Wireless Security Settings - 4.1
Summary
WPA3 is a wireless security protocol that strengthens encryption and protects against key interception by using GCMP and Simultaneous Authentication of Equals (SAE). It improves security over WPA2, especially against offline dictionary attacks. Authentication methods include WPA3-PSK for home networks and 802.1X for enterprise environments, which uses AAA servers like RADIUS and the Extensible Authentication Protocol (EAP) for secure access control.
Notes:
Wi-Fi Protected Access 3 (WPA3)
- WPA3 uses the GCMP (Galois/Counter Mode Protocol) block cipher for encrypting data over wireless networks, providing stronger encryption than WPA2.
- It enhances security by eliminating the transmission of the Pre-Shared Key (PSK) across the network, protecting against key interception.
- WPA3 implements Simultaneous Authentication of Equals (SAE), which utilizes a Diffie-Hellman key exchange with added authentication, offering better protection against offline dictionary attacks.
Wireless Authentication Methods
- Pre-shared key (PSK): Commonly used in home networks, where users share a password to access the network. WPA3-PSK improves security by using SAE, which enhances authentication and mitigates vulnerabilities found in WPA2-PSK.
- 802.1X: A centralized authentication method utilizing a username, password, Multi-Factor Authentication (MFA), or other credentials, generally used in enterprise environments. WPA3-802.1X integrates this standard with enhanced encryption and authentication.
- Authentication is achieved via an AAA (Authentication, Authorization, and Accounting) server such as Remote Authentication Dial-In User Service (RADIUS), providing stronger network access control.
- 802.1X, often referred to as Network Access Control (NAC), prompts users for credentials and regulates access based on those credentials.
- Extensible Authentication Protocol (EAP) is employed within 802.1X to support various authentication mechanisms such as EAP-TLS (Transport Layer Security).