Module 11: Wireless Network Security
An ______________NFC device can read information as well as transmit data •Example: Cell Phones
Active
________________ block cipher ________performs three steps on every block (128 bits) of plaintext •Within second step, multiple iterations are performed •Bytes are substituted and rearranged
Advanced Encryption Standard (AES)
The introduction of WLANs in enterprises has changed hard edges to
"blurred edges"
In a network, a well-defined boundary protects data and resources This boundary is known as a
"hard edge"
Bluetooth is a personal area network _________________ designed for data communications over short distances
(PAN) technology
Match the Near Field Communication (NFC) Attacks -Man-in-the-middle -Data Theft -Devices Theft -Eavesdropping 1. Unencrypted N F C communication between the device and terminal can be intercepted and viewed. Because an attacker must be extremely close to pick up the signal, users should remain aware of their surroundings while making a payment 2. Attackers can "bump" a portable reader to a user's smartphone in a crowd to make an NFC connection and steal payment information stored on the phone. This can be prevented by turning off NFC while in a large crowd (Put your cell phone in airplane mode) 3. An attacker can intercept the NFC communications between devices and forge a fictitious response. Devices can be configured in pairing so one device can only send while the other can only receive 4. The theft of a smartphone could allow an attacker to use that phone for purchases. Smartphone should be protected with passwords or strong PINs
1. Eavesdropping 2. Data theft 3. Man-in-the-middle attack 4. Devices Theft
Match the Radio Frequency Identification (RFID) Attacks to their definition. Fake Tags Eavesdropping Unauthorized Tag Access 1. A rogue RFID reader can determine the inventory on a store shelf to track the sales of specific items. Sales information could be used by a rival product manufacturer to negotiate additional shelf space or better product placement 2. Authentic RFID tags are replaced with fake tags that contain fictitious data about products that are not in inventory. Fake tags undermine the integrity of the store's inventory system by showing data for items that do not exist 3. Unauthorized users could listen in on communications between RFID tags and readers. Confidential data, such as a politician's purchase of antidepressants, could be sold to a rival candidate in a "smear" campaign.
1. Unauthorized Tag Access 2. Eavesdropping 3. Fake Tags
What is the following Wireless LAN Transmission? -Single Band -Same band is used in common devices (Vulnerable to interference with other common devices such as microwave, phones) -Wireless Channels will overlap -11 channels -Slower Speed - Longer Range -Can penetrate walls easier
2.4 Ghz
What is the following Wireless LAN Transmission? Dual Band Not usually used in common devices (Less Vulnerable to interference with other common devices such as microwave, phones) Channels do not overlap 25 Channels Faster Speed - shorter range Harder time penetrating through solid objects
5.0 Ghz
In 1997, the IEEE released the final draft for a WLAN standard called IEEE __________.
802.11
WLAN Hardware
A wireless client network interface card adapter performs same functions as wired adapter •Antenna sends and receives signals through airwaves
When in doubt on a test use?
AES
________ is a centrally located WLAN connection device that can send and receive wireless signals •Primarily consists of an antenna and a radio transmitter/receiver
Access point (AP)
Intercepting Wireless Data
An attacker can pick up the RF signal from an open or misconfigured AP •Using a WLAN to read this data could yield significant information to an attacker regarding the wired enterprise network
What Bluetooth Attack describes the following? -Fun way to send messages to other people using bluetooth without using pairing. -Harmless as long as no one sends you any virus or malicious code that can damage your mobile device. -Hacker searches for a discoverable device in the area and sends spam -To defend: Keep your Bluetooth settings to invisible or non-discoverable
BlueJacking
What Bluetooth Attack describes the following? -Unauthorized access of information from a wireless device through a Bluetooth connection. -Can steal: phone book, delete phone book, view call received, place calls. -Hackers may purchase software that allows them to request information from your device -can occur even while your devices is set to invisible or non-discoverable
BlueSnarfing
____________ is considered more annoying than harmful because no data is stolen
Bluejacking
____________is an attack that sends unsolicited messages to Bluetooth-enabled devices
Bluejacking Usually involves text messages, images, or sounds
_______________is an attack that accesses unauthorized information from a wireless device through a Bluetooth connection
Bluesnarfing •The attacker copies e-mails, contacts, or other data by connecting to the Bluetooth device without owner's knowledge
____________ is a wireless technology that uses short-range radio frequency (RF) transmissions
Bluetooth •It provides rapid device pairings •Example: hearing aids - smart home door lock - chicken cooop
Both ______and ______ use a 128-bit key for encryption •Both methods use a 64-bit M I C value
CCMP and TKIP
The ________________ (C B C-M A C) component of C C M P provides data integrity and authentication •The Cipher Block Chaining Message Authentication Code (C B C-M A C) component of C C M P provides data integrity and authentication
Cipher Block Chaining Message Authentication Code
_________________ is the encryption protocol used for W P A 2 •Specifies the use of CCM with A E S
Code Protocol (CCMP)
WPA : Uses both ______________and _______________
Encryption and authentication
WPA2 addresses two major security areas of WLANs:
Encryption and authentication
_____________ is an AP set up by an attacker (External attacker) •Attempts to mimic an authorized AP •Attackers capture transmissions from users to _________ AP
Evil twin
________________ is a framework for transporting authentication protocols •Defines message format •Uses four types of packets -Request -Response -Success -Failure
Extensible Authentication Protocol (EAP)
Answer True or False for the following. WPS is secure.
