SECURITY+ chp8 book

Prior to Microsoft Windows Vista, the Microsoft Windows Network Driver Interface Specification (NDIS) did not

(NDIS) did not support monitor mode, and only data frames could be displayed. Later versions of Windows (Vista and 7) added some support for monitor mode, yet this is dependent on specific types of cards. Unlike Windows, Linux does support monitor mode so that most cards and their drivers can easily display wireless traffic.

A group of piconets in which connections exist between different piconets is called a scatternet.

A keystream attack is a method of determining the keystream by analyzing two packets that were created from the same IV.

Access points that support wireless VLANs may support 16 or more multiple SSIDs (and thus multiple VLANs).

After the wireless signal has been detected, the next step is to document and then advertise the location of the wireless LANs for others to use (known as war chalking)

An AP configured for multiple VLANs would appear as 16 different wireless networks.

An EAP packet contains a field that indicates the function of the packet (such as response or request) and an identifier field used to match requests and responses. Response and request packets also have a field that indicates the type of data being transported (such as an authentication protocol) along with the data itself.

An access point (AP) consists of three major parts:

An antenna and a radio transmitter/receiver to send and receive wireless signals Special bridging software to interface wireless devices to other devices A wired network interface that allows it to connect by cable to a standard wired network

An attacker could plug into the OBD-II connector and change

An attacker could plug into the OBD-II connector and change specific vehicle emission settings or erase information captured in an accident that showed the driver was at fault. In a more treacherous attack, the OBD-II connector could even be used to control the air bags or antilock braking system (ABS).

Because AES performs so many rounds and substitutions, legacy WLAN hardware with older processors may not be able to support AES.

Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV (called a collision).

Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV (called a collision). With that information, the attacker can begin what is called a keystream attack or IV attack.

One method of controlling access to the WLAN so that only approved users can be accepted is to limit a device's access to the AP.

Because the AP acts as the central "base station" for the wireless network in that all wireless traffic is channeled through it, this central location in a WLAN makes it the ideal point for limiting access.

Bluejacking is an attack that sends unsolicited messages to Bluetooth-enabled devices. Usually bluejacking involves sending text messages, but images and sounds can also be transmitted. Bluejacking is usually considered more annoying than harmful because no data is stolen. Bluejacking has been used for advertising purposes by vendors.

Bluesnarfing is an attack that accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers. In a bluesnarfing attack, the attacker copies e-mails, calendars, contact lists, cell phone pictures, or videos by connecting to the Bluetooth device without the owner's knowledge or permission.

Bluetooth is named after the tenth-century Danish King Harald "Bluetooth" Gormsson, who was responsible for unifying Scandinavia.

Bluetooth is named after the tenth-century Danish King Harald "Bluetooth" Gormsson, who was responsible for unifying Scandinavia. Bluetooth Danish King Harald "Bluetooth" Gormsson Scandinavia

Bluetooth is the name given to a wireless technology that uses

Bluetooth is the name given to a wireless technology that uses short-range radio frequency (RF) transmissions and provides for rapid ad hoc device pairings. Bluetooth was originally designed in 1994 by the cellular telephone company Ericsson as a way to replace wires with radio-based technology

WPA also replaces the Cyclic Redundancy Check (CRC) function in WEP with the Message Integrity Check (MIC), which is designed to prevent an attacker from capturing, altering, and resending data packets.

CRC is designed to detect any changes in a packet, whether accidental or intentional. However, CRC does not adequately protect the integrity of the packet. An attacker can still modify a packet and the CRC, making it appear that the packet contents were the original (because the CRC is correct for that packet).

Dedicated probe. A dedicated probe is designed to exclusively monitor the RF frequency for transmissions. Unlike access point probes that serve as both an access point and a probe, dedicated probes only monitor the airwaves.

A framework for transporting the authentication protocols is known as the Extensible Authentication Protocol (EAP).

Despite its name, EAP is a framework for transporting authentication protocols instead of the authentication protocol itself. EAP essentially defines the format of the messages.

EAP uses four types of packets: request, response, success, and failure. Request packets are issued by the authenticator and ask for a response packet from the supplicant. Any number of request-response exchanges may be used to complete the authentication. If the authentication is successful, a success packet is sent to the supplicant; if not, a failure packet is sent.

An AP has two basic functions.

