Chapter 11 Security Administration

In the United States, a WAP can only use channels?

1 through 11. Channels tend to overlap, so nearby WAPs should not use close channels.

The maximum data rate for 802.11b was?

11 Mbps.

The IEEE 802.11g standard operates in the frequency range of?

2.4 GHz. This makes it downward-compatible with 802.11b devices. When communicating with 802.11b devices, the maximum data rate is reduced to 11 Mbps.

The 802.11n standard operates at?

5 GHz and it can also operate 2.4 GHz.

The 802.11a standard operates at the?

5-GHz frequency and has a maximum data rate of 54 Mbps.

The maximum throughput for the 802.11g standard is?

54 Mbps.

IEEE 802.11n-2009 gets bandwidth of up to?

600 Mbit/s with the use of four spatial streams at a channel width of 40 MHZ. It uses MIMO, which uses multiple antennas to resolve more information coherently than possible using a single antenna.

An 802.11n device is compatible with?

802.11a, 802.11b and 802.11g, but it may not support MIMO technology when paired with these devices. Multiple-input, multiple-output (MIMO) is a wireless networking technology that uses two or more streams of data transmission to increase data throughput.

There have been serval iterations of?

802.11ax, each with its own advantages.

Be able to explain account management?

Account management is a significant topic on the Security+ certification. You must understand the issues associated with the account management and be able to explain how to mitigate relevant security concerns.

One of the most fundamental aspects of network security is?

Account management. All authorized users must have accounts with the appropriate access level to allow those users to access the resources on the network. At the same times, attackers are always seeking to compromise an account so that they can also access the network resources.

What are some technical concerns of BYOD?

Architecture and infrastructure considerations are critical. Will the personal device be compatible with the organization infrastructure? One-board cameras and vide also pose a challenge. Some organizations forbid the use of cameras within the company, or at least within secure areas. And finally, there is the issue of acceptable use polices. Companies generally have acceptable use policies regarding how computers can be used within the organization. How will that be implemented with devices that don't belong to your company? None of this is meant to indicate you cannot use BYOD devices in your organization. However, you do need to address the issues mentioned in this section before allowing BOYD devices to connect to your network. Some organizations simply opt to forbid such devices, but in our modern world of ubiquitous devices, that approach may not be feasible in your organization.

Related to time-of-day restrictions are computer restrictions what are they?

As an example, if Elizabeth works in the Accounting department which is located on the 4th floor, why allow her account also to work on the 10th floor in software development? Limiting accounts only to those machines that user should be using is a natural extension of least privileges. Again, not all accounts can be locked down like this. For example, technical support personnel need to work from almost any computer on the network.

Understand the security issues associated with mobile devices?

As mobile devices become increasing ubiquitous, so too do the security concerns associated with them. For the Security+ certification test, you must understand the various issues, particularly with BYOD devices as well as variations such as CYOD and COPE.

What is SATCOM?

As name suggest it is an acronym for satellite communications. In the past, such technology was limited to various militaries. Now, however, anyone can purchase a satellite phone. The advantage to the user is that he or she no longer needs to be concerned with being in rage of Wi-Fi, or even a cellular tower. Instead, the phone can be used anywhere on Earth. However, by its very nature SATCOM can be a security issue. A person can connect to a satellite without ever going through your company network. Therefore, you have no idea what data might have gone through that phone to some-out-network device or service.

Once you have assessed the needs of each suer and service and then assign the appropriate privileges to those accounts, the next step is to?

Audit those accounts periodically.

Data ownership can become an issue with?

BYOD. If the device is personally owned but used for company business, who own the data on the device? The company or the individual? Related to that is the issue of support ownership. Is the individual responsible for the support or the company? Patch management is closely related to support ownership. Who will be responsible for ensuring that the personal device has patches updated? Antivirus management is yet another related issue. What antivirus software will be used? How will it be updated? These are all important questions that will need to be answered.

What is Storage Segmentation?

By segmenting a mobile devices storage, you can keep work data separate from personal or operating system data. You can implement whole-device encryption or just encrypt the confidential data. This can be augmented with containerization. Data is contained within specific portions of the device. Particularly if both company data and user data are on the same device, then containing data in separate areas becomes very important.

A related issue is ad hoc networking. This is done without?

Centralized control, just various devices communicating with each other. That can be a security issue, as there is no means to control security centrally. Connecting media to a portable device must be done with caution. External media attacked to a portable device can be a way to exfiltrate data or to introduce malware to the device and thus the network.

