8.1 - 8.3 Wireless Threats

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Near Field Communication (NFC)

NFC allows two-way communication between two devices. The devices must be within a few centimeters of each other. NFC is a newer technology that is built on RFID.

Denial of service (DOS)

An attacker blocks radio signals or jams the system with interfering noise.

802.1x

Standard for local area networks that is used to authenticate users to a wireless network. It was created by The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA).

Service set identifier (SSID)

A unique name that identifies a wireless network.

Weak Configurations

Proper configuration of a wireless access point (WAP) is the first step in securing the network. The following table explains some important actions to take regarding WAP settings.

You need to configure a wireless network using WPA2-Enterprise. Which of the following components should be part of your design? (Select two.)

802.1x AES encryption To configure WPA2-Enterprise, you need a RADIUS server to support 802.1x authentication. WPA2 uses AES for encryption. WPA2-PSK, also called WPA2-Personal, uses pre-shared keys for authentication. WPA uses TKIP for encryption.

Wireless bridge

A wireless bridge connects two wireless networks together. > The bridge is typically created using a wired connection between the two access points. > A bridge can be implemented wirelessly using a wireless distribution system (WDS).

Cloning and spoofing

An attacker creates a copy of an existing tag and uses the fake tag to gain access to a secure system.

Omnidirectional

An omnidirectional antenna radiates and absorbs signals equally in every direction around the antenna. Because it spreads its gain in a 360 degree pattern, the overall range of an omnidirectional antenna is typically much less than that of a directional antenna.

Rogue access points

Any unauthorized access point added to a network.

Enable the WAP firewall

Most wireless APs come with a built-in firewall that connects the wireless network to a wired network. This should be enabled to help prevent unauthorized access to the network.

Change default service set identification (SSID) and broadcast

The SSID can be a maximum of 32 bytes in length. Since many manufacturers use a default SSID, it's important to change the SSID from the default. The SSID should be unique, but should not contain identifiable information (address, last name, etc.). The SSID broadcast can also be disabled. This is known as SSID suppression or cloaking. *A determined hacker can still easily discover hidden SSIDs. Disabling SSID broadcast can cause connection issues for devices.

Wireless interface

The wireless interface in a device, such as a laptop or smart phone, connects to the wireless access point.

Wireless access point (WAP)

A wireless access point broadcasts information and data over radio waves.

Which of the following is responsible for broadcasting information and data over radio waves?

Wireless access point A wireless access point (WAP) broadcasts information and data over radio waves. WAPs function as wireless hubs. A wireless bridge connects two wireless networks together. A wireless interface in a device, such as a laptop or smartphone, connects to a wireless access point. A wireless LAN controller is used in an enterprise environment to manage multiple access points.

Wi-Fi Protected Access (WPA)

The most commonly used cryptographic protocol in use for wireless networks. WPA2 and WPA3 are the two versions in use.

Open network

Wireless access method that has no authentication.

8.2 Wireless Attacks

As you study this section, answer the following questions: > What is the difference between bluejacking and bluesnarfing? > What is an initialization vector used for? > How can you discover rogue access points? > What is the difference between passive and active radio frequency identification (RFID) tags? In this section, you will learn to: > Use wireless attack tools. > Crack Wi-Fi encryption with Aircrack-ng. > Detect rogue hosts. > Configure rogue host protection.

Access Methods

Choose an access method for a wireless network based on the use of the network. The following table describes access methods:

Man-in-the-middle (MTM)

An attacker intercepts a signal from an RFID tag, then manipulates the signal before sending it to the intended recipient. This kind of attack is frequently used to take down a system.

Eavesdropping

An attacker uses an RFID reader to listen to conversations between a tag and the intended reader.

Which class of wireless access point (WAP) has everything necessary to manage clients and broadcast a network already built into its functionality?

Fat Fat access points have everything necessary to manage wireless clients and broadcast a network. Fat access points are standalone devices. Thin access points are basically a radio and antenna. Thin access points can broadcast a network, but require another system to manage clients and the network. A wireless bridge connects two wireless networks together. Ad hoc wireless configuration mode provides wireless communication without a wireless access point.

