(Book) Networking with MikroTik RouterOS: A Practical Approach to Understanding and Implementing RouterOS
Study material for the MTCNA Certification Course, updated to RouterOS v7
$19,97
MikroTik and Wireless Authentication: Understanding 'Allow Shared Key'
- Kevin Moran
- No comments
- Share this article
Facebook
Twitter
LinkedIn
WhatsApp
Telegram
Using shared keys for wireless authentication is a method used on Wi-Fi networks to verify the identity of devices trying to connect to a network.
This method is based on the shared knowledge of a secret key between the device requesting the connection (client) and the access point (AP) or router.
Here is a detailed explanation of how this process works:
1. Shared Key Configuration
Before any authentication can take place, both the access point (AP) and client devices must have the same shared key configured.
This key is established by the network administrator and must be entered manually in the AP configurations and in each of the devices that wish to connect to the network.
2. Authentication Process
The Shared Key Authentication process typically follows these steps:
- Authentication Request: The client device sends an authentication request to the AP to start the process.
- AP Challenge: The AP responds to the request by sending a challenge to the client. This challenge is basically a random data set.
- Customer response: The client device receives the challenge and uses the shared key to encrypt this data. It then sends the encrypted data back to the AP as its response to the challenge.
- AP Verification: The AP, which also knows the shared key, decrypts the response. If the decrypted data matches the original challenge, the AP assumes that the client has demonstrated knowledge of the shared key and therefore authorizes its access to the network.
3. Security
Although authentication using shared keys may seem secure, it has several vulnerabilities:
- Fixed Shared Key: If the key is intercepted or otherwise compromised, any device with knowledge of this key can access the network.
- Vulnerability to Interception Attacks: The exchange of encrypted challenges and responses can be intercepted by an attacker, who could then attempt to decrypt the shared key using traffic analysis techniques or brute force attacks.
4. Safer Alternatives
Due to these vulnerabilities, the use of shared keys for wireless authentication has largely been replaced by more secure methods, such as WPA2 (Wi-Fi Protected Access 2) and WPA3, which use more robust authentication protocols such as EAP (Extensible Authentication Protocol) along with a variety of encryption methods to protect wireless communications.
Although shared key authentication was one of the first methods used in Wi-Fi networks, its security limitations have led to the adoption of more advanced and secure authentication and encryption technologies.
Wireless MikroTik “Allow Shared Key” Option
The allow-shared-key option in MikroTik RouterOS is a setting that allows or disallows the use of shared keys for wireless authentication. Shared keys, also known as WEP, are a type of older wireless network encryption that is considered insecure.
How allow-shared-key works
- When the allow-shared-key option is enabled, wireless clients can connect to the network using a shared key.
- When the allow-shared-key option is disabled, wireless clients can only connect to the network using a WPA or WPA2 certificate or key.
Benefits of using allow-shared-key
- Greater compatibility: Shared keys are compatible with a wider range of wireless devices than WPA or WPA2 certificates or keys.
- Ease of configuration: Shared keys are easier to configure than WPA or WPA2 certificates or keys.
Risks of using allow-shared-key
- Security: Shared keys are considered insecure, as they can be cracked relatively easily.
- Bandwidth requirements: Shared keys require more bandwidth than WPA or WPA2 certificates or keys.
In what situations is it advisable to use allow-shared-key?
- If you need to connect older wireless devices that do not support WPA or WPA2 certificates or keys.
- If you need quick and easy wireless setup.
In what situations is it advisable to disable allow-shared-key?
- If you want to improve the security of your wireless network.
- If you have a wireless network with many wireless clients.
How to configure allow-shared-key
- Access the MikroTik RouterOS web interface.
- Go to Interfaces > Wireless.
- Select the wireless interface on which you want to configure allow-shared-key.
- Click the Advanced tab.
- Find the allow-shared-key setting.
- You can choose from the following options:
- disabled: Disables allow-shared-key (default).
- enabled: Enable allow-shared-key.
The “Allow Shared Key” option is relevant when configuring wireless security on a MikroTik access point and refers to whether or not to allow shared key authentication in the context of WEP or WPA. However, it is recommended to use more advanced and secure security methods whenever possible.
Differences and features of WEP, WPA & WPA 2
WEP (Wi-Fi Protected Access) It is the first Wi-Fi security protocol. It uses RC4 encryption, which is a relatively weak stream cipher algorithm. 64-bit WEP keys can be cracked in a matter of minutes, and 128-bit or 256-bit keys can be cracked in a few hours.
WPA (Wi-Fi Protected Access) is an enhancement to WEP that uses TKIP (Temporal Key Integrity Protocol) encryption. TKIP is a stronger encryption algorithm than RC4, but it is still susceptible to attacks.
WPA2 (Wi-Fi Protected Access 2) It is the most recent version of the Wi-Fi security protocol. It uses AES (Advanced Encryption Standard) encryption, which is the strongest encryption algorithm available for Wi-Fi. WPA2 is much more secure than WEP or WPA, and is very difficult to crack.
In general, it is recommended to use WPA2 to protect your wireless network. It is the most secure security protocol available and is supported by most modern wireless devices.
Feature | WEP | WPA | WPA2 |
Encryption | RC4 | TKIP or AES | BEA |
Key length | 64, 128 or 256 bits | 80 or 128 bit | 128 or 256 bit |
Security | Unsafe | More secure than WEP | More secure than WPA |
Compatibility | Wide | Wide | Wide |
Configuration difficulty | Easy | Easy | Easy |
Bandwidth requirements | Altos | Media coverage | Media coverage |
Brief knowledge quiz
What do you think of this article?
Do you dare to evaluate your learned knowledge?
Recommended books for this article
MikroTik Fundamental Concepts Book, RouterOS v7
Study material for the MTCNA Certification Course, updated to RouterOS v7
$19,97
Related Posts
Related Posts
Microlabs
(ML-001) How to properly manage multiple public or private IPs on the edge router
$8,99
(ML-002) Ways to assign public IP addresses to clients with MikroTik
$9,99
(ML-003) Guide to configure Internet exit routes with two or more providers (failover and recursion in PCC balancing)
$8,99
(ML-004) Filter implementation strategies to restrict access to web pages with MikroTik
$7,99
Other topics that may interest you
Ways to Assign IPv6 Addressing (Part 2)
March 25th, 2024
WireGuard on MikroTik RouterOS: A Secure and Efficient VPN Solution
March 13th, 2024
Ways to Assign IPv6 Addressing (Part 1)
March 11th, 2024
Do you want to suggest a topic?
Every week we post new content. Do you want us to talk about something specific?
Upcoming online courses
MTCINE OnLine
$187,00
MTCNA Online
$187,00
MTCRE Online
$187,00
Pack 4 MikroTik RouterOS books
$68,47