The topic of administrator accounts naturally leads to the broader topic of privileged accounts. By definition, any account in Linux is a?

Classic example. In Windows, the administrator account and power user accounts are good examples. The main issue with such accounts is that they should be given only when absolutely necessary.

Passphrases are becoming more?

Common. Beyond using a series of words or other text to control access, passphrases are generally longer in order to provide additional security.

What is device encryption?

Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a useable form without the correct passwords. We recommend that you use Trusted Platform Module (TPM) for all laptops where possible.

Mobile devices, such as laptops, tablet computer, and smartphones, provide security challenges above those of?

Desktop workstations, servers, and such in that they leave the office, which increases the odds of theft. At a bare minimum, the following security measures should be put in place on mobile devices.

Usage audits literally audit what the account is?

Doing. For users, this is designed to ensure that the account is being used in accordance with company security policies and is only being used for legitimate, work-related purposes. This is an elementary type of security audit that should be conducted on a regular basis.

The most important account is the?

Domain admin account. A local admin account (or root in Linux) gives the user unfettered control of a single machine. But domain admin accounts provide the user with complete and total control of your network. The ultimate goal of any attacker is to get domain admin privileges. For this reason, domain admin accounts must be very closely controlled.

Cellular network technology has evolved. Currently the 5G standard is?

Done, but it is not widely available.

BYOD (Bring Your Own Device) refers to?

Employees bringing their personal devices into the corporate network environment. This is a common issue in the modern workplace, and it can pose substantial security risks.

With any device, the loading of custom, or nonstandard firmware must also be?

Forbidden. The firmware is the heart of the device, and any nonstandard firmware is very likely to undermine the security of the device. However, the official firmware must be updated. One way to ensure this is Over-The-Air (OTA) updates. Whenever a device connects to your wireless network, the device is updated if needed. Finally, carrier unlocking is a security concern. This is the process of moving the phone from the carrier that issued it to another carrier, usually temporarily. This is not the same as simply switching phone service providers.

In some cases, you may wish to use a shared account for serval uses. This is sometimes called a?

Generic account. Using a generic account is usually not recommended. The preferred method is to have individual accounts for individual users. However, in some limited situations, it may be acceptable to use very-low privileged accounts that are shared. For example, for a lab on a college campus that only has access to the lab systems and no other resources, you might have a generic account "lab user: which can be used by any student in the lab.

What is time-of-day-restriction?

If given employee generally works from 8 to 5 why is their account accessible at 1 in the morning? Of course, people fluctuate a bit, so you might wish to set up this hypothetical account such that it is operation from 7 in the morning to 7 at night. Not all accounts can be locked down by time restrictions. But for those employees who work a relatively consistent schedule, this is an excellent way to improve security.

Today you are probably using some variation of the 802.11ax standard. But regardless of what wireless standard you are using, when deploying wireless access points, the channel you use is also?

Important. The 802.11 standard defines 14 channels. The channels that can be used are determined by the host nation.

What is a disassociation attack?

In this attack, the attacker sends a de-authentication packet to the wireless access point, spoofing the user IP address. This causes the access point to think that the user is logging off and to de-authenticate the user. The defense against that is mutual authentication. That makes it difficult for an attacker to spoof a user.

Summary for this chapter

In this chapter, we examined a variety of mobile connectivity methods and security issues associated with each. We also discussed the issues associated with mobile devices in the corporate environment. Finally, we reviewed account management concepts.

What is device access control?

In this context, it refers to controlling who in the organization has a mobile device. Not every employee should have one. Limiting access to such devices reduces risk.

Account lockout is an?

Issue. How many times can the suer enter the incorrect password before the account is locked? If the account is locked, how will it be recovered? For example, you might have the lockout automatically recover after 24 hours, or it might require an administrator to reset it. There are no absolute answers to these issues. What is appropriate for one organization might not be right for another. In a low-security environment, you might have passwords that are 8 characters long, expire after 6 months, don't lock out until 6 failed attempts, and then automatically recover in 2 hours. For a high-security environment, you might have 14+ character passwords that are changed every 30 days and lock out after 3 failed attempts. Then, they can be recovered by an administrator. The specific decisions that you make on these issues will depend on the security needs of your company.

Adherence to corporate policies is an obvious?

Issue. If individuals own their own devices, which they have purchased with their own funds, ensuring that the user and the device adhere to corporate policies will be a challenge. Related to that issue are legal concerns. When a device is owned by the individual but used for company business, a number of legal issues arise. As just one example, what if the device is used to send spam? Is the company responsible. Another example involves the employee leaving the company. How does the organization verify that the device any propriety data on it? Forensics is still another legal issue. If there is, for example, litigation against the company, usually computer records are subpoenaed, but the data that might reside on a personal device is a legal gray area.