False •Very Insecure!!!
Ratified in early 2014 and has data rates over 7 Gbps
IEEE 802.11ac
Institute of ____________ is the most influential organization for computer networking and wireless communications
Institute of Electrical and Electronics Engineers (IEEE) i
How many Mbps and Ghz for each Wireless LAN Transmission standard? -802.11a -802.11b -802.11g -802.11n -802.11n -802.11ac -802.1ax
Mbps.................... Ghz -54Mbps............... 5.0 Ghz -11Mbps..................2.4 Ghz -54Mbps................2.4 Ghz -65-600Mbps......2.4 Ghz/5.0 Ghz -Multiple Input Multiple Output (MIMO) uses dual antennas, MIMO, channel bonding, frame aggregation -1.3Gbps - 6Gbps.............2.4Ghz/ 5.0A AND 5.0B (Tri-band) -Network access control and authentication
_________________address filtering is the most common type of wireless access control •It is used by nearly all wireless AP vendors •Permits or blocks device based on MAC address
Media Access Control (MAC)
is a set of standards used to establish communication between devices in close proximity
Near field communication (NFC) •Think Contactless Payment Systems •Once devices are brought within 4 cm of each other or tapped together, two-way communication is established
_________________utilizes a PIN printed on a sticker of the wireless router or displayed through a software wizard •User enters Pin and security configuration automatically occurs
PIN method
Two common WPS methods include the following
PIN method and Push-button method
A ___________NFC device contains information that other devices can read but does not read or receive any information (example, NFC tag, Credit Card)
Passive
_________________is when the user-supplied network name of a wireless network; usually broadcast so that any device can see it -The broadcast can be restricted
Service Set Identifier (SSID)
The primary type of Bluetooth network topology is a ______________(How Bluetooth works)
Piconet
Authentication for W P A Personal is accomplished by using a ___________ •After AP configured, client device must have same key value entered •Key is shared prior to communication taking place •Uses a passphrase to generate encryption key •Must be entered on each A P and wireless device in advance •Devices that have the secret key are automatically authenticated by the A P
Preshared Key (PSK)
A common EAP protocol is __________________ •Simplifies deployment of 802.1x by using Microsoft Windows logins and passwords •Creates encrypted channel between client and authentication server
Protected EAP (PEAP)
____________user pushes buttons and security configuration takes place
Push-button method
Wireless Denial of Service Attack __________________ occurs when attackers use intentional RF interference to flood the RF spectrum with enough interference to prevent a device from communicating with the AP
RF jamming •Jamming - used by hackers to halt security cameras! •Jamming - used by hacker and drones!
_________________ is commonly used to transmit information between employee identification badges, inventory tags, book labels, and other paper-based tags that can be detected by a proximity reader
Radio frequency identification (RFID)
What is the primary differences between the 2.4 GHz and 5GHz wireless frequencies
Range and bandwidth 5GHz provides faster data rates at a shorter distance. 2.4GHz offers coverage for farther distances, but may perform at slower speeds.
