SECURITY + WIRELESS DEFENSES 5.12

¡Supera tus tareas y exámenes ahora con Quizwiz!

EAP-MD5 offer

minimal security and is susceptible to dictionary attacks and man-in-the-middle attacks.

Do not place access points with omnidirectional antennae

near exterior walls. The signal will extend beyond the walls. Instead, do the following:

Radio waves sent by wireless devices are

not contained within a specific transmission path, but instead emanate or radiate in many directions from the wireless transmitters This makes wireless networks susceptible to data emanation, where wireless signals might be received beyond the intended area of coverage. Keep in mind the following recommendation

LEAP Requires the minimum

of a digital certificate on the server side and passwords and Cisco drivers on the client side. LEAP does not use PKI

Devices often get better

reception from access points that are above or below

Consider using a Faraday cage. A faraday cage is

shielded enclosure that minimizes or eliminates data emanation. However, be aware that a Faraday cage blocks all radio signals, including mobile phone signals.

MAC address filtering identifies

specific MAC addresses that are allowed to access the wireless access point. Clients with unidentified MAC addresses are not allowed to connect

Shared key authentication use

static pre-shared keys (PSKs) configured on the access point and the client

Open authentication requires

that clients provide a MAC address in order to connect to the wireless network.

Wireless access points are transceiver

that transmit and receive information on a wireless network

A captive portal may be configured with a whitelist of websites

that wireless users are allowed to access without completing the requirements of the captive portal web page

LEAP Is based on

the MS CHAP protocol.

By default, access points broadcast

the SSID to announce their presence and make it easy for clients to find and connect to the wireless network

Place omnidirectional access points toward

the center of the building and then manage the power level of the radio to decrease signal emanation outside of the building.

Using EAP,

the client and server negotiate the characteristics of authentication.

LEAP's major weakness is that

it uses MS-CHAPv1 in an unencrypted form for authentication.

Do not use a network name that

makes it easy to associate your access point with your organization.

There are two main bands or frequencies utilized in 802.1x.

2.4 GHz 5 GHz

Authentication options, from highest security to lowest, are:

802.1x (requires a RADIUS server and a directory service) Shared secret Open (use when you need to enable public access)

Access point configuration areas

SSID MAC filtering Signal strength Band selection/width Antenna types and placement Fat vs. thin Controller-based vs. standalone

When using 802.1x authentication for wireless networks:

A RADIUS server is required to centralize user account and authentication information A PKI is required for issuing certificates The wireless access point is a RADIUS client The wireless access point forwards the wireless device's credentials to the RADIUS server for authentication A RADIUS federation is multiple RADIUS servers that communicate with each other after establishing a trust relationship

A RADIUS server is required to centralize user account and authentication information

A centralized database for user authentication is required to allow wireless clients to roam between cells and authenticate using the same account information

Lightweight Extensible Authentication Protocol (LEAP)

A less secure 802.1x protocol developed by Cisco

EAP Flexible Authentication via Secure Tunneling (EAP-FAST

A replacement for LEAP that uses a Protected Access Credential (PAC).

SSID Obfuscation

A wireless security strategy of changing the default SSID or turning off the broadcasting of the SSID on a wireless access point.

MAC address filtering

A wireless security strategy of identifying specific MAC addresses and only allowing them to connect to the wireless access point.

Encryption methods, from highest security to lowest, are:

AES used with WPA2 RC4 used with WPA RC4 used with WEP

A captive portal requires wireless network users to abide by certain conditions before they are allowed access to the wireless network

Agree to an acceptable use policy Pay for access to the wireless network View information or advertisements about the organization providing the wireless network (such as an airport or hotel)

Protected Extensible Authentication Protocol (PEAP)

An 802.1x protocol that provides authentication in an SSL/TLS tunnel using a single certificate on the server.

EAP Transport Layer Security (EAP-TLS)

An 802.1x protocol that uses Transport Layer Security (TLS) and is considered to be one of the most secure EAP standards

EAP Tunneled Transport Layer Security (EAP-TTLS)

An 802.1x protocol that uses a CA signed certificate.

Faraday Cage

An enclosure made of metal mesh that prevents radio signal frequencies from emanating outside of an environment

Extensible Authentication Protocol (EAP)

An set of interface standards that allows various authentication methods.

EAP-TLS: Requires client-side and server-side

Certificate Authority (CA) signed certificates.

Additional security considerations with wireless networks include:

SSID Obfuscation MAC Address Filtering Antenna Placement, Power Level, and Orientation Encryption Captive Portals Authentication Rogue Host Detection Band Selection and Bandwidth

wireless security settings. Authentication protocols

EAP PEAP EAP-FAST EAP-TLS EAP-TTLS IEEE 802.1x RADIUS Federation

While more secure than EAP-MD5 and LEAP

EAP-FAST can still be compromised if the attacker can intercept the PAC

There are several EAP implementations that you need to be familiar with

EAP-TLS EAP-MD5 EAP-FAS

Always treat a wireless network as though it were a publicly accessible network. Don't assume that the traffic on that network is private and secure

If users need to transmit confidential or secret information, require them to connect to the wired network with a network cable. In a mixed environment (public users and internal users), make the wireless network a screened subnet, and have internal users access wired computers on the internal network through a VPN. Put the access points in separate virtual LANs. Implement intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access

Implement standard security measures

Install security updates as soon as they are available Install antivirus software on wireless hosts Change the default administrator password Enable firewall filtering Disable DHCP on the WAP

EAP-FAST is a replacement for

LEAP that uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client authentication credentials are transmitted

wireless security settings Methods

PSK vs. Enterprise vs. Open WPS Captive portal

2.4 GHz

Provides a larger area of coverage Offers a slower speed of data transmission Offers only 14 channels with only three non-overlapping channels

5 GHz

Provides a smaller area of coverage Offers faster speeds of data transmission Channels do not overlap, but the use of some channels is restricted, depending on the country you live in

A RADIUS federation is multiple

RADIUS servers that communicate with each other after establishing a trust relationship. These servers may be on different networks and could span multiple organizations

PEAP Enables mutual authentication by requiring

The server to prove its identity with the client.