What is UMTS?

It Stands for Universal Mobile Telecommunications Systems. This is a 3G standard based on GSM. It is essentially an improvement over GSM.

Wi-Fi consist of how many standards?

It consists of 7 standards.

What is password history?

It determines how many old passwords the system will remember, thus preventing the user from simply repeating previous passwords when it comes time to change his or her password.

What is content Management?

It involves multiple topics. The first is controlling what applications are installed on a mobile device. Many applications can pose a security threat to your network. Even benign applications might contain some security flaw that can be exploited to compromising your network. Along with managing applications is the issue of patch management. Using notifications to push out new updates—that is, push notifications—is an important aspect of content management.

What is bluejacking?

It involves sending unsolicited messages to Bluetooth devices when they are in range.

What is offboarding?

It is a bit simpler. It is when someone leaves the company, for any reason, that user's accounts must all be immediately suspended. It does not matter if this is the most trusted employee who is retiring after 30 years of wonderful service to the organization. While he or she is enjoying cake at the retirement party, their accounts should be getting disabled. It is important to disable them for a period of time before deleting them. Issues may arise after an employee leaves the company. If you delete their account, you may not be able to access files that they encrypted, and you might even lose some logs associated with least privileges. Keeping that concept in mind leads one or two other ideas.

What is ANT?

It is a proprietary wireless network technology that provides low power modes, and it is used in Wi-Fi settings. It has been used in sports-related technologies. It provides wireless connectivity using less power. ANT is a proprietary technology developed by a subsidiary of Garmin. It uses the 2.4 GHz frequency. It also has a range of about 30 meters. Incidentally ANT is not an acronym.

What is an evil twin?

It is a rouge wireless access point that mimics the SSID of a legitimate access point.

What is bluesnarfing?

It is an attack that involves getting data for a Bluetooth device.

What is application control?

It is primarily concerned with controlling what applications are installed on the mobile device. Most viruses that are found on Android phones stem from bad applications being installed. Related to application control is disabling unused services. If you do not need a service, turn it off.

What is Bluetooth?

It is short-range, wireless system that is designed for limited distances. Typical Bluetooth devices have an effective range of about 10 meters, or a little over 30 feet. This technology is often used to sync devices.

What is asset tracking?

It is something that you must have. It can be as simple as a serial number etched in the device or as a GPS locator. Related to this is inventory control. A complete and accurate list of all devices is an integral part of mobile device management.

What is GSM?

It is the global system for mobile communications. This is commonly known as 2G.

What is tethering?

It is the process of literally attaching some cable from the device to some immobile structure. The device itself can be a security risk. Phones all have microphones that can record conversations within range. The phone's camera is also such a device.

What is recertification?

It is the process whereby you determine if given accounts still require the privileges that they have. Account management is an ongoing process that every company must address on a regular basis. However, the two most important times to be concerned about account management are during onboarding and offboarding of personnel

What is a Rouge Access point and when does it occur?

It occurs when someone puts up an unauthorized access point. If users connect to it, then all their traffic goes through this access point. A variation on this is the evil twin. An evil twin is a rouge access point that copies the SSID of a legitimate access point. Again, mutual authentication can mitigate this risk. If the access must authenticate to the user, rouge access points are far more difficult to implement.

What is password complexity and what does it refer to?

It refers to requiring capital letters, numbers, and symbols as part of a password. This can be just as important as password length in thwarting at least some attacks.

What is password age and what does it relate to?

It relates to how long you can have a password before it expires and a new password is generated.

What is geofencing?

It relies on GPS tracking, but it goes a step further. With geofencing, the device will only function if it is within certain geographical locations. So, if a mobile device is stolen, that device will not work when taken outside the company perimeter.

What is onboarding?

It simply refers to the process that at a very early point after a person has been hired, that person must be informed of the company network polices, particularly security policies. His or her account should then be set up with least privileges.

What is BYOD?

It stands for Bring Your Own Device.

What is CYOD?

It stands for Choose Your Own Device.

What is COPE?

It stands for Company-Owned and -Provided Equipment.

What does EDGE stand for?

It stands for Enhanced Data Rates for GSM Evolution. This standard does not fit neatly into the 2G/3G/4G spectrum. It is technically considered pre-3G but it was an improvement over GSM (2G). So, we could consider it a bridge between 2G and 3G technology.

