Fatskills
Practice. Master. Repeat.
Study Guide: CompTIA A+ Core Certification: The Basics of Security - Wireless Security Protocols and Authentication
Source: https://www.fatskills.com/comptia-a-exam/chapter/comptia-a-core-certification-the-basics-of-security-wireless-security-protocols-and-authentication

CompTIA A+ Core Certification: The Basics of Security - Wireless Security Protocols and Authentication

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~12 min read

Objective 2.2: Compare and contrast wireless security protocols and authentication methods.
Wireless security has evolved over the past few years to adapt to the increasingly available tools that can hack into a wireless network. An administrator cannot safely install a wireless network using the default settings. The following sections describe the security options available on a wireless network.

Protocols and Encryption
An encrypted wireless network relies on the exchange of a passphrase between the client and the wireless access point (WAP) or router before the client can connect to the network. Several standards for encryption have been used, as encryption methods have improved to keep ahead of hackers. Current protocols are known as Wired Equivalent Privacy (WEP). The first WEP version used the Temporal Key Integrity Protocol (TKIP), which is now considered obsolete.

Current versions are described as follows:
- Wi-Fi Protected Access 2 (WPA2) was released in 2004 and uses Advanced Encryption Standard (AES) encryption. WPA2’s AES encryption is much stronger than the previous version: It uses 128-bit blocks and supports variable key lengths of 128, 192, and 256 bits. It allows up to 63 alphanumeric characters (including punctuation marks and other characters) or 64 hexadecimal characters. WPA2 also supports the use of a RADIUS authentication server in corporate environments.
- Wi-Fi Protected Access 3 (WPA3), which was released in 2018, uses 128-bit encryption (192-bit in an enterprise version) and has a different method for sharing security keys than the other types of encryption. WPA3 is designed to add better privacy and protection against attacks on public Wi-Fi networks.
TKIP and AES encryption are quite different. TKIP is somewhat like WEP in design so that it can operate on legacy hardware that lacks computing power. TKIP is no longer considered sufficiently secure. AES is much more secure and has been adopted by the U.S. government as the encryption standard. Some important points to remember are that two versions of WPA2 exist: WPA2-Personal and WPA2-Enterprise. WPA2-Personal protects unauthorized network access via a password. WPA2-Enterprise verifies network users through a server. WPA2 Personal uses preshared keys. WPA3 also includes both a Personal version and an Enterprise version. WPA3 maintains equivalent cryptographic strength through the required use of 192-bit AES for the Enterprise version and optional 192-bit AES for the Personal version. WPA3 helps prevent offline password attacks by using Simultaneous Authentication of Equals (SAE). This still allows users to choose easier-to-remember passwords and, through forward secrecy, does not compromise traffic that has already been transmitted, even if the password becomes compromised.

Authentication
Four different authentication methods are used for access to a wireless network: single-factor, multifactor, RADIUS, and TACACS+. These methods also apply to wired networks.

Single-Factor
Single-factor authentication is basic username and password access to a computer or network. For years, this was sufficient—and it is still used in many environments. But the rise of online banking and shopping drew more advanced hacking methods, and single-factor authentication is now rare in online commerce.

Multifactor
A multifactor authentication system uses two or more authentication methods and is far more secure than single-factor authentication.
RADIUS
Remote Authentication Dial-In User Service (RADIUS)
dates back to the days of dial-up modem access to networks in the early 1990s. It has been widely distributed and is still in use, although it has been updated over the years. A user who wants to access a network or an online service can contact a RADIUS server and enter username and password information when requested. The server authenticates (or declines) the user and advises the network or service to allow the client in (or not).

 

TACACS+
Terminal Access Controller Access Control System (TACACS+) solved a problem that occurred as network use expanded in the 1980s.
The name and acronym seem convoluted, but they describe the function and process pretty well. In early network computing, when a user logged into a network, each time he or she accessed a different resource or host on that network, the user had to reauthenticate. Dial-up was slow, and logging in was a time-consuming process. With TACACS+, a user who was already authenticated into the network was automatically logged into other resources in the system as well. The network’s access control system took care of the user’s terminal access.
In its original form, TACACS is quite insecure, but Cisco has updated and re-released it in proprietary form as TACACS+.