First, it acts as the "base station" for the wireless network. All wireless devices with a wireless NIC transmit to the AP, which in turn, redirects the signal, if necessary, to other wireless devices. The second function of an AP is to act as a bridge between the wireless and wired networks. The AP can be connected to the wired network by a cable, allowing all the wireless devices to access through the AP the wired network (and vice versa).

For IEEE 802.11a/b/g/n WLANs, the maximum transmit power is 200 milliwatts (mW).

For computer networking and wireless communications, the most widely known and influential organization is the Institute of Electrical and Electronics Engineers (IEEE), which dates back to 1884.

For computer networking and wireless communications, the most widely known and influential organization is the Institute of Electrical and Electronics Engineers (IEEE), which dates back to 1884. IEEE dates back to 1884.

Another weakness of MAC address filtering is that managing a large number of MAC addresses can pose significant challenges. The sheer number of users often makes it difficult to manage all of the MAC addresses. As new users are added to the network and old users leave, keeping track of MAC address filtering demands almost constant attention. For this reason, MAC address filtering is not always practical in a large and dynamic wireless network.

For this reason, MAC address filtering is not always practical in a large and dynamic wireless network.

IEEE 802.11a standard specifies a maximum rated speed of 54 Mbps using the 5 GHz spectrum.

IEEE 802.1x blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server. Port security prevents an unauthenticated device, either wired or wireless, from receiving any network traffic until its identity can be verified.

Older versions of Microsoft Windows XP, when receiving signals from both a wireless network that is broadcasting an SSID and one that is not broadcasting the SSID, will always connect to the AP that is broadcasting its SSID.

If a Windows XP device is connected to an AP that is not broadcasting its SSID, and another AP is turned on that is broadcasting its SSID, the device will automatically disconnect from the first AP and connect to the AP that is broadcasting.

If multiple piconets cover the same area, a Bluetooth device can be a member in two or more overlaying piconets

In 1990, the IEEE started work to develop a standard for wireless local area networks (WLANs) operating at 1 and 2 Mbps. This draft, which went through seven different revisions, took seven years to complete. In 1997, the IEEE approved the final draft known as IEEE 802.11.

In 1997, the IEEE approved the final draft known as IEEE 802.11.

In 1999, a new IEEE 802.11b amendment was created, which added two higher speeds (5.5 Mbps and 11 Mbps) to the original 802.11 standard.

In 1999, a new IEEE 802.11b amendment was created, which added two higher speeds (5.5 Mbps and 11 Mbps) to the original 802.11 standard. The 802.11b standard can support wireless devices that are up to 375 feet (115 meters) apart using the 2.4 gigahertz (GHz) radio frequency spectrum.

In a wireless network, each device must be authenticated prior to being connected to the WLAN (once the wireless device is authenticated, the user may then be asked to authenticate by entering a username and password).

In a wireless network, each device must be authenticated prior to being connected to the WLAN (once the wireless device is authenticated, the user may then be asked to authenticate by entering a username and password). One type of authentication supported by the 802.11 standard is known as open system authentication.

Increasing the key length and number of rounds has an impact on the speed of AES.

It is recommended that AES encryption and decryption be performed in hardware.

Lightweight EAP (LEAP) is a proprietary EAP method developed by Cisco Systems. It requires mutual authentication used for WLAN encryption using Cisco client software (there is no native support for LEAP in Microsoft Windows operating systems). Because LEAP can be vulnerable to specific types of attacks, Cisco now recommends that users migrate to a more secure EAP than LEAP.

MAC address filtering is usually implemented by permitting instead of preventing, because it is not possible to know the MAC addresses of all of the devices that are to be excluded.

MAC address filtering is usually implemented by permitting instead of preventing, because it is not possible to know the MAC addresses of all of the devices that are to be excluded. Filtering by MAC address has several vulnerabilities. First, MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format. An attacker using a protocol analyzer can easily see the MAC address of an approved device and then substitute it on his own device.

MAC address substitution is possible on Microsoft Windows computers because the MAC address of the wireless NIC is read and then that value is stored in the Windows Registry database, which can easily be changed.

MAC address substitution is possible on Microsoft Windows computers because the MAC address of the wireless NIC is read and then that value is stored in the Windows Registry database, which can easily be changed. Substituting a MAC address is also called spoofing.

MIC (in WPA) provides a strong mathematical function in which the receiver and the transmitter each independently compute the MIC, and then these values are compared. If they do not match, the data is assumed to have been tampered with and the packet is dropped. There is also an optional MIC countermeasure in which all clients are deauthenticated and new associations are prevented for one minute if an MIC error occurs.