A PKI is required for issuing certificates At a minimum, the RADIUS server must have a server certificate

To support mutual authentication, each client must also have a certificate

EAP-TLS uses

Transport Layer Security (TLS) and is considered one of the most secure EAP standards available.

Four commonly used techniques for detecting rogue hosts include

Using site survey tools to identify hosts and APs on the wireless network Checking connected MAC addresses to identify unauthorized hosts Conducting an RF noise analysis to detect a malicious rogue AP that is using jamming to force wireless clients to connect to it instead of legitimate APs Analyzing wireless traffic to identify unauthorized system

(EAP-TTLS) Only one CA signed certificate

is required on the server, simplifying the implementation process.

LEAP: Requires

a Cisco RADIUS server and Cisco software on the client's side.

Change the default SSID to a

a non-apparent value to help obscure the wireless network.

PEAP: Creates

a secure communication channel for transmitting certificate or login credentials.

Either way, rogue hosts on your wireless network represent

a security risk and should be detected and subsequently removed,

Each access point has a

a service set identification (SSID) that identifies the wireless network

EAP-TLS: Is widely supported by

almost all manufacturers of wireless LAN hardware and software.

MAC address filtering provides a limited

amount of security; serious attackers are able to discover and spoof valid MAC addresses to bypass address filtering.

dictionary attack

an attacker would sniff both the challenge and the response during LEAP authentication and then run through all the words in a dictionary in an attempt to obtain the response that matches the challenge. If successful, the attacker has then guessed the password and can pose as the clien

A rogue host is

an unauthorized system that has connected to a wireless network It could be an unauthorized wireless device, or even an unauthorized wireless access point that someone connected to a wired network jack without permission.

Rogue hosts could be

benign in nature, or they could be malicious

PEAP Was a collaborative effort

between Cisco, Microsoft, and RSA

Prevent transmissions from reaching

beyond the designated wireless area by reducing the power level of the wireless access point.

EAP-FAST vulnerability is mitigated

by manual PAC provisioning or by using server certificates

The location of the access point antenna

can affect radio wave signal strength and network access.

The wireless access point forwards the wireless device's credentials

credentials to the RADIUS server for authentication

LEAP is also susceptible to

dictionary attacks.

Overlapping wireless networks should use

different channels to ensure that they do not conflict with each other

EAP supports multiple authentication methods

for example, smart cards, biometrics, and digital certificates

Many public Wi-Fi networks, such as those provided by airports, hotels, and restaurants,

implement some type of captive portal. A captive portal requires wireless network users to abide by certain conditions before they are allowed access to the wireless network

LEAP Transmits some of the information

in cleartext.

EAP-FAST: Establishes a TLS tunnel

in which client authentication credentials are transmitted

802.1x is a standard for local area networks

is created by The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA). This standard is often labeled IEEE 802.1x

Place directional access points around

the periphery of the building to provide even coverage. Aim the directional access points such that the signal does not emanate outside the structure.

A site survey uses tools to identify

the presence and strength of wireless transmissions.

LEAP is considered to be

the weakest 802.1x protocol. It does not use SSL/TLS to encapsulate authentication data

In general, place access points higher up

to avoid interference problems caused by building foundations.

users must manually specify the SSID

to connect to the wireless network. This helps to prevent casual attackers from connecting to the network. However, any serious hacker with the right tools can still connect to the wireless network

LEAP Can be upgraded

to have digital certificates on both sides.

Conduct a site survey to identify

to identify the coverage area and optimal placement for wireless access points to prevent signals from going beyond identified boundaries

EAP-TLS: Is labor-intensive and expensive

to implement.

Turn off the SSID broadcast

to keep a wireless network from being automatically discovered. When SSID broadcasting is turned off

MS-CHAPv1 is vulnerable

to offline dictionary attacks against dictionary-based passwords.

The main countermeasure to dictionary attacks is

to use a strong password policy

When a wireless device initially connects to the wireless network, all traffic to or from that device is blocked

until the user opens a browser and accesses the captive portal web page. After the host agrees to the terms and conditions, traffic is unblocked, and she can access the network normally

Many public access points use no encryption. If you use a public access point to connect to a private network

use a VPN to encrypt the connection. This is called VPN over open wireless.

802.1x authentication requires

user names and passwords, certificates, or devices such as smart cards to authenticate wireless clients.

Perform cell-shaping. Cell-shaping

uses directional antennas and shielding methods to provide coverage without emanation outside the facilit

802.1x authentication

uses either certificates or user names and passwords for authentication. Each is supported through extensible protocols such as the following

EAP-FAST Is susceptible to attackers

who intercept the Protected Access Credential (PAC) and use it to compromise user credentials.

Because wireless transmissions are easily captured,

you should implement some form of encryption on your wireless network


Conjuntos de estudio relacionados

11-Powers of Congress Flash Cards

View Set

PrepU Oxygenation Questions (In progress)

View Set

Cognitive Psychology (McBride &Cutting) Chapter 4

View Set

Psychology Chapter 14: Psychological Disorders

View Set

Quiz 4, WX 201, Quiz 3 WX 201, Quiz 2 WX 201, Quiz 1 WX 201

View Set