Kerberos
Kerberos is an open standard authentication protocol that is used between two clients (or a client and a server) and a third-party Kerberos Key Distribution Center server.
The clients acquire a Kerberos key and can mutually authenticate across an unsecure network or the Internet.
Microsoft’s version of Kerberos is the default method for Windows authentication for joining domains. Versions are also available on macOS, Linux, and other operating systems.

Malware Removal and Prevention
Objective 2.3: Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.

Wireless security has evolved over the past few years to adapt to the increasingly available tools that can be used to hack into a wireless network. An administrator cannot safely install a wired or wireless network using the default settings. The following sections describe some security threats and options available to mitigate those threats.

Malware
Malicious software, or malware, is software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent. Malware is a broad term used by computer professionals to include viruses, worms, Trojan horses, spyware, rootkits, keyloggers, adware, and other types of undesirable software. The following sections describe some types of malware in more detail.

Trojan
Trojan malware, also known as a Trojan horse, is a malware program disguised as a “gift”—usually popular videos or website links—that trick the user into downloading a virus that might be used to trap keystrokes or transmit sensitive information.
Trojans are aptly named for the famous story of the wooden Trojan horse, an apparent gift that hid invading soldiers and allowed them to sneak inside the city gates of Troy.

Rootkit
A rootkit is a set of hacking tools that makes its way deep into the computer’s operating system or applications and sets up shop to take over the computer. Some rootkits do keylogging, some listen for banking information, and more complex ones completely take over a computer. A rootkit is a complex type of malware that is difficult to detect and remove with standard malware antivirus software. Sometimes wiping the drive and reinstalling the operating system is the only certain solution.

Virus
Just as biological viruses can infect humans and cause all sorts of different illnesses, computer viruses can infect and damage computers. Virus is a generic term for any malicious software that can spread to other computers and cause trouble. Some viruses are more malicious than others, but all need to be guarded against with antivirus updates. Most virus attacks are spread with human assistance when users fall prey to phishing and carelessly open attachments. (Phishing is discussed in “Social Engineering Threats and Vulnerabilities” )

Spyware
Spyware is software that spies on system activities and transmits details of web searches or other activities to remote computers.
Getting multiple unwanted pop-up windows when browsing the Internet is a good indicator of spyware. Some pop-up windows show fake security alerts (as in Figure below), in the hopes that a user will click on something and then either purchase rogue or fake antivirus software or just download more malware. Spyware can cause slow system performance.

Images
A Fake Security Alert That Purports to Come from Microsoft

Ransomware
Ransomware uses malware to encrypt the targeted computer’s files.
The ransom demand might be presented after you call a bogus technical support number displayed by a fake error message from the ransomware, or the ransom demand might be displayed onscreen. The ransom must be paid within a specified amount of time, or the files will not be decrypted.
A famous recent example of ransomware is the WannaCry virus, which spread throughout the world in 2017. It impacted Windows machines that had not been updated with security patches that would have prevented the spread of the attack.
An even larger attack is technically known as UNC2452 but more commonly known by how it was spread: through huge networks piggybacking on Solar Winds networking software. This virus is so exceptionally complicated that is thought to be the work of an unknown government.

Keylogger
Keylogger viruses are especially dangerous because they track keystrokes and can capture usernames and passwords of unwitting users.
A keylogger can be delivered via a Trojan horse, phishing, or a fake email attachment that the user opens. One way to foil these attacks is to require multifactor authentication because the second authentication factor changes, rendering the stolen password invalid.

Boot Sector Virus
A boot sector virus is similar to a rootkit virus, in that it is embedded deep into the computer.
In this case, the virus embeds itself into the initial code of the boot sector on a hard drive. Once there, it can be loaded into system memory on startup and initialize the hidden virus in other drives on the network. Current versions of BIOS and UEFI have built-in protection against boot sector viruses, and these viruses are less common than in decades past.

Cryptominers
Cryptominers are viruses that take over the resources of an infected computer to mine cryptocurrency, usually bitcoin.
This practice is also known as cryptojacking. Bitcoin mining is largely legal in most countries, but it is expensive in terms of power use and computer resources. Thus, miners sometimes try to force someone else to pay the costs of mining while they reap the benefit of earning cryptocurrency. Viruses can be delivered in Trojan horses, during phishing, and in browser-based attacks in which malicious code is put into a web page and runs when the browser visits the page.
Slow performance, high CPU usage, and higher network traffic are symptoms that a crypto virus might be onboard.

