#readwise # Introduction to Networking - Wireless Networks ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article4.6bc1851654a0.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Introduction to Networking - Wireless Networks - URL: https://academy.hackthebox.com/module/34/section/1873 ## Summary Wireless networks use radio signals to send data between devices. A Wireless Access Point (WAP) connects these devices to a wired network and manages access. Devices must request permission from the WAP to transmit data, using security protocols like WPA2 or WPA3 for protection. To enhance security, measures like disabling SSID broadcasting and using strong authentication methods are recommended. ## Highlights to connect to the router, the laptop uses a wireless networking protocol called [IEEE 802.11](https://en.wikipedia.org/wiki/IEEE_802.11). This protocol defines the technical details of how wireless devices communicate with each other and with WAPs. When a device wants to join a WiFi network, it sends a request to the WAP to initiate the connection process. This request is known as a `connection request frame` or `association request` and is sent using the `IEEE 802.11` wireless networking protocol. The connection request frame contains various fields of information, including the following but not limited to: | Field | Description | | ------------------------------ | -------------------------------------------------------------------------------------------- | | `MAC address` | A unique identifier for the device's wireless adapter. | | `SSID` | The network name, also known as the `Service Set Identifier` of the WiFi network. | | `Supported data rates` | A list of the data rates the device can communicate. | | `Supported channels` | A list of the `channels` (frequencies) on which the device can communicate. | | `Supported security protocols` | A list of the security protocols that the device is capable of using, such as `WPA2`/`WPA3`. | The device then uses this information to configure its wireless adapter and connect to the WAP. Once the connection is established, the device can communicate with the WAP and other network devices. It can also access the Internet and other online resources through the WAP, which acts as a gateway to the wired network. ([View Highlight](https://read.readwise.io/read/01jnjxqxy05esy6e9rvcf5n0md)) --- ### WEP Challenge-Response Handshake The challenge-response handshake is a process to establish a secure connection between a WAP and a client device in a wireless network that uses the WEP security protocol. This involves exchanging packets between the WAP and the client device to authenticate the device and establish a secure connection. | Step | Who | Description | | ---- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------- | | 1 | `Client` | Sends an association request packet to the WAP, requesting access. | | 2 | `WAP` | Responds with an association response packet to the client, which includes a challenge string. | | 3 | `Client` | Calculates a response to the challenge string and a shared secret key and sends it back to the WAP. | | 4 | `WAP` | Calculates the expected response to the challenge with the same shared secret key and sends an authentication response packet to the client. | ([View Highlight](https://read.readwise.io/read/01jnjxt8g0btjh33myt9jaafzq)) --- `WEP` uses a `40-bit` or `104-bit` key to encrypt data, while `WPA using AES` uses a `128-bit` key. Longer keys provide more robust encryption and are more resistant to attacks. However, it is vulnerable to various attacks that can allow an attacker to decrypt data transmitted over the network. In addition, WEP is not compatible with newer devices and operating systems and is generally no longer considered secure. Finally, `WEP` uses the `RC4 cipher` encryption algorithm, which makes it vulnerable to attacks. ([View Highlight](https://read.readwise.io/read/01jnjxxqgsk4hp1pm4dna5xpav)) --- ### WPA `WPA` provides the highest level of security and is not susceptible to the same types of attacks as WEP. In addition, WPA uses more secure authentication methods, such as a [Pre-Shared Key](https://en.wikipedia.org/wiki/Pre-shared_key) (`PSK`) or an 802.1X authentication server, which provide stronger protection against unauthorized access. Although older devices may not support WPA is compatible with most devices and operating systems. All wireless networks, especially in critical infrastructure like offices, should generally implement at least `WPA2` or even `WPA3` encryption. ([View Highlight](https://read.readwise.io/read/01jnjxzz0b4e0wj8mhag9fcrab)) --- ### Authentication Protocols [Lightweight Extensible Authentication Protocol](https://en.wikipedia.org/wiki/Lightweight_Extensible_Authentication_Protocol) (`LEAP`) and [Protected Extensible Authentication Protocol](https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol) (`PEAP`) are authentication protocols used to secure wireless networks to provide a secure method for authenticating devices on a wireless network and are often used in conjunction with WEP or WPA to provide an additional layer of security. LEAP and PEAP are both based on the [Extensible Authentication Protocol](https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol) (`EAP`), a framework for authentication used in various networking contexts. However, one key difference between `LEAP` and `PEAP` is how they secure the authentication process. - `LEAP` uses a `shared key` for authentication, which means that the `same key` is used for `encryption and authentication`. This can make it relatively easy for us to gain access to the network if the key is compromised. However, `PEAP` uses a more secure authentication method called tunneled [Transport Layer Security](https://en.wikipedia.org/wiki/Transport_Layer_Security) (`TLS`). This method establishes a secure connection between the device and the WAP using a `digital certificate`, and an encrypted tunnel protects the authentication process. This provides more robust protection against unauthorized access and is more resistant to attacks. ([View Highlight](https://read.readwise.io/read/01jnjy1ca8zprnmevavjfepbxc)) --- ### TACACS+ In a wireless network, when a wireless access point (WAP) sends an authentication request to a [Terminal Access Controller Access-Control System Plus](https://www.ciscopress.com/articles/article.asp?p=422947&seqNum=4) (`TACACS+`) server, it is likely that the `entire request packet` will be encrypted to protect the confidentiality and integrity of the request. `TACACS+` is a protocol used to authenticate and authorize users accessing network devices, such as routers and switches. When a WAP sends an authentication request to a `TACACS+` server, the request typically includes the user's credentials and other information about the session. Encrypting the authentication request helps to ensure that this sensitive information is not visible to unauthorized parties who may be able to intercept the request. At the same time, it is being transmitted over the network. It also helps prevent tampering with the request or replacing it with a malicious request of their own. Several encryption methods may be used to encrypt the authentication request, such as `SSL`/`TLS` or `IPSec`. The specific encryption method used may depend on the configuration of the `TACACS+` server and the capabilities of the WAP. ([View Highlight](https://read.readwise.io/read/01jnjy3phkxvdj940n667cq9jb)) ---