AES Details and Related Concepts - CompTIA Security +
Hola!
I have a confession I didn't knew about AES until not long ago... Something to say... Discuss this post: Bluesky
Secure Protocols, Practices, and AES Details
AES Details and Related Concepts
| AES Concept | Description | Associated Use/Consideration |
|---|---|---|
| Symmetric Encryption | Uses a single key for both encryption and decryption of data | Ensure secure key distribution and storage |
| Block Cipher | Encrypts data in fixed-size blocks (128 bits) using key sizes of 128, 192, or 256 bits | Choose 256-bit keys for maximum security |
| Key Management | Involves generating, distributing, and rotating encryption keys to prevent unauthorized access | Implement automated key rotation to reduce exposure |
| AES in WPA2/WPA3 | Provides data confidentiality in wireless networks via CCMP (WPA2) or GCMP (WPA3) | Use WPA3 with AES-GCMP for enhanced security |
| NIST Standard | Selected as the encryption standard in 2001, replacing DES/3DES for sensitive data | Follow NIST guidelines for implementation |
| Applications Beyond Wi-Fi | Used in protocols like IPsec ESP and for encrypting data at rest (e.g., disk encryption) | Ensure proper configuration to avoid implementation flaws |
Secure Protocols
| Protocol | Port(s) | Main Use | Risks / Insecurity | Secure Alternative |
|---|---|---|---|---|
| WPA2 (CCMP/AES) | N/A (Wi-Fi) | Secures wireless networks with AES-128 encryption and CCMP | Susceptible to KRACK attacks, weak PSK prone to brute-force, lacks PFS | WPA3 (SAE/AES) |
| WPA3 (SAE/AES) | N/A (Wi-Fi) | Enhances wireless security with SAE and AES (128/192 bits) | Limited device compatibility, misconfiguration risks, higher resource demands | None (most secure option) |
| AES | N/A (Algorithm) | Symmetric encryption for data in transit/rest (128/192/256 bits) | Vulnerable to weak keys or poor implementation (e.g., key reuse) | AES with secure key management |
Other Secure Practices
| Other Secure Practices | Description | Recommendation |
|---|---|---|
| Simultaneous Authentication of Equals (SAE) | Replaces WPA2-PSK with Dragonfly key exchange, offering PFS and resistance to offline dictionary attacks | Enable WPA3 with SAE for all wireless networks |
| Enhanced Open (OWE) | Ensures individualized data encryption in open Wi-Fi, improving privacy | Implement OWE in public Wi-Fi to prevent eavesdropping |
| Management Frame Protection (MFP) | Safeguards Wi-Fi management frame integrity, preventing spoofing and tampering | Activate MFP in WPA2/WPA3 for secure network management |
| Secure Key Management for AES | Promotes strong, unique keys and regular key rotation for AES encryption | Use automated key rotation and prefer 256-bit keys |
Discuss this post: Bluesky
