George Stefanick - CWSP Journey, (Chapter 5 – RSN  POST#2) - 7/4/2010

RSN stands for (Robust Security Network) which was defined in the 802.11i - 2004 standard. This was later rolled under the 802.11-2007 standard (clause 8).  The purpose of RSN is to provide stronger encryption and authentication methods.

RSNA stands for (Robust Security Network Association). RSNA requires (2) 802.11 stations to establish procedures to authenticate and associate with each other as well as create dynamic encryption keys through the 4-way handshake. *Note an access point is also a referenced as a station* The 802.11-2007 standard defines two classes of security methods pre-RSNA and RSNA.  RSNA security methods use either TKIP/RC4 or CCMP/AES.  This leads me to believe that WPA/TKIP is a RSNA as well. Although not under the RSNIE.

RSNIE stands for (Robust Security Network Information Element). RSNIE is the information element found in certain management frames. The purpose of this information element is to show station compatibilities. RSNIE can identify encryption capabilities and authentication type (802.1X/EAP) and (PSK)

NOTE: There are ONLY 4 types of 802.11 frames that contain the RSN Information Element (RSNIE). Remember (2) of these packets come from the (BSS) access point and (2) of them come from the station. The following FRAMES contain the RSNIE (RSN INFORMATION ELEMENT) when WPA2 / 802.11i is enabled on the BSS.

ACCESS POINT (BSS): BEACON and PROBE RESPONSE frames
CLIENT (Station) : ASSOCIATION RESPONSE and REASSOCIATION RESPONSE frames

Pre-RSN stands for (Pre-Robust Security Network).  A pre-RSN uses static or dynamic WEP keys. Anything WEP is considered Pre-RSN.  

TSN stands for (Transition Security Network).  TSN supports both RSN and  pre-RSN legacy authentication and encryption on the same BSS. Example – Think of WEP with  WPA and/or WPA2 enabled on the same BSS. Pre-RSN +  RSN = TSN

 Below is the RSNIE

RSNIE is enabled when you choose WPA2 (personal  (PSK) or enterprise(802.1X/EAP))

Example #1  WPA/TKIP  

Note WPA / TKIP is enabled on this BSS. The WPA information element is populated as you can see. Notice you won’t see an RSNIE.  WPA is part of RSN, the sniffer just isnt labling it as such. 

Example#2  WPA/AES 

Note WPA / AES is enabled on this BSS. The WPA information element is populated.  Notice you won’t see an RSNIE even though AES is enable. WPA is part of RSN, the sniffer just isnt labling it as such. 

Example#3  WPA2/TKIP 

WPA2 / TKIP is enabled on this BSS. The RSN information element is populated.  Note you don’t see the WPA information element. Rather you see the RSN element becuase WPA2 was selected. 

Example#4 – WPA2/AES 

Note WPA2 / AES is enabled on this BSS. The RSN information element is populated.  Note you don’t see the WPA information element, because WPA is not selected.

Example#5   TSN (Transition Security Network) WEP , WPA/WPA2 (TKIP/AES)

This is an example of a single BSS allowing pre-RSN (WEP) and RSN clients. This becomes beneficial when you want to migrate from WEP to a more secure wireless network such as WPA2.   

I've always played with the Cisco ACS on Windows boxes, but I purchased a Cisco ACS Appliance / Solution Engine sometime ago. I didn't know at the time PING was disabled by default. Here is how enable ping response from the appliance / solution engine

The Cisco Secure ACS Solution Engine does not respond to pings like a normal, Windows−based Cisco

There is no other group in IT that focuses on details like ‘us’ wireless geekz. We read through books, PDFs, press releases and study every little detail! Last week the question came up. Is it, 802.1x (lower case) or 802.1X (upper case). BTW ~~ Headers aren't showing properly, but you get the idea. 

So what is the difference between a small x and a capital X ? Let’s first look how the IEEE assigns the numbers we reference everyday…. Let’s pick on 802.11 and 802.3, shall we.

802 = PROJECT

First , you have the 802 (PROJECT). This is the ROOT level of the tree. We reference 802 as part of 802.3 and 802.11 standards all day long. Think of 802 as the root / base of the tree.

802.11 or 802.3 = WORKGROUPS

Under the 802 project the IEEE assigns something called “workgroups”.  A workgroup is formed to solve certain issues. These are the folks that create the STANDARDS, key word here STANDARDS. Standards created by the workgroup always references capital letters, should there be a letter in the standard *cough* 802.1X 

Let’s look at two standards. 

802.3 = Ethernet Standard

802.11 = Wireless Standard

802.11n or 802.3af = TASK GROUP

Under the STANDARD you have something called TASK GROUPS. So the standard was defined and as needs arise and modifications are needed to the standard (also referenced as amendments), tasks groups are formed. Task groups start with a single lower case letter and sequentially progress a,b,c,d,etc.

For example, the 802.11 STANDARD was created and a TASK GROUP called ‘a’ was formed, also called the 802.11a amendment. 

(Note: once all the single letters are used, an additional letter will be applied. For example 802.3af)

So break it down ….. 802.11n = WHAT? 

(802 = PROJECT + 11 = WORKGROUP + n = TASK GROUP)

BACK to 802.1X

802 is the project, of course. We just covered that … 

1X is the WORKGROUP that created the 802.1X standard. The standard is ALWAYS referenced with a capital letter, in this case X. 802.1X IS THE STANDARD, as there isn't any amendments. So if you answered: Capital X, you are correct!

Coming March 2009!!