, we will take a high-level overview of wireless LAN security concerns and solutions, covering CCNA exam topic 5.9: Describe wireless security protocols (WPA, WPA2, and WPA3). WPA stands for Wi-Fi Protected Access—a set of security certification programs developed by the Wi-Fi Alliance. To earn “Wi-Fi Certified” status, devices must comply with WPA’s standards. We will first examine the various elements of wireless LAN security and then see how they all fit together in WPA, WPA2, and WPA3.

20.1 Wireless LAN security concepts

20.1.1 The CIA triad in wireless LANs

20.1.2 Legacy 802.11 security

20.2 Wireless client authentication

20.2.1 WPA-Personal: PSK and SAE

20.2.2 WPA-Enterprise: 802.1X/EAP/RADIUS

20.3 Wireless encryption and integrity

20.3.1 Temporal Key Integrity Protocol

20.3.2 Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

20.3.3 Galois/Counter Mode Protocol

20.4 Wi-Fi Protected Access

Summary