Most organizations elect to use a more reliable approach of continuously monitoring the radio frequency (RF) airspace. Monitoring the RF frequency requires a special sensor called a wireless probe, a device that can monitor the airwaves for traffic.

a new category of attacks can be done remotely without the attacker ever having to touch the car.

One attack accesses the car's electronics using the Bluetooth network found on many late-model cars. Another wireless attack accesses the built-in cellular services that provide safety and navigational assistance, such as General Motors' OnStar service.

A car 's electronics can be manipulated in several ways. One of the easiest methods is to

One of the easiest methods is to plug directly into the car's On-Board Diagnostics II (OBD-II) connector, which has been a required feature of all cars since 1996.

One of the most well-known IEEE standards is 802.3, which set specifications for Ethernet local area network technology.

Open system authentication is weak because authentication is based on only one factor: a match of SSIDs. An attacker only has to determine a valid SSID in order to be authenticated.

PSK authentication uses a passphrase to generate the encryption key. Like WEP, the passphrase must be entered on each access point and wireless device in advance. However, unlike WEP, the PSK is not used for encryption but instead serves as the starting point for mathematically generating the encryption keys.

PSK authentication uses a passphrase to generate the encryption key. Like WEP, the passphrase must be entered on each access point and wireless device in advance.

A PSK is a 64-bit hexadecimal number. The most common way this number is generated is by entering a passphrase (consisting of letters, digits, punctuation, and so on) that is between 8 and 63 characters in length.

PSK passphrases of fewer than 20 characters can be subject to attacks to crack the passphrase. If a user created a PSK passphrase of fewer than 20 characters that was a dictionary word, then a match may be found and the passphrase broken.

Protected EAP. Protected EAP (PEAP) is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords. PEAP is considered a more flexible EAP scheme because it creates an encrypted channel between the client and the authentication server, and the channel then protects the subsequent user authentication exchange. To create this channel, the PEAP client first authenticates the PEAP authentication server using enhanced authentication.

Another type of car hacking takes a different approach. Researchers have added a Trojan to a digital music file, which was then

Researchers have added a Trojan to a digital music file, which was then burned onto an audio CD (it could also be stored on a USB flash drive that most cars today accept). When the song is played on the car's stereo the Trojan changes the firmware of the stereo system to give attackers an entry point to change other components on the car. Through this Trojan, researchers were able to turn off the engine, lock the doors, turn off the brakes, and change the odometer readings on the car. With this level of control it is possible that an attacker could remotely direct a car to transmit its Vehicle Identification Number and current location via the car's Global Positioning System (GPS) to a Web site.

For a small office or home, another device is used. This device combines multiple features into a single hardware device. These features often include those of an AP, firewall, router, and Dynamic Host Configuration Protocol (DHCP) server, along with other features. Strictly speaking, these devices are residential WLAN gateways as they are the entry point from the Internet into the wireless network. However, most vendors instead choose to label their products as wireless broadband routers or simply wireless routers.

Strictly speaking, these devices are residential WLAN gateways as they are the entry point from the Internet into the wireless network. However, most vendors instead choose to label their products as wireless broadband routers or simply wireless routers.

The IEEE 802.11 standard did not specify how to control access.

The IEEE 802.11 standard did not specify how to control access. Virtually all wireless AP vendors choose to use Media Access Control (MAC) address filtering that is a method for controlling access to a WLAN based on the device's MAC address.

The IEEE 802.11g standard was formally ratified in 2003 and can support devices transmitting at 54 Mbps.

The IEEE 802.15.1-2005 Wireless Personal Area Network standard was based on the Bluetooth v1.2 specifications. However, the IEEE has discontinued its relationship with Bluetooth so that any future Bluetooth versions will not become IEEE standards.

The Wi-Fi Alliance has approved five different EAPs for WPA and WPA2.

The basis for a keystream attack is as follows: performing an XOR on two ciphertexts will equal an XOR on the two plaintexts.

Bluetooth is a Personal Area Network (PAN) technology designed for data communication over short distances.

The current version is Bluetooth v4.0 (a subset is known as Bluetooth Low Energy), yet all Bluetooth devices are backward compatible with previous versions. Most Bluetooth devices use a Class 2 radio that has a range of 33 feet (10 meters). The rate of transmission is 1 million bits per second (Mbps).