What is GSM stand for?

It stands for Global System for Mobile Communications. This standard was developed by the European Telecommunications Standards Institute (ETSI). Basically, GSM is the 2G network.

What is LTE?

It stands for Long-Term Evolution. This is a standard for wireless communication of high-speed data for mobile devices. IT is what is commonly called 4G.

What does LTE stand for?

It stands for Long-Term Evolution. This is a standard for wireless communication of high-speed data for mobile devices. It is what is commonly called 4G.

What is NFC?

It stands for Near-field communications. (NFC) is a radio wave transmission that automatically connects when in range. While done with radio waves, it can also be made with Bluetooth. If the traffic is not encrypted, then it is susceptible to sniffing.

What does UTMS stand for?

It stands for Universal Mobile Telecommunications Systems. This is a 3G Standard based on GSM. It is essentially an improvement over GSM.

What is Wired Equivalent Privacy (WEP)?

It stands for Wired Equivalent Privacy. You can see by its name that the WEP protocol was intended to make a wireless network as secure as a wired network. However, it was flawed, and it is now recommended you don't use it.

What is infrared?

It was one of the early attempts to create wireless communications, but it is not widely used today. It used light in the infrared spectrum just out of the range that humans can see. That made it an interesting method for transmitting data. However, it suffered from line-of-sight issues. This means that if anything stood between the sender and the receiver, the transmission was blocked. This proved to be a fatal flaw in infrared technology.

The concept of privileged accounts and guests accounts is part of the?

Larger topic of group-based access control. Any sizable network quickly becomes difficult to manage, and trying to administer privileges individually for a few thousand employees is a daunting task. It is often better to place users into groups based on their job roles and then to manage privileges for those groups. So rather than needing to mange privileges for all sales personnel, you can simply administer the privileges of the Sales group.

The most important concept in account management is?

Least privileges. This means that each account is given only the privileges that entity (user or service) needs to do their job. This is not a question of lack of trust or lack of skill of that user. The user in question may be very technically skilled and could be someone you would literally trust with your life. However, the user account is only granted just enough privileges to do their job and nothing more.

What is remote wipe/sanitation?

Many programs, such as Microsoft Exchange Server 2016 or Google Apps, allow you to send a command toa phone that will remotely clear the data on that phone. This process is known as a remote wipe, and it is intended to be used if the phone is stolen or going to be reassigned to another user.

It is becoming increasingly common to use the phone itself as a payment method. This often means that?

Mobile wallets can be sued to pay for goods and services. It can also include billing the phone carrier for items purchased, and then the cost is added to the user's phone bill. In some cases, Near Field Communication (NFC) can be used with mobile phone pay. All of these methods provide extremely convenient payment methods, but they also introduce security risks. The most obvious risk is now the phone itself becomes a payment method, making a lost, stolen, or comprised phone a greater security issue.

Bluetooth has its own security issues what are they?

Most of these can be remediated by setting the Bluetooth device so that it only connects to other devices, if those are trusted devices. Two of the most common Bluetooth security issues are bluejacking and bluesnarfing.

Privilege audits are a bit different. Over time, users change job roles. It is possible that a given user has privileges that are no longer?

Needed. This can occur when the user's job role changes, and their new privileges are simply added to the old privileges. It can also be the case that the user was initially assigned more privileges than their job role actually required. A privilege audit is meant to detect any situation where an account has more privileges than is required for his or her job tasks. This is simply enforcing the concept of least privileges. Privilege are closely related to recertification.

In most organizations of any significant size, you will eventually have outsiders who need access to your?

Network. This could include clients or business partners who are visiting. Your facilities for a brief period of time. Guest in a hotel is another classic example. These accounts are usually called guest accounts. They should have bare minimum privileges. It is possible to have individual accounts for each guest. In fact, hotels often have the guest log in by room number, and last name, thus creating an individual account for an individual guest. However, in some situations, hotels may use shared account for gests. For example, guest Wi-Fi often uses a single "guests: login that every one shares.

In addition to password complexity, there will be related issues such as?

Password length. The rule is the longer, the better.

What is a strong password?

Passwords are always important but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values. Strong passwords can able be augmented with biometrics. Using a fingerprint or even facial recognition is quite popular with today's smartphones. Access control is at least as important for mobile devices as it is for any other device on your network.

Humans are not only entities that may require access to network?

