Question

This research report is broken into two parts:

1. Use the Internet to research information on the different EAP protocols that are supported in WPA2 Enterprise (see Table 8-5). Write a brief description of each and indicate the relative strength of its security.

  2. Is the wireless network you own as secure as it should be? Examine your wireless network or that of a friend or neighbor and determine which security model it uses. Next, outline the steps it would take to move it to the next highest level. Estimate how much it would cost and how much time it would take to increase the level. Finally, estimate how long it would take you to replace all the data on your computer if it was corrupted by an attacker, and what you might lose. Would this be motivation to increase your current wireless security model? Write a one-page paper on your work.

Answer 1

1) Different EAP protocols that are supported in WPA2 Enterprise:

• EAP-TLS (originally certified protocol)
• EAP-TTLS/MSCHAPv2
• PEAPv0/EAP-MSCHAPv2
• PEAPv1/EAP-GTC
• EAP-SIM
• EAP-TLS is the original wireless LAN EAP authentication protocol. Although it's rarely implemented , it is still considered one of the most secure EAP standards available The requirement for a client-side certificate gives EAP-TLS its authentication strength. A compromised password is not enough to break into EAP-TLS enabled systems because the hacker still needs to have the client-side certificate. When the client-side certificates are housed in smartcards, this offers the most secure authentication solution available.

• EAP-TTLS shines over PEAP authentication is that the username is not revealed in clear-text, which might avoid some DoS (Denial of Service) attacks where someone can maliciously log-in repeatedly with the right username and wrong password to lock out that user's account. PEAP authentication only protects the password portion with a strong TLS tunnel but broadcasts the username in the clear.  

  PEAPv0/EAP-MSCHAPv2 . The server side implementation of PEAPv0/EAP-MSCHAPv2, called IAS (Internet Authentication Service). PEAPv0/EAP-MSCHAPv2 enjoys universal support and is known as the PEAP standard.PEAP is so successful in the market.PEAPv0/EAP-MSCHAPv2 refer to the outer authentication method and is the mechanism that creates the secure TLS tunnel to protect subsequent authentication transactions.EAP-MSCHAPv2 refer to the inner authentication method which facilitates user or device authentication

  PEAPv1/EAP-GTC was created as an alternative to PEAPv0/EAP-MSCHAPv2. It allows the use of an inner authentication protocol . PEAPv1 authentication is rarely used. There is no native OS support for this EAP protocol.PEAPv1/EAP-GTC refer to the outer authentication method and is the mechanism that creates the secure TLS tunnel to protect subsequent authentication transactions.EAP-GTC refer to the inner authentication method which facilitates user or device authentication

• . PEAP-EAP-TLS does require a client-side digital certificate located on the client's hard drive or a more secure smartcard. PEAP-EAP-TLS is very similar in operation to the original EAP-TLS but provides slightly more protection due to the fact that portions of the client certificate that are unencrypted in EAP-TLS are encrypted in PEAP-EAP-TLS. PEAPv0/EAP-MSCHAPv2 is the only form of PEAP that most people will ever know.

• EAP-SIM was created for the GSM mobile telecom industry, which favors the use of SIM cards for authentication. There is no native OS support for this EAP protocol.EAP-SIM refer to the inner authentication method which facilitates user or device authentication

  The bottom line is that the current WPA2 standard is now fully mature and provides rock solid wireless LAN security. WPA2 provides solid military grade encryption and a broad choice of strong to strongest authentication protocols. EAP-TLS and PEAPv0/EAP-MSCHAPv2 with universal platform support are the de facto EAP standards in wireless LAN authentication. PEAPv0/EAP-MSCHAPv2 provides strong single-factor security while EAP-TLS provides the strongest two-factor authentication scheme in wireless LAN security.

How to secure your home wireless network

• Make a complicated router password
• Change the router's admin credentials
• Change the network name
• Strengthen wifi encryption
• Turn off Plug 'n Play
• Turn off Remote Management
• Limit WPS
• Keep the router firmware up to date.
• Turn on firewall
• MAc address fltering
• Turn off router
• Check on port32764
• Keep devices Healthy
• Use VPN
• Centre your signal footprint
• Create a FARADAY cage
• Turn off n/w when going away for long periods
• Setup separate n/w for IoT devices
• RECOVER FROM VIRUS ATTACK
• Disconnect and isolate.
• Focus on the cleanup.
• Reinstall your operating system
• Restore your data.
• Scan for viruses.
• Prevent future attacks. Run anti-virus software and keep virus definitions current. Make sure your security patches are up-to-date. And if you haven't been running anti-virus software, start doing so immediately to prevent future attacks. Also, if you lost data files in the recent attack, create and enforce a regular backup schedule. Change all of your passwords, including ISP access passwords, FTP, e-mail and website passwords. Some viruses can capture or crack passwords, leading to future vulnerabilities. By changing your passwords, you'll be able to boost your security.