In the vicinity through scanning the RF and receiving a beacon frame from the AP. The device then sends a frame known as an association request frame to the AP. This frame carries information about the data rates that the device can support along with the Service Set Identifier (SSID) of the network it wants to join. The SSID serves as the user-supplied network name of a wireless network and can generally be any alphanumeric string from 2 to 32 characters. After receiving the association request frame, the access point compares the SSID received with the actual SSID of the network.

The device then sends a frame known as an association request frame to the AP. This frame carries information about the data rates that the device can support along with the Service Set Identifier (SSID) of the network it wants to join. The SSID serves as the user-supplied network name of a wireless network and can generally be any alphanumeric string from 2 to 32 characters.

The most basic method for identifying and locating a rogue access point is for security personnel to manually audit the airwaves using a wireless protocol analyzer.

The results from the IEEE, known as 802.11i, served as the foundation for the Wi-Fi Alliance's Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2).

However, the easiest way to discover the SSID is to actually do nothing except wait for the SSID to be transmitted by the AP. The transmission of the SSID from the access point to a wireless device is called an SSID broadcast.

The transmission of the SSID from the access point to a wireless device is called an SSID broadcast. SSID beaconing is the default mode in virtually every AP, and not all APs allow beaconing to be turned off.

Because wireless devices operate using RF signals, there is the potential for two types of signal interference.

The wireless device may itself be the source of interference for other devices; and signals from other devices can disrupt wireless transmissions.

vulnerabilities in WPA. These vulnerabilities center around two areas, namely key management and passphrases.

These vulnerabilities center around two areas, namely key management and passphrases.

One of the first steps in attacking a wireless network is to uncover its presence. At regular intervals (normally every 100 microseconds), an AP sends a signal (called a beacon frame) to announce its presence and to provide the necessary information for devices wishing to join the wireless network.

This process, known as beaconing, is an orderly means for wireless devices to establish and maintain communications. Each wireless device looks for those beacon frames (known as scanning). Attackers will use beaconing to find wireless networks and then record information about them. This is known as war driving and war chalking.

In the early 1980s, the IEEE began work on developing computer network architecture standards. This work was called Project 802, and quickly expanded into several different categories of network technology.

This work was called Project 802, and quickly expanded into several different categories of network technology.

Encryption under WPA2 is accomplished by using the block cipher Advanced Encryption Standard (AES). Specifically, AES-CCMP is the encryption protocol standard for WPA2. CCMP is based on the Counter Mode with CBC-MAC (CCM) of the AES encryption algorithm. CCM is the algorithm providing data privacy, whereas the Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCMP provides data integrity and authentication.

To ensure data integrity, changing even one bit in an AES-CCMP message produces a different result. The AES algorithm processes blocks of 128 bits, yet the length of the cipher keys and number of rounds can vary, depending on the level of security required. The available key lengths are 128, 192, and 256 bits, and the number of available rounds are 10, 12, and 14. Only the 128-bit key and 128-bit block are mandatory for WPA2.

To prevent bluesnarfing, Bluetooth devices should be turned off when not being used or when in a room with unknown people. Another option is to set Bluetooth on the device as undiscoverable, which keeps Bluetooth turned on, yet it cannot be detected by another device.

WEP uses a 40-bit encryption key and does not change. TKIP has several advantages over WEP. First, it uses a longer 128-bit key. Also, TKIP keys are known as per-packet keys. This means that TKIP dynamically generates a new key for each packet that is created. Per-packet keys prevent collisions, which were one of the primary weaknesses of WEP.

Using TKIP, 280 trillion possible keys can be generated for a given data packet.

WEP accomplishes this confidentiality by taking unencrypted plaintext and then encrypting or "scrambling" it into a format that cannot be viewed by unauthorized parties while being transmitted (called ciphertext).

WEP relies on a secret key that is shared between the wireless client device and the AP. IEEE 802.11 WEP-shared secret keys must be a minimum of 64 bits in length.

WEP uses WEP encryption, shared key as authentication, and WEP's security level is low.

WPA authentication can be accomplished by using either IEEE 802.1x or preshared key (PSK) technology

WPA replaces WEP with an encryption technology called Temporal Key Integrity Protocol (TKIP).

WPA uses TKIP encryption, PSK or 802.1x as authentication, and WPA's security level is medium.

WPA2 authentication is accomplished through PSK or by the IEEE 802.1x standard.

