Networking - Chapter 7
WPA2
802.11i
When offered the choice while configuring a wireless access point, which WLAN security standard should you choose?
802.11i/WPA
Which of the two modes of 802.11i uses a central authentication server?
802.1X
Enterprise Mode
802.1X mode
If a firm has many access points, what 802.11i mode must it use?
802.1X/enterprise mode
What mode or modes of 802.11i operation use a central authentication server?
802.1X/enterprise mode
What two popular modes of operation are there for Bluetooth 4.0
Classic bluetooth and high speed blue tooth
What environment is the 802.1X mode of 802.11i designed to be used in?
Companies with multiple access points
What is a benefit of low power and short range (specifically in Bluetooth)?
Consumption is low and batteries last a long time, which is important for keyboards, mice, wireless headsets and other small wireless devices
Why do you think TJX failed to upgrade to stronger security than WEP?
Cost and other priorities
Wireless Protected Setup (WPS)
Created by the WiFi Alliance to simplify the configuration of wireless clients so that users can connect to access points more easily in Pre-Shared Key (PSK) mode. Uses an 8 digit PIN for a particular WPS capable access point instead of a long password, making it easier to crack.
The pre-shared key (PSK) mode of 802.11i is designed to be used in what enviornment?
Homes and businesses with a single access point
For what use scenario was 802.11i PSK mode created
Homes and small businesses with a single access point
What two competitors does Bluetooth have?
Near Field Communication and WiFi Direct
In access point placement, what is the last step in initial planning after after determining how far signals can travel and laying out the radiuses for access points?
Planners assign channels to access point positions, attempting to minimize interference while doing so
Bluetooth always uses what kind of communication between a pair of devices?
Point-to-point/one-to-one
What two types of attack can succeed even if a company implements 802.11i security well?
Rogue access points and evil twin access points
Bluetooth profiles
SIG defined application profiles that govern how devices share information and specify control messages for various uses
What is the most common protocol for providing the initial security before 802.1X authentication?
SSL/TLS
What can users do to protect against the vulnerability created by WPS?
Turn it off if possible (although, it often is not)
How are initial site surveys conducted?
Using signal analysis software (which can run on a notebook or a smartphone)
How does a user authenticate his or her device to an access point in Pre-shared key (PSK) mode?
Using the pre-shared key (PSK). Access points and wireless hosts use the same pre-shared key.
What does the Wi-Fi Alliance call 802.11i?
WPA2
High-Speed Bluetooth
new mode that can turn on a second radio that uses 802.11, giving 802.11 speeds (up to 24 Mbps)
pre-shared key (PSK) mode
one of the two modes of operation from 802.11i standards, called personal mode. Created for home use, can be used in a business with a single access point
The protection provided by 802.11i extends
only between the wireless access point and the wireless host
What are the dangers of using pre-shared key (PSK) mode?
- Someone may give the PSK to unauthorized people - The household may select a weak passphrase. PSKs are generated from passphrases and pass phrases must be at least 20 characters long to generate a strong PSK - Most PSK wireless access points have a serious security vulnerability, Wireless Protected Setup (WPS), which was designed to make set up easier. However, it uses an 8 digit PIN, instead of a long passcode, and can be easily cracked`
NFC operates at which service band?
13.56 kHz. This band is dedicated to NFC use and it gives low power consumption
A company uses 802.11i. How many 802.11i connections will an evil twin access point set up when a victim client wishes to connect to a legitimate access point?
2. The evil twin will establish a secure 802.11i connection with the wireless victim client (Security Connection 1). It uses key 1 for encryption. The evil twin then associates with the legitimate access point using 802.11i, creating security connection 2. The evil twin now has two symmetric session keys - one it shares with the victim client and the other it shares with the legitimate access point.
What is the limit for NFC transmission speed?
424 kbps, so it uses very little battery power
How many bits is a Pre-Shared Key (PSK)?
64
What kind of device is an evil twin access point?
A notebook with software that allows it to impersonate a real access point
Distinguish between rogue access points and evil twin access points.
A rogue access point is set up by a department or employee with no or poor security. An evil twin access point is set up by a criminal and it is used to intercept traffic between a victim device and a legitimate access point.
Near field communication (NFC)
A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.
802.11i
A wireless standard that added security features (initial authentication plus message-by-message confidentiality, integrity, and authentication)
What encryption for confidentiality standard does 802.11i use?
AES - Advanced Encryption Standard
Access Point Placement
APs should be placed so that the signal range does not exceed the boundaries of the facility.
In most firms, what is a good radius for access points?
About 10 meters
What problems can occur is access points are poorly placed?
Access points may be overloaded, dead spots can occur, and interference between access points may be crippling
What kind of key does a host use after initial authentication in pre-shared key (PSK) mode?