Captive Portal

Many open networks implement a captive portal. Captive portals force a user to view and interact with them before accessing a network. A hotel network is a good example captive portal use. When using a captive portal: > The user connects to the wireless network but is redirected to a captive portal page before internet access is granted. > The user might be prompted to agree to the terms and conditions of using the network or even asked to pay a fee before being granted access.

Radio frequency identification

RFID uses radio waves to transmit data from small circuit boards called RFID tags to special scanners.

8.3 Wireless Defenses

As you study this section, answer the following questions: > Which settings in a wireless access point can you configure to improve security? > Which cryptographic protocol uses a Remote Authentication Dial-In User Service (RADIUS) server? > Which access method forces a user to view and interact with it before accessing a network? > What are the three components in an 802.1x setup? > Which EAP standard is considered to be one of the most secure? In this section, you will learn to: > Harden a wireless network. > Configure a wireless intrusion prevention system. > Configure a captive portal.

8.2.7 Section Quiz

CIST 1601

8.3.10 Section Quiz

CIST 1601

Which EAP implementation is MOST secure?

EAP-TLS EAP-TLS uses Transport Layer Security (TLS) and is considered one of the most secure EAP standards available. A compromised password is not enough to break into EAP-TLS enabled systems because the attacker must also have the client's private key. EAP-MD5 offers minimal security and is susceptible to dictionary attacks and man-in-the-middle attacks. Lightweight Extensible Authentication Protocol (LEAP) does a poor job of protecting user authentication credentials and is also susceptible to dictionary attacks. EAP-FAST is a replacement for LEAP that uses a protected access credential (PAC) to establish a TLS tunnel in which client authentication credentials are transmitted. While more secure than EAP-MD5 and LEAP, EAP-FAST can still be compromised if the attacker intercepts the PAC.

You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)

Install a RADIUS server and use 802.1x authentication Configure devices to run in infrastructure mode When using wireless access points, configure an infrastructure network. Because you have multiple access points and an existing directory service, you can centralize authentication by installing a RADIUS server and using 802.1x authentication. Use ad hoc mode when you need to configure a wireless connection between two hosts. Use open authentication with WEP or when you do not want to control access to the wireless network. Use shared secret authentication with WPA or WPA2 when you can't use 802.1x.

Wireless LAN controller (WLC)

A Wireless LAN controller is used in a enterprise environment to manage multiple access points. The WLC is placed in the networking closet and connected to a switch. The controller is able to communicate with and manage the wireless access points. The WLC is also able to manage client connects and access point loads. This allows the WAPs to operate and work together as a single system instead of each device working in isolation.

Directional

A directional antenna focuses its radiation and absorption of signals in a specific direction. Some directional antennae allow you to vary the beam from relatively wide to very narrow. The narrower the beam, the higher the gain and the longer the range.

Pre-shared key (PSK)

A pre-shared key is a passphrase that is used to access the wireless network. This is probably the most commonly used access method.

Wi-Fi signal strength

Data emanation is a significant security problem. By default, the radio signals used by a wireless network are broadcasting omni-directionally and can travel quite a distance from the WAP. An attacker sitting outside the building may be able to connect to the wireless network if the signal is traveling outside. This can be limited by manipulating the WAP antenna placement. Some WAPs also allow the signal strength to be adjusted. Using these settings, reduce the signal strength so the signal stays inside the building.

Which type of interference is caused by motors, heavy machinery, and fluorescent lights?

EMI Electromagnetic interference (EMI) is interference caused by motors, heavy machinery, and fluorescent lights. Radio frequency interference (RFI) is interference on the radio channel. It is caused by nearby wireless devices using the same channel, cordless phones, or microwave ovens. Near frequency communication (NFC) allows two-way communication between two devices. The devices must be within a few centimeters of each other. Radio frequency identification (RFID) uses radio waves to transmit data from small circuit boards, called RFID tags, to special scanners.

Lightweight access point (LWAP)

Lightweight access points are used in conjunction with the wireless controller. > LWAPs contain very little technology and rely on the WLC to handle everything including client connections, authentication, updating configurations, etc. > LWAP forwards frames to the WLC to make the decision to either drop the packet or forward it. If the packet is to be forwarded, the WLC sends it to the applicable LWAP to which the destination device is connected and then that WLC sends the packet to the destination.