In September 2004, the Wi-Fi Alliance introduced Wi-Fi Protected Access 2 (WPA2), which is the second generation of WPA security to address authentication and encryption on WLANs. WPA2 is based on the final IEEE 802.11i standard ratified in June 2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption and supports both PSK and IEEE 802.1x authentication.

WPA2 resembles IEEE 802.11i but differs slightly to allow for interoperability concerns with WPA. WPA2 allows both AES and TKIP clients to operate in the same WLAN, whereas IEEE 802.11i only recognizes AES clients.

WPA2 uses AES encryption, 802.1x authentication, and WPA2 has a high security level.

Wireless location mapping is the formal expression for this passive wireless discovery process of finding a WLAN signal. The informal and more frequently used expression for searching for a signal is war driving. War driving is searching for wireless signals from an automobile or on foot using a portable computing device.

War driving is searching for wireless signals from an automobile or on foot using a portable computing device. war driving = passive wireless discovery process

a piconet. When two Bluetooth devices come within range of each other, they automatically connect with one another. One device is the master, and controls all of the wireless traffic. The other device is known as a slave, which takes commands from the master. Slave devices that are connected to the piconet and are sending transmissions are known as active slaves; devices that are connected but are not actively participating are called parked slaves

When two Bluetooth devices come within range of each other, they automatically connect with one another. One device is the master, and controls all of the wireless traffic. The other device is known as a slave, which takes commands from the master. Slave devices that are connected to the piconet and are sending transmissions are known as active slaves; devices that are connected but are not actively participating are called parked slaves

Whereas a rogue access point is set up by an internal user, an evil twin is an AP that is set up by an attacker.

Although firewalls are typically used to restrict specific attacks from entering a network, an attacker who can access the network through a rogue access point is behind the firewall.

an attacker who can access the network through a rogue access point is behind the firewall. a rogue access point is an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.

WEP implementation violates the cardinal rule of cryptography:

anything that creates a detectable pattern must be avoided at all costs. This is because patterns provide an attacker with valuable information to break the encryption. The implementation of WEP creates a detectable pattern for attackers

bluetooth provides for rapid "on the fly" ad hoc connections between a Bluetooth-enabled device such as a cellular smartphone or a laptop computer and a set of Bluetooth headphones or a mouse.

car hacking involves

breaking into a car's electronic system. car hacking is especially eyeopening that this can now be done remotely through a wireless connection.

Wireless LAN attacks can be categorized as attacks based on:

discovering the network, attacks through the RF spectrum, and attacks involving access points.

802.11n

intended to usher in the next generation of WLAN technology final 802.11n standard was ratified in 2009 IEEE 802.11n networks can potentially transmit up to 600 Mbps.

capturing wireless data using network protocol analyzer software requires that the wireless NIC be in the correct mode. Wireless network interface card adapters can operate in one of six modes:

master (when the card acts as an AP), managed (when the station acts as a normal client), repeater, mesh, ad-hoc, or monitor mode (also called Radio Frequency Monitor or RFMON). It is necessary for the wireless NIC to operate in >>monitor mode<< so that it can capture frames without first being associated with an AP.

rogue access points are serious threats to network security because they allow attackers to intercept the RF signal and bypass network security to attack the network or capture sensitive data.

the Wi-Fi Alliance in 2003 introduced Wi-Fi Protected Access (WPA)

A wireless client network interface card adapter performs the same functions as a wired adapter with one major exception:

there is no external cable RJ-45 connection. In its place is an antenna (sometimes embedded into the adapter) to send and receive signals through the airwaves.

War driving is derived from the term war dialing.

tools needed for war driving: mobile computing device, wireless nic adapter, antenna(s), software, and GPS receiver.

SECURITY+ chp8 book

Conjuntos de estudio relacionados

Chapter 3 Post-Quiz

Family Chapter 14

Econ Ch 5-8 Exam HW MC

BIO ANTHRO SAMPLE EXAM 2

Respiration NCLEX

Bronchoscopy Quiz

Accounting Midterm 2

Lab Exam #1

AP computer science Final exam

group health insurance

week 1

Chapter 10 - Work, Retirement, and Leisure

Insurance Exam: Chapter 4

Insurance #7

Chapter 7

Quiz 2 Review (p4)

Fallacies

Compliance Program

Business (BUSINESS LEADERSHIP SKILLS)

Chapters 4,5, & 6 - Mastering A&P