Telecom Chapter 7 - Wireless LANs II

¡Supera tus tareas y exámenes ahora con Quizwiz!

corporations with multiple access points

802.11i 802.1X initial authentication mode was created for ________.

residences with a single access point

802.11i PSK initial authentication mode was created for ________.

both confidentiality and message integrity

802.11i provides ________.

rogue

A ________ is an unauthorized internal access point.

802.1X Initial Authentication Mode

Created for corporations w/ many APs. Dubbed Enterprise Mode. Strong and complex to implement. BUT can be defeated by rogue APs and Evil Twin Attacks. Uses a central authentication server. Authentication based on credentials on 802.1X authentication server.

Unshared Pairwise Session Key

Hosts give PSK to WAP. WAP gives a random ________ to the host so they can use the network. Every session different, can even reassign at certain times.

Three Weaknesses of PSK

- Unauthorized disclosure of the PSK - PSK changes after employee leaves are laborious (if you remember) - Weak PSKs are easy to crack or guess

WPA3 Main Enhancements

- individualized data encryption - protect against dictionary attacks - simplified security for devices w/o display, IoT devices - provides 192-bit security suite for protecting Wi-Fi users' networks with higher security requirements

Elements of 802.1X Initial Authentication Mode

1) Requirements for Credentials, authentication server to supplicant. 2) Provide Credentials, supplicant to authentication server. 3) Credentials Check, at authentication server. 4) Authorization Message to the Authenticator. 5) Authorization Message to the Client.

Frequency Hopping Spread Spectrum (FHSS)

802.11 Wi-Fi uses 20 MHz or wider channels in the 2.4 GHz and 5 GHz bands. Bluetooth operates only in the 2.4 GHz band. Bluetooth divides the band into 79 channels, each 1 MHz wide. For spread spectrum transmission, hops between channels every few frames. Bluetooth radios hop among the frequencies up to 1,600 times per second. These radios avoid channels where other devices (including 802.11 devices) are active.

Evil Twin Attack

A man-in-the-middle attack in which the ________ intercepts traffic passing between a wireless host and a legitimate AP. An _________ AP is usually a notebook computer. A MitM attack is difficult to detect because it is transparent to both the wireless client and the AP. Both operate as usual. Neither can tell that it is dealing with an impostor.

collect information

A security might use SNMP Get commands to ________ to look for a rogue access point.

power

A security might use SNMP Set commands to change an access point's ________.

Drive-By Hackers

AKA Wardrivers. Located outside corporate premises. Connects to an unsecure AP within the site. If successful, then attacker can communicate with any hosts within the site - without going through the border firewall.

Virtual Private Network (VPN)

An encrypted path through an untrusted network. Because it is encrypted, others cannot read it. It is as if the transmission was traveling over its own private network. Client encrypts with Key Client-Server and Key VC-ET. Sends doubly-encrypted frame to Evil Twin but he can only decrypt Key VC-ET so confidentiality is maintained.

Rogue Access Point

An unauthorized AP set up within a firm by an employee or department. Employee may not have malicious intent. Used by drive-by hackers.

one-to-one

Bluetooth uses ________ operation

Pre-Shared Key (PSK) Mode

Created for homes, businesses with a single AP. No use of authentication server. Authentication based on knowledge of pre-shared key. Strong but has three flaws: - Unauthorized disclosure of the PSK - PSK changes after employee leaves are laborious (if you remember) - Weak PSKs are easy to crack or guess Dubbed Personal Mode

Initial Authentication

Distinct from ongoing message-by-message authentication. The wireless client is the supplicant. It must prove its identity to the AP before the AP will allow the client to connect.

documents could be printed without downloading drivers

If Wi-Fi supported the basic printing profile, ________.

802.1X

If a firm has many access points, it should use ________ initial authentication mode in 802.11i.

wireless access point

In 802.1x initial authentication mode, the authenticator is the ________.

FHSS and AFH

Since Bluetooth operates in the 2.4GHz frequency range, as does 802.11g/n, how does Bluetooth ensure there is no interference?

both after the initial provisional placement of access points and periodically afterwards

Site surveys should be done ________.

Adaptive Frequency Hopping (AFH)

When a Bluetooth device uses AFH it scans the radio frequencies before transmitting to detect and avoid used channels by hopping to an unused channel.

both Unauthorized sharing of the pre-shared key and A weak passphrase may be selected

Which of the following is a risk in 802.11i PSK mode?

Evil Twin Access Point

Which of the following is usually set up by a hacker OUTSIDE the building?

never

Wi-Fi direct ________ uses access points.

802.11i

________ secures the connection b/w a wireless host and WAP via the use of authentication and encryption.


Conjuntos de estudio relacionados

UNIT 2 US Comprehensive Survey InQuizitives

View Set

World History Chapter 10.3 Vocab- The Protestant Reformation!

View Set

Unit 2: Cinderella Man Questions

View Set

IT195 Customer Service Skills for the Service Desk Professional - Chapter 7 - NO TRUE/FALSE

View Set