Evil twin attack

Rogue APs placed by an attacker can be used to run a evil twin attack. In this attack: > The rogue AP is configured to mimic the legitimate network. > The attacker uses a jamming or disassociation attack to knock users off the legitimate network. > When users re-connect to the network, they connect to the attacker's AP. > The attacker can monitor and capture all data that moves through the rogue AP. To protect against this attack, conduct an radio frequency (RF) noise analysis to detect a malicious rogue AP that uses jamming to force wireless clients to connect to it, instead of legitimate APs.

Wi-Fi Protected Setup (WPS)

Wi-Fi Protected Setup works only on a network that uses a PSK and WPA2. WPS allows a device to securely connect to a wireless network without typing in the PSK. To do this, you: > Push a button on the access point that causes the access point to search for devices in range. > Push the WPS button on the device to automatically join it to the access point. If there is no button, enter the eight-digit pin that is unique to the access point. *Some devices and access points can also use Near Field Communication (NFC) during the WPS process to connect to each other.

Normal-gain

A normal-gain antenna usually has a gain rating between 2 and 9 dBi.

Remote Authentication Dial-In User Service

A protocol used to authenticate users in a enterprise environment to a wireless network.

Initialization vector (IV)

A seed value used in encryption. The seed value and the key are used in an encryption algorithm to generate additional keys or encrypt data.

Interference

A signal that corrupts or destroys a wireless signal. Interference can affect communication of access points and other wireless devices.

You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from using the access point (AP) configuration utility?

Change the administrative password on the AP. You should change the administrative password used by the AP. Many AP manufacturers use a default administrative username and password that are well known. If you don't change these parameters, anyone connecting to the AP can easily guess the password required to access the AP's configuration utility.

Which of the following do switches and wireless access points use to control access through a device?

MAC address filtering Both switches and wireless access points are Layer 2 devices, meaning they use the MAC address to make forwarding decisions. Both devices typically include some form of security that restricts access based on the MAC address. Routers and firewalls operate at Layer 3 and can use the IP address or port number for filtering decisions. A circuit-level gateway is a firewall that can make forwarding decisions based on the session information.

You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the access point (AP). Which of the following values uniquely identifies the network AP?

SSID The SSID (service set identifier) identifies the wireless network. All PCs and access points in a LAN share the same SSID. WEP (Wired Equivalent Privacy) is used to add a layer of security to the transmission, while the channel identifies the frequency that the card and AP communicate on.

You need to add security for your wireless network, and you would like to use the most secure method. Which method should you implement?

WPA2 Wi-Fi Protected Access 2 (WPA2) is currently the most secure wireless security specification. WPA2 includes specifications for both encryption and authentication. WPA was an earlier implementation of security specified by the 802.11i committee. WEP was the original security method for wireless networks. WPA is more secure than WEP but less secure than WPA2. Kerberos is an authentication method, not a wireless security method.

The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do?

Implement a captive portal A captive portal would be the best choice in this scenario. A captive portal requires wireless network users to abide by certain conditions before they are allowed access to the wireless network. For example, the captive portal could require them to: > Agree to an acceptable use policy > Provide a PIN or password > Pay for access to the wireless network > View information or advertisements about the organization providing the wireless network (such as an airport or hotel) When a wireless device initially connects to the wireless network, all traffic to or from that device is blocked until the user opens a browser and accesses the captive portal webpage. After the user provides the appropriate code, traffic is unblocked, and the host can access the network normally. MAC address filtering and 802.1x authentication would work from a technical standpoint, but these would be completely unmanageable in a hotel scenario where guests come and go every day. Using a pre-shared key would require a degree of technical expertise on the part of the hotel guests. It could also become problematic if the key were to be leaked, allowing non-guests to use the wireless network.

You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

On a RADIUS server 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Authentication requests received by the wireless access point are passed to a RADIUS server, which validates the login credentials (such as the username and password). If you are using pre-shared keys for authentication, configure the same key on the wireless access point and on each wireless device. A CA is required to issue a certificate to the RADIUS server. The certificate proves the identity of the RADIUS server and can also be used to issue certificates to individual clients.

