Page 793 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 793

It offers no real protection and may lead to a false sense of security.


               WPA

               Wi-Fi Protected Access (WPA) was designed as the replacement for
               WEP; it was a temporary fix until the new 802.11i amendment was

               completed. The process of crafting the new amendment took years,
               and thus WPA established a foothold in the marketplace and is still
               widely used today. Additionally, WPA can be used on most devices,
               whereas the features of 802.11i exclude some lower-end hardware.

               802.11i is the amendment that defines a cryptographic solution to
               replace WEP. However, when 802.11i was finalized, the WPA solution

               was already widely used, so they could not use the WPA name as
               originally planned; thus it was branded WPA2. But this does not
               indicate that 802.11i is the second version of WPA. In fact, they are
               two completely different sets of technologies. 802.11i, or WPA2,
               implements concepts similar to IPSec to bring the best-to-date
               encryption and security to wireless communications.

               Wi-Fi Protected Access is based on the LEAP and Temporal Key

               Integrity Protocol (TKIP) cryptosystems and often employs a secret
               passphrase for authentication. Unfortunately, the use of a single static
               passphrase is the downfall of WPA. An attacker can simply run a
               brute-force guessing attack against a WPA network to discover the
               passphrase. If the passphrase is 14 characters or more, this is usually a
               time-prohibitive proposition but not an impossible one. Additionally,

               both the LEAP and TKIP encryption options for WPA are now
               crackable using a variety of cracking techniques. While it is more
               complex than a WEP compromise, WPA no longer provides long-term
               reliable security.


               WPA2

               Eventually, a new method of securing wireless was developed that is
               still generally considered secure. This is the amendment known as

               802.11i or Wi-Fi Protected Access 2 (WPA2). It is a new encryption
               scheme known as the Counter Mode Cipher Block Chaining Message
               Authentication Code Protocol (CCMP), which is based on the AES
               encryption scheme. In late 2017, a concept of attack known as KRACK
   788   789   790   791   792   793   794   795   796   797   798