Ch. 7 Business Data Networks & Security
When offered the choice when you are configuring a wireless access point, which WLAN security standard should you choose?
802.11i / WPA2
In 802.1X, which is the verifier?
802.1X authentication server. Although the verifier is technically both the authenticator and the server. The 802.1X authentication server does the majority of the work.
Which initial authentication mode or modes of 802.11i authentication uses a central authentication server?
802.1X or AKA the enterprise mode
What is PAN?
Personal area network—small groups of devices in a communication bubble around aperson's body or a single desk
How might a security administrator use SNMP Get commands to access points?
Query for errors of various types, power levels, power of nearby access points, etc.
What two treats can defeat 802.11i security?
Rogue access points & Evil twin attack
All access points & wireless clients today support _____ at no extra cost.
WPA2
802.1X Initial Authentication Mode
Was created for corporations with many access points. It is extremely strong but complex to implement. AKA enterprise mode.
An evil twin access point is a ______ configured to act like a real access point.
notebook computer
Why is low speed and short distance good in the Internet of Things?
"slow & close" communication extends battery life
What three operational security threats must PSK users consider?
- Not seeing that a pre-shared key as "secret" because "everybody knows it" someone may give it to an unauthorized person. - If someone leave the company, the PSK must be changed & this is not done automatically. - PSKs are generated from passphrases, which are only secure if they are long.
How long must passphrases be to generate strong pre-shared keys?
20 characters
Drive-by hacker
A hacker that is located outside of the corporate premises. They connect to an unsecured access point within the site. They use highly directional antennas that allow them to send very strong signals & receive signals that would be too weak to hear with normal Wi-Fi equipment. Many use Pringles cans.
Rouge Access Point
AKA weakest link problem
How does centralized management provide for the detection of rouge access points?
Access points can send SNMP traps if they detect the signal of a nearby unauthorized access point. The SNMP manager can ask an access point for the EUI-48 addresses of nearby access points. It can see one if these is not authorized.
who creates a rouge access point?
An employee or department
What is a VPN?
An encrypted path through an untrusted network. Because the transmission is encrypted, others can't read the transmission.
Distinguish between evil twin access points & rouge access points.
An evil twin access point is a notebook computer configured to act like a real access point. A rogue access point is an unauthorized access point set up within a firm by an employee or department.
Pre-Shared Key (PSK) initial authentication mode
An initial authentication mode used in 802.11i. Used in residences and small business that only have a single access point. AKA personal mode
Rogue access point
An unauthorized access point set up within ta firm by an employee or department. *Dangerous because they are typically set up with no security or poor security.
Why do small IoT devices only implement Bluetooth LE?
Because a brief use of traditional Bluetooth would slash battery life
Which initial authentication mode is used for message-by-message encryption, authentication, and message integrity?
Both PSK (personal mode) and 802.1X (enterprise mode)
What initial authentication mode does 802.11i use?
Can use either PSK (personal mode) and 802.1X (enterprise mode)
Compare the relative benefits of the two types of Classic Bluetooth.
EDR (Enhanced data rate)—Good performance at modest power HS (High speed)—Brief high-speed transfers at modest power
Describe the process by which by which access point locations are determined.
First step is to determine how far signals should travel. This determines the radius of service around each access point.
For what use scenario was 802.11I PSK mode created?
For personal at home use or for smaller businesses that only require a single access point.
Evil twin attack
Is a man-in-the-middle attack in which the evil twin intercepts traffic passing between a wireless host & a legitimate access point.
What is the benefit of Bluetooth low energy?
It has reduced power consumption
How is 802.11i protection limited?
It only provides link security protection between the wireless client & the wireless access point. It doesn't provide end-to-end security all the way between the wireless client & the server on the wired LAN.
Why would you not want to use high-speed Bluetooth all the time?
It uses too much battery
Comment on the cost of central access point management.
It's expensive, but it greatly reduces management labor, so there should be considerable net savings from its use.
Distinguish between link security & end-to-end security.
Link security protection is only between the wireless access point & the wireless client host. End-to-end security provides a secure link all the way between the wireless client & the server on the wired LAN.
A _____________ attack is difficult to detect because it is transparent to both the wireless client & the access point. Both operate as usual & neither can tell that it is dealing with an imposter.
Man-in-the-middle or Evil twin
Does the choice of initial authentication mode change how other phases of 802.11i work?
No, personal mode & enterprise mode offer the same ongoing protection with message-by-message confidentiality, Integrity, & authentication.
Is there a single dominant IoT communication standard?
No, there are several standards that vary widely in the possible distances between the two deices and transmission speed.
Do public hot spots protect your transmissions?
No, they tend to be unsecure
In initial authentication, the wireless client is the _____. It must prove its identity to the ______ before the access point will allow the client to connect.
Supplicant; access point
In 802.1X operation, what device acts as the authenticator in Wi-Fi?
The access point or 802.1X authenticator
What does the evil twin do after initial association when the victim client transmits?
The evil twin establishes a secure 802.11i connection with the wireless victim client. This is security connection 1, it will use Key Client-ET (VC-ET) for encryption. Next, the ET associates with the legitimate access point using 802.11i, creating Security Connection 2. This connection will use Key ET-AP for encryption.
In what ways is the pairwise session key the user receives after authentication different from the PSK?
The pairwise session key the host receives is unshared and is used to communicate with the access point subsequently. It is a session key because it will only be used for a single communication session.
Why can they defeat 802.11i security?
They are typically configured with no security or poor security. They give a drive-by hacker access to the firm's internal network.
When must firms do site surveys to give users good service?
They must be done frequently & routinely. They also may be done in response to specific reports or problems.
What type of battery do very small Bluetooth LE devices require, and why is this important?
They use a coin battery because they are expected to last for a long time, even years.
How can a drive-by hacker defeat a site's border firewall?
They will try to connect via wireless access to an unsecured access point within the site.
What cryptographic protection does 802.11i provide?
This protection includes initial authentication plus message-by-message confidentiality, integrity, and authentication (CLA). So a drive-by hacker can't read traffic (confidentiality), modify traffic (integrity) or connect to the access point to send traffic (authentication).
For what use scenario was 802.11i's 802.1X mode created?
This was created for corporations with many access points.
The original standard to protect communication in WLANS was
Wired Equivalent Privacy (WEP) - Deeply flawed
What does the Wi-Fi Alliance call 802.11i?
Wireless Protected Access (WPA2)
How can you tell if your client computer has succumbed to an evil twin attack?
You can't. The attack is transparent to both the wireless client and the access point. Both operate as usual. Neither can tell that it is dealing with an impostor.
Wireless Protected Access (WPA)
an interim security standard used as a stop-gap measure by the Wi-Fi Alliance based on an early draft of 802.11i but using much weaker standards for cryptographic protections.
The least secure access point determines the strength of the ________.
entire network
Classic Bluetooth & Bluetooth low energy are
incompatible