Parabolic

A parabolic antenna uses a parabolic-shaped reflector dish. It is highly directional, concentrating the radio waves transmitted from the sender into a very narrow beam. When the receiver uses a parabolic antenna, it can receive a signal only from one specific direction. It supports very high-gain radio signals that can be transmitted over long distances, but it requires a clear line of sight (LOS) between the sender and the receiver.

Extensible Authentication Protocol (EAP)

An authentication framework that uses a set of interface standards. EAP allows various authentication methods to be used.

You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)

Check the MAC addresses of devices connected to your wired switch. Conduct a site survey. A rogue host is an unauthorized system that has connected to a wireless network. It could be an unauthorized wireless device, or it could even be an unauthorized wireless access point that someone connected without permission to a wired network jack. Rogue hosts could be benign in nature, or they could be malicious. Either way, rogue hosts on your wireless network could represent a security risk and should be detected and removed if necessary. Four commonly used techniques for detecting rogue hosts include: > Using site survey tools to identify hosts and APs on the wireless network > Checking connected MAC addresses to identify unauthorized hosts > Conducting an RF noise analysis to detect a malicious rogue AP that is using jamming to force wireless clients to connect to it instead of legitimate APs > Analyzing wireless traffic to identify rogue hosts Using an IDS or an IPS would not be effective, as these devices are designed to protect networks from perimeter attacks. Rogue APs are internal threats. A NAC solution can be used to remediate clients that connect to a network, but a NAC solution can't be used to detect a rogue AP.

EAP Flexible Authentication via Secure Tunneling (EAP-FAST)

EAP-FAST uses a Protected Access Credential (PAC) to authenticate users. EAP-FAST: > Establishes a TLS tunnel in which client authentication credentials are transmitted. > Is susceptible to attackers who intercept the Protected Access Credential (PAC) and use it to compromise user credentials. This vulnerability is mitigated by manual PAC provisioning or by using server certificates. > Was created by Cisco.

EAP Transport Layer Security (EAP-TLS)

EAP-TLS uses Transport Layer Security (TLS) and is considered to be one of the most secure EAP standards available. EAP-TLS: > Is widely supported by almost all manufacturers of wireless LAN hardware and software. > Requires signed client-side and server-side certificate authority (CA) PKI certificates. > Is labor-intensive and expensive to implement.

Cryptographic Protocols

Enabling the proper cryptographic protocol is perhaps the most important way to secure a wireless network. For most users, Wi-Fi Protected Access (WPA) versions 2 or 3 will be the best option. The following table explains these two protocols:

Enable MAC address filtering

Every network device has a unique media access control (MAC) address. By specifying the MAC addresses that are allowed to connect to the network, unauthorized MAC addresses can be prevented from connecting to the WAP. Configuring a MAC address filtering system is very time consuming and demands upkeep. *Attackers can still use tools to capture packets and retrieve valid MAC addresses. An attacker can spoof a wireless adapter's MAC address and circumvent the filter.

Which type of attack is WEP extremely vulnerable to?

IV attack Wired Equivalent Privacy (WEP) is extremely vulnerable to initialization vector (IV) attacks because WEP reuses the IVs. This makes it easy for attackers to crack them and compromise the encryption. An evil twin attack is a type of rogue access point attack. Bluesnarfing is a Bluetooth attack. Cloning is an RFID attack.

Wireless Network Hardware

In a small office or residential location, a Small Office Home Office (SOHO) wireless router is often used. These devices are three different devices in one: > A router function connects the internal LAN to the internet. > A switch portion connects the internal wired LAN devices together. > An access point portion allows the internal wireless devices to connect to the network. In an enterprise environment, these functions are separated into individual devices that are much more powerful and robust. The following table describes hardware used in wireless networks:

You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you most likely experiencing?

Jamming In a jamming attack, a transmitter is tuned to the same frequency and type of modulation as the wireless network. The jamming signal overrides the legitimate wireless network radio signals. This scenario is a spark jamming attack. A disassociation attack occurs when a user is tricked into giving a fake router responsibility for forwarding packets. Bluesnarfing is a Bluetooth attack. Cloning is an RFID attack.

Update the firmware

Manufacturers release updates to the firmware on a regular basis to address known issues. It is important to regularly check for updates and apply them to prevent the system from being exposed to known bugs and security vulnerabilities. *While it is extremely important to keep devices up-to-date, it's just as important to properly test new updates before pushing them out to the entire network. Proper testing will reduce the number of new bugs or problems on a live network that the update may have introduced.

