Actually starting this discussion in doubt as i could have posted in the week 2 discussion but since it's not week 2 anymore...
I use the Cisco press as my guide to prep for the exam however the more often i read the book the more questions arise. Like this one:
Comparing WPA to WPA2, you can see that;
- WPA mandates TKIP, and AES is optional
- WPA2 mandates AES and doesn't allow TKIP
- WPA allows AES in its general form
- WPA2 only allows the AES/CCMP variant
- With WPA2, key management allows keys to be cached to allow for faster connections.
Why is it possible to configure WPA2 with AES TKIP on the WLC? Is it considered WPA instead of WPA2 with the use of TKIP? Why does Cisco press explicitly state that WPA2 only allows the AES/CCMP encryption???
Question; So what version Wi-Fi Alliance certification uses TKIP?
A. WPA personal
B. WPA enterprise
C. WPA2 personal
D. WPA2 enterprise
E. all of the above
Now this is an interesting subject. I remember seeing another thread about this very thing a long time ago. I couldn;t find it though.
Even though it isn't week 2 anymore, it doesn't mean that you can't go back to it and add to the discussion
This is a question I have always wondered myself. Perhaps our study group leader can shed some light on this.
Darn, I was really hoping to sit this one out... I don't like that issue either and haven't found a good answer for it. When I teach this subject I explain how the certifying agency, the WPA, states that for a device to be WPA compliant it must support the TKIP extensions to WEP and may optionally use AES in its general form or in any subform and to be certified as WPA2 compliant it must support AES-CCMP, not the general form of AES and also not TKIP. Then no more than 5 minutes later I show them that the controllers allow you select WPA with TKIP, WPA with AES, WPA2 with TKIP and WPA2 with AES. The WPA2 with AES implies AES-CCMP, the WPA with AES implies the general form, WPA with TKIP makes sense, but I must admit that I'm not 100% on the WPA2 with TKIP. I am hoping that tomorrow I have a chance to dig for that answer, for you all and so that I don't have to uncomfortably skirt the question anymore There is something else I was supposed to look up and clarrify... I think it was in relation to how many APs an instance of WCS can handle, some one refresh my memory if you sitll want the info.
My understanding is that
WPA uses TKIP
WPA2 uses AES
Now I believe that you can have WPA and WPA2 with TKIP and AES enabled in the WLC and that this is for the support of multiple clients ie clients that may have different capabilities (linking back to the week 5 topic)
Now I have never tried to set up a client as WPA-AES or WPA2-TKIP even though I have enabled all the tick boxes in the WLC to do this.
I believe its not best practice, 1 security setup per SSID/VLAN etc and it can confuse cards, which as we all know is not hard
"What am I doing today WPA or WPA2 oooh I will be WPA2 UH I can be TKIP or AES, **** I dont know Im doing nothing" hence client card stops working
Now this doc written and hosted on the WIFi Alliance site http://www.wi-fi.org/files/kc/WPA-WPA2_Implementation_2-27-05v2.pdf
However its still clear as mud to me as I haven't gone into every detail.
Its worth bearing in mind all the hullaballo over the ratification of 802.11N and people not investing in it until it became a standard, now WPA is NOT a standard. Neither is WPA2 and as far as I can see never will be.
Now correct me if I am wrong but there are other red herrings with WPA, in that it was a stop gap to replace WEP. Now WEP was a part of the original 802.11 standard from what I understand and WPA2 was a derivative "based on 802.11i" which parts and requirements I dont know and doubt I will ever have time to find out?
It also in some areas states that WPA and WPA2 provide user authentication, which neither of them do, from what I see they simply provide a framework of protocols and practices that support user authentication. Yes I know its semantics but it is important to be accurate if we discuss what is and is not a standard. I know this as I done alot of work in WiMAX which in and of itself is not a standard but only based on the 802.16 standard, and when you dig deeper you realise that the current WiMAX offering are based on 802.16e which introduces mobility you can get very confused. Actually its just been relaunced as 802.16 2009 which I think is happening to 802.11 to include all of the ammendments.
Eqaully EAP is NOT a standard but a framework to for authentication defined in RFC3748 and updated in RFC5247. Now if EAP is a framework for authentication and WPA can work without EAP as WPA2 can WPA2 is occasionally simply a means of encryption and NOT an authentication mechaism as there is no mutuality involved.
Lastly of all of the EAP types just to complete the story the only accepted EAP "Standard" thats not actually a standard is EAP-TLS which we all know is the most difficult to deploy as you have to develope your own PKI with certificates everywhere. EAP-TLS is defined in RFC5216 and is considered an open standard by the IETF but then its still not a standard as by that definition EAP-MD5 could make that claim as it is defined by the original EAP RFC3748 and EAP-FAST RFC4851, EAP-AKA RFC4187, EAP-SIM RFC4186, EAP-TTLSv0 RFC 5281, EAP-IKEv2 RFC5106. I think PEAP is RFC3579 originally defined in RFC2284.
