Wireless: site surveys, heat maps, WPA3, AAA/RADIUS

3.5 Security techniques for computing resources

📘CompTIA Security+ (SY0-701)

(Site Surveys, Heat Maps, WPA3, AAA/RADIUS)

Wireless networks are convenient, but they also introduce specific security risks because signals travel through the air. Attackers don’t need physical access — they just need to be within range.
To secure wireless networks, security professionals perform site surveys, use heat maps, configure strong encryption (WPA3), and enforce authentication and access control using AAA/RADIUS.

Let’s go step by step.

🔹 1. Site Surveys

What is a Site Survey?

A wireless site survey is the process of analyzing and planning a Wi-Fi network before or after deployment. It helps determine the best placement for wireless access points (APs) to achieve strong signal coverage, avoid interference, and ensure network security.

Why It Matters for Security

  • Identifies areas with weak signals that attackers could exploit.
  • Detects rogue access points (unauthorized Wi-Fi devices) in the environment.
  • Helps ensure even and controlled coverage, avoiding signals extending outside secure boundaries (like a company’s property).

Types of Site Surveys

  1. Passive Survey
    • Monitors existing Wi-Fi networks and records signal strength, noise, and interference.
    • Commonly used during security audits.
  2. Active Survey
    • Connects to the network and tests actual performance (throughput, latency).
    • Helps identify where connections are weak or unstable.
  3. Predictive Survey
    • Uses specialized software to simulate a wireless network before it’s physically installed.
    • Helps plan AP placement and coverage before purchasing equipment.

Tools Used

  • Wireless analyzers (e.g., Ekahau, NetSpot, AirMagnet Survey).
  • Spectrum analyzers (detect interference from devices like microwaves or Bluetooth).

🔹 2. Heat Maps

What is a Heat Map?

A heat map is a visual representation of wireless signal coverage across a physical area.
It uses colors to show signal strength:

  • Green or blue = strong signal
  • Yellow = medium signal
  • Red = weak signal

Why It’s Important

  • Helps visualize coverage gaps or dead zones.
  • Identifies signal leaks outside secure areas.
  • Supports troubleshooting poor connectivity or performance issues.
  • Can be used to validate a site survey — ensuring the network is secure and well-balanced.

Security Benefits

  • Prevents attackers from connecting outside the intended range.
  • Assists in finding unauthorized access points or overlapping networks.
  • Ensures access points are not broadcasting too far, reducing attack surface.

🔹 3. WPA3 (Wi-Fi Protected Access 3)

What is WPA3?

WPA3 is the latest and most secure wireless encryption standard, replacing WPA2.
It protects data being transmitted over Wi-Fi and ensures that only authorized users can access the network.

Key Features of WPA3

  1. Stronger Encryption
    • Uses 128-bit or 192-bit encryption, depending on the version (Personal or Enterprise).
    • Makes it much harder for attackers to crack passwords or decrypt traffic.
  2. SAE (Simultaneous Authentication of Equals)
    • Replaces the old PSK (Pre-Shared Key) method.
    • Prevents offline dictionary attacks — attackers cannot capture traffic and guess passwords offline.
  3. Forward Secrecy
    • Even if an attacker later obtains the password, they cannot decrypt past communications.
  4. Individualized Data Encryption
    • Each user connected to the network has their own encryption key, preventing one user from viewing another’s data.
  5. Protected Management Frames (PMF)
    • Defends against deauthentication and disassociation attacks (commonly used in Wi-Fi jamming or session hijacking).

WPA3 Modes

  • WPA3-Personal (SAE): For homes or small offices, using strong passphrases.
  • WPA3-Enterprise: For organizations using centralized authentication (e.g., RADIUS). Provides 192-bit security strength.

Why It’s on the Exam

You need to understand that WPA3 is the most secure wireless encryption standard currently available and should always be preferred over WPA2 or WEP.

🔹 4. AAA and RADIUS

What is AAA?

AAA stands for:

  • Authentication: Verifying who a user is.
  • Authorization: Defining what the user is allowed to do.
  • Accounting: Recording what the user does.

These three functions are essential for managing and securing network access — especially in enterprise Wi-Fi environments.

What is RADIUS?

RADIUS (Remote Authentication Dial-In User Service) is a network protocol that implements the AAA framework.
It’s commonly used to manage wireless user authentication in organizations.

How It Works

  1. A user tries to connect to a Wi-Fi network (through an Access Point).
  2. The Access Point forwards the user’s credentials (like username and password) to a RADIUS server.
  3. The RADIUS server checks these credentials against a central database (e.g., Active Directory).
  4. If valid, access is granted. If not, access is denied.
  5. The RADIUS server also logs user activity for auditing (accounting).

Benefits of RADIUS

  • Centralized Authentication: All users are managed in one place.
  • Stronger Security: Credentials are encrypted and verified over a secure channel.
  • Role-Based Access: Different users can be given different permissions (for example, admin vs. guest).
  • Accountability: Logs show who connected, when, and for how long.

Integration Example (for IT environments)

  • Many organizations use WPA3-Enterprise with RADIUS.
  • Employees connect to the Wi-Fi using their corporate credentials, and RADIUS verifies them before granting access.
  • Guest users can be restricted to separate networks with limited access.

🧠 Exam Tips

ConceptKey Point to Remember
Site SurveyIdentifies optimal AP placement and detects coverage or security gaps.
Heat MapVisual tool that shows wireless coverage strength and signal leaks.
WPA3Current strongest Wi-Fi encryption with SAE, forward secrecy, and PMF.
AAAAuthentication, Authorization, and Accounting framework.
RADIUSCentralized AAA protocol used for Wi-Fi user management and logging.

🏁 Summary

Wireless network security requires a combination of planning, monitoring, and strong encryption:

  • Site surveys ensure coverage and signal control.
  • Heat maps help visualize and secure signal areas.
  • WPA3 provides robust encryption and authentication for modern Wi-Fi.
  • AAA/RADIUS ensures that only authorized users can connect, and all activities are tracked.

Together, these techniques create a secure, reliable, and manageable wireless environment — an essential topic for the CompTIA Security+ SY0-701 exam.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by