Omnidirectionalnormal-gain

Omnidirectional, normal-gain antennae are the most common type of antennae used in wireless equipment because they work reasonably well in a variety of situations.

Protected Extensible Authentication Protocol (PEAP)

PEAP provides authentication in an SSL/TLS tunnel with a single certificate on the server. PEAP: > Creates a secure communication channel for transmitting certificate or login credentials. > Enables mutual authentication by requiring the server to prove its identity with the client. > Was a collaborative effort between Cisco, Microsoft, and RSA.

Which of the following types of site surveys should be performed first?

Passive An initial site survey performed should be a passive survey. This survey is performed without the analyzer connecting to any specific WAP and is instead in a listen-only mode. An active survey is performed after multiple passive surveys have been completed and the wireless access points have been placed. An active survey verifies proper coverage has been achieved. A predictive survey uses software programs to load the building blueprints and determines where to install the WAPs. An ad hoc wireless configuration mode provides wireless communication without a wireless access point. Ad hoc mode is not a type of site survey.

You need to implement a solution to manage multiple access points in your organization. Which of the following would you most likely use?

WLC A wireless LAN controller (WLC) is used in an enterprise environment to manage multiple access points. A WLC is placed in the networking closet and connected to a switch. The controller is able to communicate with and manage the wireless access points. In a small office or residential location, a Small Office Home Office (SOHO) wireless router is often used. Lightweight access points (LWAPs) are used in conjunction with a wireless controller. A wireless bridge connects two wireless networks together.

Which of the following devices would you use to perform a site survey?

Wi-Fi analyzer A Wi-Fi analyzer is used to perform a site survey. A Wi-Fi analyzer can be a specialized tool or a software program running on a laptop, smartphone, or tablet. A heat map is generated following a site survey. A heat map shows the Wi-Fi signal strength in different locations. A wireless access point (WAP) broadcasts information and data over radio waves. WAPs function as wireless hubs. A wireless interface in a device, such as a laptop or smartphone, connects to a wireless access point.

Wi-Fi Attacks

Wi-Fi networks are practically everywhere. Many organizations have setup and configured Wi-Fi networks. If not configured properly, these networks can be susceptible to attack. The following table explains common Wi-Fi attacks:

Captive portal

Wireless access method that forces a user to view and interact with it before accessing a network.

When using 802.1x authentication for wireless networks with RADIUS, be aware that:

> A RADIUS server is required to centralize user account and authentication information. > A centralized database for user authentication is required to allow wireless clients to roam between cells and authenticate using the same account information. > PKI is required for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate. > The wireless access point is a RADIUS client. > The wireless access point forwards the wireless device's credentials to the RADIUS server for authentication. > A RADIUS federation is multiple RADIUS servers that communicate with each other after establishing a trust relationship. These servers may be on different networks and could span multiple organizations. To ensure the authentication information being sent is secure, the Extensible Authentication Protocol (EAP) is used. EAP is a framework in which other protocols work. The following table explains EAP and the protocols:

Wi-Fi Protected Setup (WPS)

Wireless access method that allows a device to securely connect to a wireless network without typing the PSK.

High-gain

A high-gain antenna usually has a gain rating of 12 dBi or higher.

Rogue access points (AP)

A rogue AP is any unauthorized AP added to a network. Rogue APs can allow the unauthorized capture of credentials and other sensitive information. Attackers also use this type of attack to conduct phishing and man-in-the-middle attacks. An example of a rogue AP is an employee with access to the wired network installing a wireless AP on a free port. The employee may do this because of poor signal strength. This rogue AP provides access to the network. If the AP has not been secured to the same standards as an official AP, it is likely to be targeted by an attacker. The following actions can be taken to protect against rogue APs: > Put APs in separate virtual LANs. > Use site survey tools to identify hosts and APs on the wireless network. > Check connected MAC addresses to identify unauthorized hosts. > Analyze wireless traffic to identify rogue hosts. > Disconnect any rogue access points you discover.

