Northridge Consulting Group

WLAN Workshop
WIRELESS LAN CONFIGURATION
ADVANTAGES AND DISADVANTAGES OF
DIFFERENT SECURITY MODELS

Types of Security Model

Transitional Security Model
Personal Security Model
Enterprise Security Model

Transitional Security Model

Provides the basic level of security.

Can be easily bypassed by a skilled person.

Includes basic level of authentication and encryption to

achieve minimal security.

Authentication is achieved by implementing steps like
MAC filtering, SSID Cloaking and shared keys.
Encryption is achieved by using WEP. Although its a
vulnerable encryption but still provide a level of security
than open Wi-Fi.

How WEP Works

IV

original unencrypted packet

RC4
key

IV

encrypted packet

checksum

Personal Security Model

Uses a more reliable hardware to achieve security.

The model is divided into two sections: Wi-Fi Protected

Alliance and Wi-Fi Protected AllianceII.

WPA uses firmware upgrade to use existing WEP
hardware.
WPA2 uses hardware upgrade.

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access was the successor and
replacement to the increasingly weak WEP standard.
WPA used firmware upgrade to which used a new PSK
key for authentication and TKIP for encryption.
WPA included integrity check and TKIP. TKIP is a
secure encryption standard which encrypts every
packet with a unique key.
WPA uses TKIP, which was designed to uses the
existing WEP but this caused WPA to be exploited too
due to elements from WEP.

Wi-Fi Protected Alliance II (WPA2)

WPA2 was released in 2006 officially, which superseded

WPA. It used PSK key for authentication and AES-CCMP

for encryption.
Most significant change was the introduction of CCMP
protocol as a replacement of TKIP.
Counter Cipher Mode with Block Chaining Message
Authentication Code Protocol is a block mode cipher
using 128 bit keys.
WPA2s encryption algorithm is quite secure, but a
feature for users called WPS, if enabled can be used to
exploit WPA2.
U.S Government uses it secure it top-secret files.

Enterprise Security Model

Designed for Enterprises and Medium sized

organizations.
It is also dived in two section: WPA and WPA2.
All the features of personal security model plus added
benefit of uses a RADIUS server for authentication.
Users are authenticated via a server upon association.
Extremely high defence rate but high investment.

WPA Enterprise
Uses IEEE 802.1x for authentication and TKIP for

encryption.
IEEE 802.1x uses a authentication server to grant or
deny access. The AP forwards the authentication
request to the RADIUS server for verification against
a list.
TKIP is used to provide encryption for the data
packets. Uses WEP features so may be susceptible to
attack in future.

WPA2 Enterprise
Uses IEEE 802.1x for authentication and AES-

CCMP for encryption.

IEEE 802.1x is the best authentication protocol
available.
Uses AES-CCMP protocol as used in WPA2 Personal
model.

Vulnerability Graph
% of Attack
WPA/WPA2 Enterprise
WPA2 (WPS Disbaled)

WPA2 Personal
WPA Personal

% of Attack

WEP
Current Standing
Traditional Model

20

40

60

80

100

120

WEP
Relies on
shared keys.
Uses
Integrity
Check to
ensure
packet not
modifed in
transit.

WPA
Uses same
hardware
using
firmware
upgrade.
Uses TKIP
and RC4
stream
cipher.

WPA2
Requires
hardware
upgrade.
Uses
AES(CCMP).
Compatible
with WPA.

Secure your Wi-Fi Now!!

Easy steps to counter attack on your Wi-Fi network.

Secure Your Wireless Network Today!!