Chapter 20: Wi-Fi Security
Critical Vocabulary
SSID
BSSID
ESSID
MAC filtering
Signal strength
Band and Bandwidth
Antenna Types
Fat vs. Thin APs
Controller-based vs. Standalone
Cryptographic Protocols
WEP (not on 601)
WPA (not on 601)
WPA2: WiFi Protected Access 2
WPA3: WiFi Protected Access 3
CCMP: Counter-mode/CBC-MAC Protocol
SAE: Simultaneous Authentication of Equals (New on the 601 exam.)
Authentication Protocols
EAP: Extensible Authentication Protocol
PEAP: Protected Extensible Authentication Protocol
EAP-FAST
EAP-TLS
EAP-TTLS
IEEE 802.1x
https://1.ieee802.org/security/802-1x/
RADIUS: Remote Authentication Dial-in User Service Federation
Methods
Key Protos
PSK: Pre-shared key (password)
Enterprise (directory/certificate)
Open
WPS: WiFi Protected Setup
Captive portals
Installation considerations
Site surveys
Heat maps
WiFi analyzers
Channel overlaps
Wireless access point (WAP) placement
Controller and access point security
WiFi Scanners/Crackers
Kismet
Netstumbler
CoWPAtty