Resources. You might have software that needs to access your network, separately from human involvement. As one example, database services usually start when the machine they are on boots up. These services require their own accounts. One mistake that is all too common is simply to assign these services to a domain administration account. This violates the principle of least privileges that you have read about repeatedly in this book. The proper approach is the create service accounts with just enough privileges for the service to accomplish its required tasks.

Another related issue with Android phones is?

Rooting. Root is the term for an administrator in Linux, Android phones use Linux. So, rooting means to get level, or administrative, privileges on an Android phone. This will allow the user to make any modification he or she wishes.

Because much of this was discussed in Chapter 8, "Cryptography" it is simply summarized here. There are three primary methods for?

Security traffic to flow between a device and the wireless access point.

Near field communications are often used in very?

Short distances. The most obvious security countermeasure for NFC is to ensure that all transmissions are encrypted. TLS is one choice for encrypting NFC communications.

What is GPS tracking?

Should a device be stolen, GPS (global positioning system) tracking can be used to identify its location and allow authorities to find it. Note that removable storage can circumvent GPS. For example, if a device has GPS tracking but it also has removable storage, thieves can simply remove the data they want and leave the device. This is often related to geotagging, wherein the geographic location of the device is being tagged or tracked.

802.11b was the next?

Standard. This is another older standard, presented here for this torical context.

What is EDGE?

Stands for Enhanced Data Rates for GSM Evolution. This does not fit neatly into the 2G/3G/4G spectrum. It is technically considered pre-3G but it was an improvement on GSM (2G). So, we could consider it a bridge between 2G and 3G technology developed by the European Telecommunication Standards Institute (ETSI)

In some instances, a mobile device is being used in a?

Stationary location. For example, a tablet is set up at a kiosk for general public use. In such cases, tethering the device is important.

Bluesnarfing involves getting data from the?

The Bluetooth device.

What is a screen lock?

The display should be configured to time out after a short period of inactivity and the screen locked with a password. To be able to access they system again, the user must provide the password. After a certain number of attempts, the user should not be allowed to attempt any additional logons; this is called a lockout.

Many portable devices can be readily turned into mobile hotspots. This also presents a security risk due to?

The fact that using a mobile device, it would be possible for someone to begin broadcasting as SSID that is similar to the one used by your actual corporate wireless access point and thus trick users into connecting to the rouge device rather than one of your company's real wireless access points.

There are two other variations of BOYD that are used by some organizations what are they?

The first is Choose Your Own Device (CYOD). With this approach, the company creates a list of approved devices that meet the company's minimum-security standards. Employees then can select from among this list of preapproved devices. This approach does help mitigating the risks associated with BYOD, since all employees will be using devices that have a minimum level of security. The second approach is Company-Owned and -Provided Equipment (COPE). Using COPE, the company has complete control of the devices, and thus it can ensure a higher level of security. However, this approach has its own issues. The first issue of cost. It is expensive to provide portable devices to your entire staff, or even a significant portion of the staff. The second issue is personal use of these devices leads to personal data on company-owned equipment.

What is the risk of BYOD?

The first risk involves those devices connecting to the company network. If an employee has a personal smartphone, for example, and they bring it to work and connect it to the company's Wi-Fi network, then any virus, spyware, or other malware that may have infected their phone can spread to the company network. One way to address this is to have a second Wi-Fi network—not connected to the main corporate network, but simply a guest network—and only allow personal devices to connect to that Wi-Fi network and not to the main network. Another risk involves compromising confidential data. Modern mobile devices are complex computer systems. An employee could use a smartphone to photograph sensitive documents, record conversations, and acquire a great deal of sensitive data. Some Department of Defense contractors do not allow phones in certain sensitive areas of their buildings. This may be more restrictive than at most civilian companies, but at least you should be aware of this potential issue and have a policy to address it. That policy could be as simple as all employees agreeing that if they bring a mobile device onto company property, it is subject to random search.

What you must know for now is that there are three different methods of wireless security what are they?

They are WEP, WPA, and WPA2. WEP should be avoided if at all possible; and if at all possible, always use WPA2.

What is machine-based restrictions?

They are a special type of located-based controls. Location based controls are any type of controls that limit accounts based on where the person is attempting to sign in. For example, an account might work fine in the Chicago office but not work at all from the Houston office. These concepts are all related to standard account maintained. There are also some issues with concerns the first one being naming conventions. Account names should not reveal the job role. As mentioned earlier, attackers want to compromise administrative accounts. If your network has 1,000+ accounts, it can be challenging just to figure out which are the administrator accounts. But if you named you administrator accounts dmnadmin001, it doesn't take Sherlock Holmes to deduce that this is a domain admin account.

