14 Wireless Security Fundamentals
What are the formats of WEP keys?
10 or 26 hex digits
When was WEP officially deprecated?
2004
What is the size of the IV used by WEP?
24 bits
What is the size of the PAC-key?
32-octets
What are the length of WEP keys?
40 or 104 bits
What is the length of the IV used by TKIP?
48 bits
What version of the 802.11 standard deprecated TKIP?
802.11-2012
What 802.11 amendment defines CCMP?
802.11i
What 802.11 amendment defines best practice wireless security methods?
802.11i
What 802.11 amendment deprecated WEP?
802.11i
What is the name of the port-based access control standard that limits access to a network media until a client authenticates?
802.1X
What step is performed by EAP-FAST authentication in phase 0?
A unique PAC is generated by the EAP-FAST server and installed on the client
What is the current encryption algorithm adopted by US National Institutes of Standards and Technology (NIST) and the US government?
AES
What are the names of the two security algorithms used by CCMP?
AES counter mode for encryption; CBC-MAC for MIC
What is AES?
Advanced Encryption Standard
What is the 802.1X authentication role of a WLC?
Autenticator
What is the name of the security process that controls access to a wireless network?
Authentication
What optional function can be performed with WEP in addition to encryption?
Authentication
What is the 802.1X authentication role of a RADIUS server?
Authentication server
What four steps are performed by EAP-TLS?
Authentication server presents a certificate; Supplicant validates that the certificate is signed by a trusted CA; Supplicant presents a certificate; Authentication server validates that the certificate is signed by a trusted CA
What three steps are performed by PEAP during the outer authentication phase?
Authentication server presents a digital certificate; Supplicant validates that the digital certificate is signed by a trusted CA; The digital certificate is used to establish a TLS tunnel
What are the three necessary components of a secure wireless network?
Authentication, encryption and MIC
What protocol was developed as replacement for WEP?
CCMP
What is CA?
Certificate Authority
What is the term for the type of security method used by WEP authentication?
Challenge phrase
What is CBC-MAC
Cipher Block Chaining Message Authentication Code
What tools can be used to locate rogue APs?
Cisco PI coupled with MSE
What step is performed by EAP-FAST authentication in phase 2?
Client authentication using EAP with credentials protected by the TLS tunnel
What step is performed by PEAP during the inner authentication phase?
Client authentication using EAP with credentials protected by the outer TLS tunnel
What is CCMP?
Counter mode CBC-MAC Protocol
What protocol defines common functions that actual authentication methods can use to authenticate users?
EAP
What is EAP-FAST?
EAP Flexible Authentication via Secure Tunnelling
What is EAP-TLS?
EAP Transport Layer Security
What authentication protocol was developed by Cisco to overcome the weaknesses in LEAP?
EAP-FAST
What is considered the most secure wireless authentication protocol available?
EAP-TLS
What is the name of the security process that provides message privacy on a wireless network?
Encryption
What is EAP?
Extensible Authentication Protocol
What is the term for a hardware device that generates one-time passwords for the user?
GTC
What is GTC?
Generic Token Card
What is the main difference between a controller based wireless IDS and a PI-based wIPS?
IDS can detect and contain while wIPS can detect, contain and prevent
What is added by WEP to the static key to make sure the same data sent several times will not result in the same encrypted value?
IV
What is IDS?
Intrusion Detection System
What is a recommended component of a secure wireless network?
Intrusion protection
What is the main weakness of EAP?
It assumes a protected communication channel, so facilities for protection of the EAP conversation is not provided
Why has LEAP been deprecated?
It is vulnerable to dictionary attacks
What is the main weakness of TKIP?
It's vulnerable to a MIC key recovery attack
What is used with WEP to show which key was used to encrypt?
Key index
What is the term for the type of algorithm used by TKIP to compute a unique 128-bit WEP key for each frame?
Key mixing algorithm
What authentication protocol was developed by Cisco in 2000 to overcome the weaknesses in WEP?
LEAP
What is LEAP?
Lightweight EAP
What two steps can be performed by the over-the-air containment algorithm when a rogue AP has been detected by a controller?
Listen for any clients that associates to a rogue AP; Send spoofed deauthentication frames to the clients so they think the rogue AP has dropped them
What is the name of the security process that protects against tampering with the data in a wireless frame?
MIC
What four security features were added to WEP encryption by the TKIP protocol?