My whole point being wireless security is not easy, its certainly not standards based and as mobility gets better across various media handoffs are going to be more problematic as we all use differing methods.Let alone just undestanding the encryption/frameworks of WPA and WPA2.
It would be so coold and make our lives easier if some of the big manufacurers made these into standards that were truly interoperable then we would have pure definitions rather than wholly explanations about ifs and maybes because of the 20plus different EAP types taht are available.
Sorry go on a bit of a bandwagon there, but thats why nothing actually works as it should, all of the above.
Could it be that in whole transition between WPA and WPA2 some cards used WPA2 icw TKIP and didn't support the AES/CCMP and now there is some sort of backwards compatibility?? I've read that some vendors tried to achieve AES encryption with a software solution instead of exchanging the hardware. It seems that back in the days various solutions where tested, could WPA2/TKIP have been one of them?? TKIP now beeing the less secure solution (compared to WPA2 but solving the WEP problem) and therefore WPA2 states the AES/CCMP encryption as only option. While reading about TKIP i came across some pages stating that the Japanese borke WPA/TKIP in a matter of minutes...
I can image that in this case Cisco press wants to draw a line somewhere and state that,
WPA -> TKIP and optionally AES
WPA2 -> AES/CCMP
So this is what i will use during the exam
Well, how about we ask Cisco to change the code on the WLC's so that if you uncheck WPA, then TKIP automatically grays out or something, showing that WPA is required if you want to use TKIP and that WPA2 requires AES.
If the code functioned this way, I would say "case closed, problem solved."
I will lab this up tomorrow, its a little late here in the UK.
Will test WPA-AES and WPA2-TKIP. I think we agree from the WiFi Alliance perspective this should not work though I am able to set it on a NIC?
Well i actually tested it already on my lab equipment and i'm able to connect with both WPA2 encryption methods.
So with TKIP/AES checked then CCMP encryption shows up in the beacon and i connect using AES/CCMP. After that i unckecked WPA2 AES forcing WPA2 TKIP and the encryption setting received after my probe request is TKIP, again no problems in connecting to the network...
Like mentioned before i'm not able to force TKIP from the client side.
I found this quite helpful.
Implements the majority of IEEE 802.11i, but with different headers (so can operate both in same network). Designed to require only a firmware upgrade (full 802.11i usually requires hardware change).
As designed, WPA uses TKIP and Michael for message integrity, based on RC4 for encryption.
Pre-shared (personal) vs. Enterprise (RADIUS)
Defines the type of authentication used.
WPA (and WPA2) may operate in enterprise mode, using a RADIUS server to hold per-user keys. This allows individual access to be controlled in a large network. For a small network, e.g. home network, without a RADIUS server a pre-shared key (PSK) may be used. The same key is used by all clients, so may require more work to update.
TKIP vs. AES-based CCMP
Defines the algorithm used for message integrity and confidentiality.
WPA was designed to be used with TKIP (and WPA2 designed to use stronger AES-based).
However, some devices allow WPA (not WPA2) with AES (and WPA2 with TKIP).
AES is optional in WPA; in WPA2 both AES is mandatory, BUT TKIP is optional.
Note that TKIP is not directly comparable to AES; TKIP is an integrity check, AES is an encryption algorithm.
In the context of wireless security this actually means TKIP vs. "AES-based CCMP" (not just AES).
TKIP is a lower end encryption protocol (WEP2) and AES is a higher end (WPA2/802.11i) encryption protocol. AES is preferred.
This is what the encryption standards are for WEP2 (TKIP) and WPA2/802.11i (AES). It will attempt to use AES if available and fall back to TKIP if not. This setting offers the most compatibility but won't guarantee a higher level of encryption if a device falls back to TKIP.
WPA2, aka 802.11i
Fully conforms with 802.11i as it implements all mandatory features.
Guarantees interoperability certification.
Effectively WPA2 is Wi-Fi Alliance's brand name for 802.11i.
Note: In some cases other optional features of 802.11i may be required, but interoperability may not be guaranteed.
Support for AES encryption and AES-based CCMP message integrity is mandatory (is optional in WPA).
As well as mandatory AES, WPA2 also adds PMK (Pair-wise Master Key) and Pre-authentication to help fast roaming.
Authentication options for 802.11i.
Two initial types - pre-shared key (personal) or RADIUS (enterprise), same as per WPA.
Additional types of enterprise authentication types now available (usually not relevant for home users).
WPA2 mandates AES-based CCMP for message integrity and confidentiality.
TKIP (weaker) is optional.
Mixed mode allows a device to try WPA2 first, and if that fails fall-back to WPA.