There are a variety of ways to connect a network what are some?

They are particularly with wireless/mobile connections. Each of these presents its own security issues.

Two types of audits are relevant to accounts what are they?

They are usage audits and privilege audits. Whatever the account type or use, credential management is an important concept. This means the complete management of credentials. For example, how will passwords be stored and where will they be stored. When will accounts, expire, and how long can passwords be used? These are all part of credential management. Such management is usually accomplished via policies. That will require account policy enforcement. If your organization has a policy that passwords must be at least 12 characters long and should be changed every 90 days, then there must be a mechanism to enforce that account policy.

What is Context-Aware Authentication?

This authentication takes into account the context in which the authentication attempt is being made. Context-aware authentication still requires a username and password but in addition to those criteria it examines the user's location, time of day at which they are logging in, the computer from which they are logging in, what they are trying to do, and so on.

·What is IEEE 802.11ac?

This standard was approved in January 2014. It has a throughput of up to 1 Gbps with at least 500 Mbps. It uses up to 8 MIMO.

What is IEEE 802.11ac?

This standard was developed by the Wireless Gigabyte Alliance. It supports data transmission rates up to 7 Gbps—more than ten times faster than the highest 802.11n rate.

What is 802.11af?

This standard, also referred to as "White-Fi" and "Super Wi-Fi," was approved in February 2014. It allows WLAN operation in the TV white space spectrum in the VHF and UHF bands between 54 and 790 MHz.

The term side-loading in general means to?

Transfer data between two devices. More specifically with mobile devices, it most often is associated with install Android apps from places other than the Google Play store. This, like jailbreaking for iPhones, should be forbidden for any devices that will connect to your network. Essentially, any third-party apps from non-approved sources should be prohibited.

The first step in creating secure accounts is to make certain that you have different account?

Types for different users. Regardless of the type of account, all accounts should have some of the same properties. Those properties include things such as password complexity, age, and history.

Remember that any phone or tablet can be a USB storage device. This is referred to as?

USB OTG (On the Go). This means that any portable device carried into your network could be used to exfiltrate files and data from your network.

Be able to describe the wireless security standards?

Understand and be able to articulate details of the 802.11, WEP, WPA, and WPA2 standards. Each of these is of particular importance on the Security+ certification test.

Bluejacking involves sending?

Unsolicited messages to Bluetooth devices when they are in range.

The most obvious type of an account is the?

User account. These will be assigned to human users on your network. Each user should have certain properties. This will include an expiration date as well as the type of user. For example, administrator accounts are special user accounts with a great deal of privileges. Administrator accounts should be granted sparingly and monitored closely.

Another option for CYOD is using?

Virtual Desktop Infrastructure (VDI) for mobile phones. VDI has been used to provide a desktop to users to use any machine they wish. The desktop itself is actually virtualized, and it contains all of the user's applications, files, settings, and so forth. The same process can be applied to mobile devices, so the user has a VDI for company activity. This provides the company with ore control. over the deployment of phone apps, updates, and security configurations.

What is voice encryption?

Voice encryption can be used with mobile phones and similar devices to encrypt transmissions. This is intended to keep the conversation secure, and it works by adding cryptography to the digitized conversation.

What is WPA Wi-Fi Protected Access (WPA)?

WPA uses Temporal Key Integrity Protocol (TKIP), which is a 128-bit per-packet key, meaning that it dynamically generates a new key for each packet. WPA was introduced in Windows XP Service Pack 1, and it combined the authentication method with encryption. Both features are incorporated into one protocol. An additional improvement to encryption is that it is more difficult to crack than WEP encryption. This is because WPA automatically changes the encryption key with each packet exchanged on the network.

What is WPA2?

WPA2 is based on the IEEE 802.11i standard. It provides Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Channing (CBC) Message Authentication Code (MAC) Protocol (CCMP) that delivers data confidentiality data origin authentication, and data integrity for wireless frames.

802.11a was the first?

Wireless standard. It is unlikely that you would encounter this anywhere today.

No matter how secure your device starts out, that security can be significantly compromised by the user altering the configuration of the system. One of the most common methods for doing this is?

With the iPhone has been jailbreaking. By jailbreaking the phone, the user takes administrative/root control. This allows the user to install any application they wish, thus circumventing the security controls of the iPhone store. Jailbreaking should be strictly forbidden for any device that will connect to your network. This issue is comparable to side-loading with Android devices.

Many attacks effect?

o Wireless connections, and each has its own security countermeasures.