Wireless access point (WAP)

A wireless access point broadcasts information and data over radio waves. > A wireless access point functions as a wireless hub. > The wireless access point may provide a connection to a physical wired network. > The two classes of wireless access points are fat and thin. - Fat access points have everything necessary to manage wireless clients and broadcast the network. Fat access points are standalone devices. - Thin access points are basically a radio and antenna. Thin access points can broadcast the network, but require another system to manage clients and the network. Thin access points are referred to as controller-based devices. > A WAP uses an service set identifier (SSID) that associates a name with a wireless network. This makes it easier for users to connect wirelessly.

Which type of RFID tag can send a signal over a long distance?

Active Active RFID tags have onboard batteries and can send signals over a long distance. Road toll passes and other types of passes use active RFID. Passive RFID is not powered and relies on the energy of the scanner to transmit data. These tags are seen in ID badges, credit cards, and similar devices. NFC allows two-way communication between two devices. The devices must be within a few centimeters of each other. Bluetooth is designed to allow devices to communicate within a personal area network of close proximity.

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information. An evil twin is a rogue access point that is configured to mimic a valid access point. In contrast, a rogue access point is any unauthorized access point added to a network. The evil twin may be configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. Warchalking is marking the outside of buildings to indicate the presence of a wireless network. Attackers might use these marks to alert others of open or secured wireless networks. Businesses might even use these marks to advertise free wireless networks. Bluebugging gives an attacker access to all mobile phone commands that use Bluetooth technology, such as initiating phone calls, sending and receiving messages, eavesdropping, and reading and writing phone book contacts. Only highly skilled individuals can perform bluebugging.

Initialization vector (IV) attack

An initialization vector is a seed value used in encryption. The seed value and the key are used in an encryption algorithm to generate additional keys or to encrypt data. Wired Equivalent Privacy (WEP) encryption reuses initialization vectors. The reuse of IVs make it easy for attackers crack them. This is known as an IV attack. Be aware that: > The WEP IV is 24-bits and the key is 40-bits. This allows for approximately 16 million IVs. An IV is repeated at least once every 4096 packets. > Hackers developed programs that flood the network with packets, allowing them to quickly find matching IVs. > Once enough IVs are obtained, the attacker can decrypt the encryption key. > WEP encryption can be cracked in as little as 1-2 minutes. Due to the vulnerabilities of WEP, you should no longer use it. Newer standards such as WPA2 and WPA3 do not use IVs in the encryption process.

Open Network

An open network has no authentication at all and allows anyone to connect to the network. This access method should be used only in public places that want to offer free wireless access.

8.1 Wireless Overview

As you study this section, answer the following questions: > Which device broadcasts information and data over radio waves? > What are the two modes of wireless network configuration? > Where is a Wireless LAN Controller (WLC) installed? In this section, you will learn to: > Identify the types of wireless network hardware. > Configure a wireless connection.

8.2.2 Wireless Attack Facts

Because wireless networks communicate using radio waves, they are vulnerable to attack. Common attaacks on wireless networks include Wi-Fi, Bluetooth, and radio frequency identification/near-field communication (RFID/NFC) attacks. This lesson covers the following topics: > Wi-Fi attacks > Bluetooth attacks > RFID/NFC attacks

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking Bluejacking is a rather harmless practice that entails an unknown sender sending business cards anonymously to a Bluetooth recipient within a distance of 10-100 meters, depending on the class of the Bluetooth device. The business cards usually include a flirtatious message so the attacker can see a visual reaction from the recipient. Multiple messages ware sent to the device if the attacker thinks there is a chance they will be added as a contact. Bluetooth devices are not susceptible to bluejacking if they are set to non-discoverable mode. Bluesnarfing is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. Bluesnarfing allows the attacker to view calendars, emails, text messages, and contact lists. Bluebugging gives an attacker access to all mobile phone commands that use Bluetooth technology, such as initiating phone calls, sending and receiving messages, eavesdropping, and reading and writing phone book contacts. Slamming entails unauthorized or fraudulent changes made to a subscriber's telephone service or DSL internet service.