MIC; Sequence counter; Key mixing algorithm; Longer IV
What are the client authentication methods supported by Cisco for use with PEAP?
MSCHAPv2 and GTC
What is MIC?
Message Integrity Check
What is MSCHAPv2?
Microsoft Challenge-Handshake Authentication Protocol version 2
What step is performed by EAP-FAST authentication in phase 1?
Mutual authentication using the PAC and establishment of a TLS tunnel
What is the main disadvantage of using EAP-TLS?
Need to deploy certificates to every wireless client
What two forms of authentication were defined in the original 802.11 standard?
Open authentication and WEP
What are the names of the two phases used with PEAP authentication?
Outer authentication; Inner authentication
What is contained in a PAC?
PAC key; PAC Opaque; PAC-Info
What is the name of the field used by EAP-FAST to provide information about issuer and key lifetime?
PAC-Info
What is the name of the field that contains the encrypted user credentials used by EAP-FAST?
PAC-Opaque
What is the name of the shared secret used by EAP-FAST to establish a secure tunnel between the supplicant and the authentication server?
PAC-key
What authentication protocol was developed to overcome the main weakness in EAP?
PEAP
What can be used with EAP-TLS to avoid manually installing certificates on wireless clients?
PKI
What authentication methods are supported with WPA and WPA2?
PSK or 802.1X
What are the names of the three phases used by EAP-FAST authentication?
Phase 0; Phase 1; Phase 2
What is PAC?
Protected Access Credentials
What is PEAP?
Protected EAP
What is PKI?
Public Key Infrastructure
What are the two main disadvantages of using EAP-FAST?
RADIUS server must also operate as EAP-FAST server; Not so widely supported on clients as EAP-TLS
What encryption algorithm is used by WEP?
RC4 chiper
What is RADIUS?
Remote Authentication Dial-In User Service
What type of attack attempt to reuse frames that have been already sent?
Replay attack
What is the disadvantage of CCMP?
Requires support in hardware
What is the term for a client that associates with a rogue AP?
Rogue client
What are the four categories of wireless security threats?
Rouge devices; Ad hoc networks; Client misassociations; Passive or active attacks
What are the three main weaknesses of WEP?
Same static keys for all users; IV added to each frame header in clear text; Checksum in each frame is cryptographically insecure
What is added by TKIP to the MIC hash value as evidence of the frame source?
Sender's MAC address
What is used by TKIP to provides a record of all the frames sent by a unique MAC address?
Sequence counter
What type of security method is used by WEP encryption?
Shared-key
What is the 802.1X authentication role of the client device requesting access?
Supplicant
What are the six authentication steps used by 802.1X?
Supplicant connects to authenticator; Authenticator asks supplicant for ID; Supplicant sends ID to authenticator; Authenticator sends ID to RADIUS server; RADIUS server authenticates supplicant and responds with success or failure message; If success the authenticator opens its port for user traffic
What are the four steps performed during LEAP authentication?
Supplicant provides its username; Authentication server responds with a challenge string; Supplicant encrypts challenge string with Cisco proprietary algorithm; Authentication server verifies that the client encrypted the challenge string correctly
What are the three authentication roles defined by 802.1X?
Supplicant; Authenticator; Authentication server
What protocol was developed as an interim solution to replace WEP without requiring replacement of legacy hardware?
TKIP
What function is performed by a RADIUS server?
Take user or client credentials and permit or deny access based on a user database and policies
What is TKIP?
Temporal Key Integrity Protocol
Who developed the TKIP security protocol?
The 802.11i working group and the Wi-Fi Alliance
What is added by TKIP to the MIC hash value to prevent replay attacks?
Time Stamp
How many WEP-keys can be configured for each WLAN?
Up to 4
What is the purpose of open authentication on a WLAN?
Validate that a client is a valid 802.11 device
What industry certification was developed by the Wi-Fi Alliance based on parts of the 802.11i draft amendment?
WPA
What industry certification is used with wireless hardware that supports CCMP?
WPA2
What industry certification was developed by the Wi-Fi Alliance based on the 802.11i amendment?
WPA2
What is WPA?
Wi-Fi Protected Access
What is WEP?
Wired Equivalent Privacy
What can be used to monitor wireless activity, and compare it against a database of known signatures or patterns?
Wireless IDS
What can monitor wireless activity, compare it against a database of known signatures or patterns, implement customisable policies to blacklist clients or rouge devices, and block SSIDs?
wIPS