An unshared session key. After authentication using the pre-shared key, the wireless device gives each authenticated device a new unshared session key
In pre-shared key (PSK) mode, why is the key used after authentication called a session key??
Because it is only used for a limited time (a session). Once the host stops using the access point, the session key is terminated
Where does a virtual private network gets its name?
Because it provides a cryptographically secure connection all the way between a client and a server, as far as security is concerned, it is as if the client and the server have their own private network
Why does 802.1X mode in 802.11i need security between the authenticator and the host before 802.1X authentication?
Because the wireless access point is the authenticator and wireless transmission between the client and the authenticator is wireless, making it easy to intercept
Why are rogue access points dangerous?
Because they are usually configured with no security or poor security. The presence of even a single unsecure rogue access point will give a drive by hacker access to the firm's internal network. A single rogue access point destroys the security that the firm has so laboriously created with 802.11i.
What is the latest standard of Bluetooth?
Bluetooth 4.0
Human Interface Device (HID) profile
Bluetooth profile for devices such as mice, keyboards, etc.
Synchronization profile (SYNCH)
Bluetooth profiles that allows for synchronizing information with a desktop computer
Distinguish between war drivers and drive-by hackers in termsof what they do.
Both war drivers and driver by hackers lurk outside buildings or drive around with a portable device looking for unsecured wireless networks. War drivers may publicize findings, but they do not illegally read wireless messages or send attacks, while drive by hackers do.
Compare the relative benefits of classic blue tooth and high speed blue tooth
Classic blue tooth has a short useful range, low power - batteries last longer. High speed bluetooth has higher power and speeds and is useful for longer distances - consumes a good deal of electrical power
What is the first step in Access Point Planning?
Determine how far signals should travel. In most firms, a good radius is about 10 meters. If the radius is too great, many hosts will be far from their access points.
What two approximations are useful when estimating decibel values if you know the power ratio?
Each doubling of power gives a gain of approximately 3 dB; each multiplying by ten in power gives a gain of approximately 10 dB
hat threats are there for emerging local wireless technologies?
Eavesdropping, data modification and impersonation
What does the Wi-Fi Alliance call 802.1X
Enterprise mode
Headset Profile (HSP)
For using a mobile phone through a headset, features usually accessed through manual controls, rings, answers a call, hangs up and adjusts volume
What can happen if the radius for an access point is too great?
Hosts will be far from access points and access points must drop down to lower transmission speeds, and their frames will take longer to send and receive. This will effect the access point's effective capacity.
Hands-Free Profile (HFP)
In Bluetooth, profile that governs device-device communication for voice dialing, adjusting volume, hanging up, number redial, call waiting, and other telephone use actions
How are VPNs able to defeat evil twin attacks?
In VPN, the client and server encrypt all communication using a key that is never transmitted. When the client transmits, it first encrypts its message with the VPN key, then again with the key the client shares with the evil twin. When the evil twin receives the message, it decrypts it with the key it shares with the client, but it cannot read the message because it is still encrypted with the pre-shared key. Confidentiality is maintained.
Basic Printing Profile (BPP)
In bluetooth, allows printing to any BPP printer without having to load a printer driver
Bluetooth Smart profile
In bluetooth, it permits devices without full operating systems to interact, created for the Internet of things. More than a profile. It is a general facility for allowing devices without full operating systems to work together.
Master-slave control
In bluetooth, one device is the master, and the other is the slave. Although communication is always done one-to-one in Bluetooth, a master may have multiple slaves.
Describe the state of cryptographic security for new transmission standards.
In general, new security technologies take some time to mature. During this period, they often have vulnerabilities that must be fixed quickly. User companies must master security for each new technology they use.
Why is device theft or loss a serious risk for emerging local wireless technologies?
In this age of bring your own device (BYOD) to work, device theft or loss is a serious risk because most devices are only protected by short PINs (if they are protected at all). These devices may contain sensitive corporate information or may allow attackers to log into sensitive servers on the corporate network
What cryptographic protections does 802.11i provide?
Initial authentication, encryption of messages for confidentiality, authentication and message integrity, and strong cryptographic standards including Advanced Encryption Standard (AES) for confidentiality
When must firms do site surveys to give users good service?
Initially after installation and on an ongoing basis (frequently, routinely, and in response to problems)
In access point planning, what happens after initial planning?
Installation (access points are installed in provisionally planned locations) and Initial Site Surveys (site surveys are done around the access point to discover dead spots and other problems)
What does it mean that bluetooth uses one-to-one operation?
It always uses point-to-point communication between a pair of devices. One-to-many networking is not possible with Blue tooth. This simplifies bluetooth protocols.
