Summary
The unprotected data flowing through a wireless network can be easily modified, and intruders can always assume the identity of legitimate users for their nefarious aims. In this chapter we reviewed the cryptographic safeguards capable of defeating these attacks. These countermeasures include the TKIP MIC as well as various one-way hashes used by IPSec and several 802.1x EAP types for data integrity protection and user authentication. The described asymmetric cryptography methods are employed to generate digital signatures to sign the certificates used by the majority of EAP types and to exchange secret keys of common security protocols, such as IPSec, SSH, SSL, and PGP. Learning the cryptographic building blocks of these protocols enables you to perform an informed and intelligent wireless network design and hardening.
|