Tools and Methods
The antivirus/anti-malware industry has worked hard to keep pace with the menace of hackers and ever-more-sophisticated viruses. The following sections discuss some of the tools and methods that are used to thwart hackers.

Antivirus/Anti-malware
Protection against viruses and malware is necessary for every type of computing device, from mobile devices to servers. Computer protection suites that include antivirus, anti-malware, anti-adware, and anti-phishing protection are available from many vendors, but some users prefer a “best of breed” approach and choose the best available product in each category.
Antivirus/anti-malware programs can use some or all of the following techniques to protect users and systems:
- Real-time protection to block infection
- Periodic scans for known and suspected threats
- Automatic updating on a frequent (usually daily) basis
- Renewable subscriptions to obtain updated threat signatures
- Links to virus and threat encyclopedias
- Inoculation of system files
- Permissions-based access to the Internet
- Scanning of downloaded files and sent/received emails
When attempting to protect against viruses and malware, the most important consideration is to keep your anti-malware application up-to-date. The second most important consideration is to watch out for unknown data, whether it comes via email, USB flash drive, a mobile device, or some other mechanism.

Recovery Mode
Recovery Mode enables you to reset your PC or boot from a recovery disk.
If resetting the PC is not sufficient, you can boot from a recovery disk to remove infected files and restore your original files. Access the recovery tools in Windows 10 by going to Settings Update & Security Recovery. Figure below shows the recovery tools page in Windows 10.

Images
Windows 10 Recovery Options

User Education
Regardless of the sophistication of physical or digital security measures, a lack of user education can lead to security issues. Users should be educated in how to do the following:

- Ask for an ID when approached in person by someone claiming to be from the help desk, the phone company, or a service company.
- Ask for a name and a supervisor name when contacted by phone by someone claiming to be from the help desk, the phone company, or a service company.
- Use only official contact information for the help desk, phone company, and authorized service companies, and call the authorized contact person to verify that a service call or phone request for information is legitimate.
- Log into systems first and then give the technician the computer (instead of giving the technician all the login information).
- Change passwords immediately after service calls.
- Report any potential social engineering calls or in-person contacts, even if no information was exchanged. Social engineering experts can gather innocuous-sounding information from several users and create a convincing story to gain access to restricted systems.
- Keep antivirus, antispyware, and anti-malware programs updated.
- Scan systems for viruses, spyware, and malware.
- Understand the major malware types and techniques.
- Scan removable media drives (such as optical discs and USB drives) for viruses and malware.
- Disable Autorun and AutoPlay.
- Configure scanning programs for scheduled operation.
- Respond to notifications that viruses, spyware, or malware have been detected.
- Quarantine suspect files.
- Report suspect files to the help desk.
- Remove malware.
- Disable antivirus software when needed (such as during software installations) and know when to reenable antivirus software.
- Avoid opening attachments from unknown senders.
- Use anti-phishing features in web browsers and email clients.

Anti-Phishing Training
Phishing is a well-known problem that continues to confound network security educators. Phishing requires naive or vulnerable users who are unfamiliar with how easily they can provide a home for malware or a virus. This is usually done by opening email that users do not carefully look at before opening, or giving away information that can help hackers access the network.
Training can involve weekly reports of phishing examples. Some IT departments even internally release “fake” phishing attempts to see if anyone responds and needs more training.

OS Reinstallation
OS reinstallation is often a good solution for an infected computer. It is an involved process, but many viruses are so well hidden that it can be the best solution.

Before performing the reinstallation:
- Isolate the computer from any network connections.
- Change all passwords that were used during the suspected time of infection, especially banking and work passwords. (There is no point in changing the computer’s passwords because they will need to be reset during the installation.)
- Back up data files on an external hard drive. Don’t back up the apps; the virus might reside in one of them.

During and after the reinstallation:
- Keep the computer off the network during the process.
- Ask for all updates available.
- Enable the firewall and install any other security software used on the network.
- Scan the external drive that contains the backed-up files, to make sure the virus is not reimported in one of them.
- Enable automatic updates for the OS and antivirus software.



ADVERTISEMENT