What damage can evil twin access points do?
It can eaves drop on communication between the wireless client and the servers it uses, allowing it to steal corporate trade secrets, personal information, and other sensitive information. It can also use the Connection 2 to launch attacks against any server on the network, bypassing the company's firewall
Why should WPS not be used?
It creates a vulnerability because it only requires an 8-digit PIN instead of a long password. This can be easily cracked.
How does the 802.11i standard protect initial authentication exchanges in 802.1X?
It first creates an SSL/TLS connection between the wireless access client and the wireless access point. Once the SSL/TLS protection is in place, 802.1X authentication, using the exchange of secret information takes place.
How is the cryptographic protection provided by 802.11i limited?
It only extends between the wireless access point and the wireless host
Why is Wireless Protected Setup (WPS) desirable?
It was designed by the Wi-Fi Alliance to simplify configuration of wireless clients so the user can connect to access points more easily
What authentication does the pre-shared key (PSK) mode of 802.11i use?
Knowledge of a preshared key
Why is centralized access point management desirable?
Large organizations can have hundreds or thousands of access points. Traveling to each for manual configuration and troubleshooting would be expense. Centralized access point management consoles can allow organizations to manage access points remotely and keep management and labor costs under control. Centralized access point management consoles constantly collect data from individual access points, including signal strength, indications of interference, configuration settings and other diagnostic information
Passive RFID tags
NFC devices that can operate even if there is no power at all, using small wire arrangements embedded in paper or plastic
In Pre-Shared Key (PSK), after authentication, can hosts using an access point understand the messages that other hosts using the access point are sending?
No, because after authentication, the authenticated host and the wireless access point use an unshared session key
Are war drivers illegal?
No, because they do not read wireless messages or send attacks.
What functions should a remote access point system provide?
Notify WLAN administrators immediately of failures; provide continuous transmission quality monitoring; support remote access point power adjustment; allow software updates to be pushed out to all smart access points or WLAN switches; work automatically whenever possible
Why are session keys good?
Once the host stops using the access point, the session key is terminated. Using session keys limits the amount of information encrypted with the key. If a sender encrypts too much information with a key, a cryptanalyst can crack the key. Session keys only encrypt a limited amount of data making cryptanalysis impossible
802.1X mode
One of two modes in 802.11i that is designed for large firms with many access points. The WiFi Alliance calls this enterprise mode. A central authentication server is used for consistency and it has extremely strong security
What is the last step of access point planning?
Ongoing site surveys - continuing to monitor service conditions
What are some applications that use NFC?
Payment of bus fares, unlocking car doors and turning on the ignition, building door entry control, sharing electronic business cards and other files between devices, retail payments, loyalty points and coupons
Why is short transmission range protection against eavesdroppers?
Some standards have no cryptographic security. They assume eavesdroppers cannot get close enough to read the information because transmission distances are small.
What three threats should PSK consider?
Someone may give the pre-shared key to unauthorized people; the home or business may use a weak passphrase (less than 20 characters) and that will result in a weak pre-shared key; and Wireless Protected Setup (WPS) has a vulnerability in that it requires only an 8 digit pin that can be easily cracked (so WPS should be turned off if possible but it is often not possible)
How was the TJX break in an international crime?
TJ Max is a global company
Describe the security of the pre-shared key (PSK) mode of 802.11i
Technologically strong, but weak human security can compromise the technological security
What working group created the 802.11i standards?
The 802.11 Working Group
Wireless Protected Access (WPA)
The 802.11 security method created as a stopgap between WEP and 802.11i
In 802.1X operation, what device acts as the authenticator in Ethernet?
The Ethernet switch
Who governs near field communication (NFC)?
The NFC Forum
What happens when poor signal strength is identified as the result of a site survey?
The access points are moved appropriately or their signal strengths are adjusted until all areas have good signal strenth
What working group created Bluetooth?
The bluetooth special interest group, an association of hardware manufacturers and other organizations
In access point placement, what happens in initial planning after determining how far signals can travel?
The company gets out its architecture drawings and begins to lay out 10 meter circles with as little overlap as possible but with all points being within a circle. Where there are thick walls, filing cabinets, or other obstructions, shorter propagation distances must be used.
What can happen if the radius for an access point is too small?
The firm will need many more access points to cover the area to be served. Having access points too close together can also cause interference
In 802.1X operation, what device acts as the authenticator on the Internet?
The wireless access point
In Ethernet, why does 802.1X not need security between the authenticator and the host before 802.1X authentication is done?
There is no need to have security between the computer seeking access and the workgroup switch that controls access because it is difficult for another person to tap the wired access line between the computer and the switch (there are easier ways to break into a network)
How close must two devices be for near field communication (NFC)?
