You are Michael Rivera, a cybersecurity consultant at FortiSec Solutions, hired to strengthen the wireless...

The requirement that each device authenticate through a centralized server using unique usernames and passwords aligns directly with 802.1X authentication, which CEH materials describe as port-based Network Access Control used in enterprise wired and wireless environments. In Wi-Fi, 802.1X is typically implemented as WPA2-Enterprise or WPA3-Enterprise and relies on EAP methods with a backend AAA server, most commonly RADIUS. The access point acts as the authenticator, forwarding the client’s authentication exchange to the RADIUS server, which validates the user or device identity and returns an accept or reject decision along with session keys and policy attributes. This provides strong control and auditing because access can be tied to individual identities, supports account disablement, and can enforce different access levels.

The other options do not match the “centralized server with unique credentials” description. Disabling TKIP improves security by removing an outdated encryption protocol, but it does not provide per-user authentication. MAC address filtering is weak because MAC addresses are easily discovered and spoofed, and it does not use centralized identity validation. Upgrading to WPA3 improves cryptographic strength, and WPA3-Enterprise can work with 802.1X, but WPA3 alone does not guarantee centralized username and password authentication unless the enterprise mode with 802.1X is specifically deployed. Therefore, the correct countermeasure that fits the described design is to use 802.1X authentication with a centralized authentication server, enabling strong access control, accountability, and improved resistance to unauthorized device connections.