Wireless LANs
ICND1 v1.03-1
ICND1 v1.03-2
Control and Integrity Authentication Ensure that legitimate clients associate with trusted access points.
Protection and Availability Intrusion Prevention System (IPS) Track and mitigate unauthorized access and network attacks.
ICND1 v1.03-3
WEP
802.1x EAP
WPA
802.11i / WPA2
Basic
encryption
No strong
authentication
Standardized Improved
encryption
AES strong
encryption
Static,
breakable keys
User
authentication
Strong, user
authentication (such as, LEAP, PEAP, EAPFAST)
802.1X EAP
(LEAP, PEAP)
RADIUS
ICND1 v1.03-4
Access points send out beacons Client scans all channels. Client listens for beacons and
strongest signal. announcing SSID, data rates, and other information.
Client associates to access point with Client will repeat scan if signal During association, SSID, MAC
becomes low to reassociate to another access point (roaming). address, and security settings are sent from the client to the access point and
ICND1 v1.03-5
ICND1 v1.03-6
WPA
Enterprise mode (Business, education, Government) Authentication: IEEE 802.1X/EAP Encryption: TKIP/MIC
WPA2
Authentication: IEEE 802.1X/EAP Encryption: AES-CCMP
Personal mode
(SOHO, home and personal)
Authentication: PSK
Encryption: TKIP/MIC
Authentication: PSK
Encryption: AES-CCMP
ICND1 v1.03-7
Summary
It is inevitable that hackers will attack unsecured WLANs. The fundamental solution for wireless security is authentication
ICND1 v1.03-8
Summary (Cont.)
ICND1 v1.03-9
ICND1 v1.03-10