They do not have to be touching, but they must be within 4 cm (roughly 2 inches) of each other. It is difficult to judge such small distances, so it is normal practice to bump the two devices together
What was the attackers first step in breaking into TJX and other companies?
They gained access to a poorly protected wireless network, protected by the outdated WEP standard
Why should a remote access point management system provide functions as automatically as possible
To minimize management labor
Passive RFID chips have no batteries. How can they transmit when queried?
When the reader sends a command pulse to the tag, the RFID tag absorbs some of the signal's energy - a tiny amount but enough for the tag to transmit its information.
What does an evil twin do when the client transmits subsequently to the legitimate access point?
When the victim wireless client sends a frame encrypted with key 1, the evil twin decrypts the frame and reads it. It then re-encrypts the frame with Key 2 before sending it to the wireless access point
WiFi Direct
WiFi Direct is a way of allowing two devices to easily communicate/transfer data without the use of a router.
What standards did the 802.11i working group create?
Wired equivalent privacy (WEP), Wireless Protected Access (WPA) and WPA2 (802.11i)
Are drive-by hackers illegal?
Yes, because they also try to intercept and read a firm's data transmissions. They can also hack servers, send malware into the network and do other mischief.
Can a Bluetooth device be both a master and a slave?
Yes, it is possible for a Bluetooth device to be a master and a slave simultaneously. The master and slave devices also may switch roles during an interaction
Can a Bluetooth master have multiple slaves?
Yes. A master can maintain separate blue tooth connections with multiple slaves
Is it still true that Bluetooth uses one-to-one communication, even when a device/master communicates with four slaves?
Yes. One-to-one communication is still used. The master's connections to the slaves are each separate bluetooth connections
Virtual private network (VPN)
a cryptographically secure connection all the way between a client and a server
Drive-by Hacker
a hacker with a portable device that drives around a neighborhood looking for unsecured wireless networks, and they read wireless messages and send attacksD
Evil twin access points
a notebook configured to act like a real access point. It has software that allows it to impersonate a real access point and it operates at a very high power, which causes wireless hosts configured to choose the highest powered access point to associate with it instead of the real access point
session key
a unique symmetric encryption key chosen for a single secure session; used only for a limited time, such as during a single session of a client using an access point
Who creates a rogue access point?
an employee or department within a firm
Rogue access point
an unauthorized access point set up within a firm by an employee or department
In the pre-shared key (PSK) mode of 802.11i, after authentication using the pre-shared key, the wireless access point gives each authenticated device
an unshared session key to use while communicating with the access point
In 802.11i pre-shared key mode, the passphrase must be how long in order to generate a strong pre-shared key (PSK)
at least 20 characters long
why must the VPN key be pre-shared to thwart a VPN attack
because if the key is transmitted, it could be intercepted
Networking professionals typically express the ratio of two powers in
decibels (dB). Whenever the second value is smaller than the initial value, the decibel value is negative. Whenever the second value is larger than the initial value, the decibel value is positive
What are the security benefits from centralized access point management?
detect and notify administrators of rogue and evil twin access point and of access points with improperly configured security; do all of this as automatically as possible
What is the main way of preventing man in the middle attacks, such as an evil twin attack?
establish a virtual private network (VPN) between a wireless client and the host it will use
Classic Bluetooth
introduced by Bluetooth 2.0, speed of 2 to 3 Mbps and a published distrance limit of 10m (but useful range is shorter). fast enough for wireless mice, voice comm, etc
The evil twin attack is an example of a general class of attacks called
man-in-the-middle attacks, in which an attacker intercepts messages and then passes them on
Signal power is usually measured in
milliwatts (mW)
Wired Equivalent Privacy (WEP)
original standard created to protect communication between wireless clients and access points in 1997. Deeply flawed, and the 802.11i standard was created to replace it
War Driver
people with a portable device that drive around a neighborhood looking for unsecured wireless network, but they do not read wireless messages or send attacks
The 802.11i standard offers what two modes of operation?
pre-shared key (PSK) mode and the 802.1X mode
Bluetooth
short range radio technology designed for personal area networks (PANs) - small groups of networked devices around a person's body or in the area around a single desk. It is useful to think of Bluetooth as a cable replace technology.
Personal area network (PAN)
small groups of networked devices around a person's body or in the area around a desk
Payment Card Industry Data Security Standard (PCI DSS)
specify how companies should protect credit card information
What device or devices knows the unshared session key in pre-shared key (PSK) mode
the authenticated device and the access point
What does the Wi-Fi alliance call the pre-shared key (PSK) mode of 802.11i?
the personal mode
What is the 802.11i standard's limited objective?
to protect wireless transmission