A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network.
The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network.
Which of the following should the company implement to BEST prevent this from occurring?
A.
A BPDU guard B.
WPA-EAP C.
IP filtering D.
A WIDS.
B.
A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network.
The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network.
Which of the following should the company implement to BEST prevent this from occurring?
A.
A BPDU guard
B.
WPA-EAP
C.
IP filtering
D.
A WIDS.
B.
Option B. WPA-EAP is the best solution to prevent unauthorized access to the wireless network.
WPA-EAP (Wi-Fi Protected Access with Extensible Authentication Protocol) is a security protocol that provides strong authentication for wireless networks. It uses 802.1X authentication to verify the identity of wireless clients before allowing them to connect to the network. This prevents unauthorized devices from accessing the network, even if they have the correct PSK (pre-shared key).
WPA-EAP works by requiring a user to enter a username and password when they connect to the wireless network. The authentication server then verifies the user's identity and sends an access code to the client, allowing it to connect to the network.
WPA-EAP is more secure than using a simple PSK because it requires each client to have its own unique login credentials. This means that even if a hacker obtains the PSK, they still need to have valid login credentials to connect to the network.
Option A. BPDU guard is not a relevant solution for this problem. BPDU guard is a feature that prevents unauthorized switches from being connected to a network port. It is not relevant to wireless network security.
Option C. IP filtering is not an effective solution for preventing unauthorized access to a wireless network. IP filtering can only control access to specific IP addresses, and it does not provide any authentication or encryption for wireless network traffic.
Option D. A WIDS (Wireless Intrusion Detection System) can detect unauthorized wireless devices on a network. However, it is a reactive measure and does not prevent unauthorized devices from connecting to the network in the first place. WPA-EAP is a proactive measure that prevents unauthorized access before it can occur.
In summary, the best solution to prevent unauthorized access to the wireless network is to implement WPA-EAP authentication.