WEP was supposed to provide Confidentiality, but has found to be vulnerable and should no longer be used, has been found to be vulnerable and is often the default; this should be changed.
Most devices that support WEP can be firmware/software upgraded to WPA.
Do not use unless some devices can not be upgraded to support WPA.
WEP has been outdated for years and has better replacements. The 40-bit encryption is just not strong enough to keep data secure and can be broken rather easily. Newer encryption methods use stronger encryption and have yet to be broken while WEP can be broken in a minute, use WPA where possible.
To keep things simple, the best options, in decreasing order of preference, may be:
WPA2 + AES
WPA + AES (only if all devices support it).
WPA + TKIP+AES (only if all devices can support it).
WPA + TKIP
Disabled (no security)
The most common two options will be WPA2 + AES and WPA + TKIP, because they match the mandatory requirements in the standards (WPA2 requires AES, WPA requires TKIP).
You can use WPA + AES for higher security than TKIP, but only if your devices support it (it is optional). For this reason it is not very common. You also do not get the improved roaming features of WPA2.
WPA + TKIP+AES provides a fallback in case AES is not supported by a device in that it switches to the more common TKIP. The disadvantage is that it might switch to TKIP unexpectedly but is more backwards compatible if needed.
Currently TKIP has no known vulnerabilities, so for broadest compatibility stick with WPA + TKIP.
The remaining combination, WPA2 + TKIP, is possible (as TKIP is optional in WPA2), but doesn't make much sense because AES is more secure and mandatory for all WPA2 devices.
So, here is what I was able to dig up regarding why the 4 options exist: WPA with TKIP, WPA with AES, WPA2 with AES, WPA2 with TKIP.
When most of us consider WPA versus WPA2 we think only of encryption, hence the conversation we have had around it so far. WPA is a certification, done by the group known as WPA, which states that a device supporting WPA has to conform with certain things, including the standard use of TKIP and the optional use of the general form of AES. What we miss is that WPA also mandates that we use the Michael algorithm as a per packet/frame "Message Integrity Check", which this is typically considered to go hand in hand with TKIP. WPA was intended to be a stepping stone to WPA2, to increase security of our wireless networks using what was the current hardward of the time before upgrading that hardward and being able to use WPA2. WPA2 is a certification that states the device supporting WPA2 fully complies (well, there are 1 or 2 excepts) with the 802.11i standard. That 802.11i standard, and therefore WPA2, includes a mandate to use the AES-CCMP encrption standard, but if need be it can use TKIP instead. It also mandates the use of Micheal for per packet/frame "Message Integrity Checks". Another one, which is really important, is that WPA2/802.11i supports PKC (Proactive Key Caching), in which a client will fully authenticate with the 802.1X/RADIUS server just once, and the PMK (Pairwise Master Key) that the client and RADIUS Server agree on are used with everyone AP in the network that that client associates with as it roams. Without that feature, when the client roams they need to reach out to the RADIUS Server and do a complete reauthentication, which may take nearly or more than 1 second, which is seriously damaging to roaming Voice over WLAN implementations. PKC works in WPA2 and not WPA. So, even if both are using TKIP it is preferred to use WPA2 over WPA so that you gain the extra benefits that WPA2 provides, beyond that of the encrption we had been discussing.
I hope that clarrified things, tough you should keep in mind that this information is significantly beyond the scope of CCNA: Wireless, but wicked interesting to me none the less.
PS - I fixed my '
One small side jaunt: "...WPA [and WPA2] also mandates that we use the Michael algorithm as a per packet/frame 'Message Integrity Check'...."
Is this the same MIC that's used in MFP, or is that a same name, different thingie item?
God, the two of you! I'm gonna stop giving answers if everytime it just spawns 2 more questions... how could I possibly get ahead?
Yes, the Michael Algorithm is a common hashing algorithm, similiar to MDS and SHA1, but is computationally much less expensive and therefore was choosen for both MFP and WPA/WPA2 Message Integrity Checks.
The exceptions to the 802.11i standard related to WPA2 are (to the best of my knowledge and abilities without opening the RFCs because I don't wanna fall asleep yet tonight):
802.11i states that Ad-Hoc network support not permitted, where as WPA2 allows Ad-Hoc networks.
802.11i mandates an 802.1X authentication solution, where are WPA2 permits both Infrastructure (802.1X/RADIUS) and Personal (Pre-Shared Key) modes
And I'm just kidding, keep in coming punks
Once again, beyond the cope of CCNA: Wireless, but still awesome to know. Now get back to work.
Sorry. I have been breaking my own rule right and left about not going too deep beyond the CCNA Wireless. Sometimes I just can't help myself I guess I am just getting in some warm up time for CCNP Wireless, when I get more serious about it.