___________ access point is an unauthorized access point that allows an attacker to bypass network security configurations •Usually set up by an insider (employee) •May be set up behind a firewall, opening the network to attacks
Rogue
______________ occurs when attackers craft a fictitious frame that pretends to come from a trusted client when it actually comes from the attacker
Spoofing
WEP =
WEEP
__________ vulnerabilities include the following: _________ can only use 64-bit or 128-bit number to encrypt •Initialization vector (IV) is only 24 of those bits •Short length makes it easier to break _____________violates the cardinal rule of cryptography: avoid a detectable pattern •Attackers can see duplication when IVs start repeating
WEP
Second generation of WPA is known as _____________ •Introduced in 2004 •Based on final IEEE 802.11i standard
WPA2
The Wi-Fi Alliance has created a similar technical specification called _________.
Wi-Fi Direct
______________was introduced by the Wi-Fi Alliance to fit into the exiting WEP engine without requiring extensive hardware upgrades or replacements
Wi-Fi Protected Access (WPA)
_________ is based on final IEEE 802.11i standard
Wi-Fi Protected Access 2 (WPA2)
____________is an optional means of configuring security on WLANS
Wi-Fi Protected Setup (WPS)
__________ is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmissions •Encrypts the transmission
Wired Equivalent Privacy (WEP)
Networks that are not using an AP operate in ______________ mode
ad hoc
Devices can only communicate between themselves and _________ connect to another network
cannot
Types of APs include
fat vs. thin APs, controller vs. standalone, and captive portal Aps
The other device (__________) takes commands
follower •Active followers are sending transmissions •Parked followers are connected but not actively participating
A WLAN using an AP is operating in _____________mode
infrastructure
One device (___________) controls all wireless traffic
leader
A ____________ gateway is used by small offices or home users to connect to the Internet
residential WLAN
Temporal Key Integrity Protocol (T K I P) Encryption
•Used in W P A •Uses a longer 128 bit key than W E P •Dynamically generated for each new packet •Includes a Message Integrity Check (M I C), designed to prevent man-in-the-middle attacks
Thin Access Points
•Useful in a large networks •Central management point (Cloud Based) •Configuration of APs is centralized in a controller
A _____________ is designed to replace or supplement a wired LAN
wired local area network (WLAN)
Access point (AP) functions ▶Acts as "base station" for wireless network ▶Acts as a bridge between ____________ and ____________ networks because it can connect to a wired network by a cable
wireless and wired
Several attacks can be directed against wireless data system including:
• Ultra-wide band (airtag) • Bluetooth attacks • Near Field Communication (NFC) attacks • Radio frequency identification systems (RF) • Wireless local area network attacks
There are two types of hard edges:
•A network hard edge •The second is made up of the walls and buildings that house the enterprise
Important considerations must be taken into account when installing a new WLAN for an organization:
•All areas of a building should have adequate wireless coverage •All employees must have a reasonable amount of bandwidth •A minimum amount of wireless signal should "bleed" outside the walls of the building
What are Examples of NFC uses:
•Automobile •Entertainment •Office •Retail stores •Transportation
An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router? A. WPA+CCMP B. WPA2+CCMP C. WPA+TKIP D. WPA2+ TKIP
•D. WPA2+ TKIP
Most RFID tags are passive because..........
•Do not have their own power supply •Because they do not require a power supply, they can be very small
Several tools can be used in a site survey for installation
•Heat maps •Wi-Fi analyzers •Channel overlays
Amendments to this standard include:
•IEEE 802.11a - All •IEEE 802.11b - Big •IEEE 802.11g - Grizzlies •IEEE 802.11n - Need •IEEE 802.11ac - Air Conditioning •IEEE 802.11ax
Other security steps can be taken to protect a wireless network such as:
•Installation and configuration •Specialized systems communications •Rogue AP system detection
Key management of WPA Vulnerabilities
•Key sharing is done manually without security protection •Keys must be changed on a regular basis •Key must be disclosed to guest users
Passphrases of WPA Vulnerabilities
•PSK passphrases of fewer than 20 characters subject to cracking
Not advertising the SSID only provides a weak degree of security and has limitations of...
•SSID can be discovered when transmitted in other frames •May prevent users from being able to freely roam from one AP coverage area to another •It's not always possible to turn off SSID beaconing
Design and implementation flaws of WPS include the following:
•There is no lockout limit for entering PINs •The last PIN character is only a checksum •The wireless router reports the validity of the first and second halves of the PIN separately
Fat Access Points
•Useful in a small networks •Manages authentication and Encryption •Each AP acts as an independent unit •There is no central management unit for all the Access Points in the network In Fat APs, users cannot roam. The user must connect to different APs as they move through the building. Movement from one AP to another is NOT Seamless.
There are two modes of WPA2:
•WPA2 Personal •WPA2 Enterprise