Bluetooth Attacks

Bluetooth is designed to allow devices to communicate within a personal area network (PAN) of close proximity. PAN devices include cell phones, personal digital assistants (PDAs), printers, mice, and keyboards. Bluetooth: > Is designed for distances longer than infrared (IR) communication and has lower power consumption. > Requires that devices be in discovery mode to find each other and synchronize. > Operates in the 2.4 GHz range and uses adaptive frequency hopping (AFH). Eavesdropping is difficult because Bluetooth implements authentication and key derivation with custom algorithms based on the SAFER+ block cipher. It also uses the E0 stream cipher for encrypting packets. Bluetooth is one of the most secure protocols for mobile device communication, but it is susceptible to the following attacks: > Bluejacking looks for nearby devices that are in discovery mode and sends unwanted messages. The attacker is unable to steal any data. This attack is more annoying than harmful. > Bluesnarfing exploits a vulnerability in the object exchange (OBEX) protocol that allows an attacker to pair to the target device. Once paired, the attacker can view the calendar, emails, text messages, contact lists, and other data on the device. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability. To mitigate the risks of Bluetooth attacks, enable Bluetooth only when needed and make sure discovery mode is turned off except for when pairing devices.

8.1.6 Section Quiz

CIST 1601

You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?

Configure the connection with a pre-shared key and AES encryption. To connect to a wireless network using WPA2-Personal, you need to use a pre-shared key for authentication. Advanced Encryption Standard (AES) encryption is supported by WPA2 and is the strongest encryption method. WPA and WPA2 designations that include Personal or PSK use a pre-shared key for authentication. Methods that include Enterprise use a RADIUS server for authentication and 802.1x authentication with usernames and passwords.

Extensible Authentication Protocol (EAP)

EAP is a set of interface standards that allows various authentication methods to be used: > EAP supports multiple authentication methods (smart cards, biometrics, and digital certificates). > Using EAP, the client and server negotiate the characteristics of authentication.

EAP Tunneled Transport Layer Security (EAP-TTLS)

EAP-TTLS also uses a CA signed certificate. EAP-TTLS: > Is an updated version of EAP-TLS. > Requires only one CA signed certificate on the server, simplifying the implementation process.

Authentication Protocols

Enterprise level networks need a higher level of security. Many enterprise networks use the 802.1x protocol to authenticate users to the wireless network. 802.1x is a standard for local area networks created by The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA). This standard is often labeled IEEE 802.1x. Once a user is authenticated to a wired network, the port the user is connected to is activated. If the user activation fails, the port remains off. The 802.1x protocol can be implemented in a wireless network by enabling a virtual port when the user is authenticated. There are three components in a 802.1x setup: > The supplicant is the wireless client. > The authentication server contains a centralized database for user authentication. > The authenticator is a device responsible for handling the communications between the supplicant and authentication server. 802.1x implementations on wireless networks often use Remote Authentication Dial-In Service (RADIUS). RADIUS was developed in 1991. It was originally used to authenticate users to the remote network over a dial-up network. RADIUS is known as a triple-A protocol. This means it provides authentication, authorization, and accounting.

Which of the following is generated after a site survey and shows the Wi-Fi signal strength throughout the building?

Heat map A heat map is generated following a site survey. A heat map shows the Wi-Fi signal strength in different locations. A diagram of the location is needed so survey results can be overlaid. A Wi-Fi analyzer is used to perform a site survey. Ad hoc wireless configuration mode provides wireless communication without a wireless access point. This is not a type of site survey.

The IT manager has tasked you with installing the new wireless LAN controller (WLC). Where should you install the controller?

Network closet A WLC should be placed in the networking closet and connected to a switch so it can communicate with and manage the wireless access points. None of the other locations are valid locations to install the WLC.

You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. Which type of wireless antenna should you use on each side of the link? (Select two.)

Parabolic High-gain You should use a high-gain parabolic antenna on each side of the link. A high-gain antenna usually has a gain rating of 12 dBi or higher. A parabolic antenna uses a parabolic-shaped reflector dish. It is highly directional, concentrating the radio waves transmitted from the sender into a very narrow beam. When the receiver uses a parabolic antenna, it can only receive a signal from one specific direction. It supports very high-gain radio signals that can be transmitted over long distances, but it requires a clear line of sight between the sender and the receiver. A normal-gain antenna usually has a gain rating between 2 and 9 dBi. An omni-directional antenna radiates and absorbs signals equally in every direction around the antenna. Because it spreads its gain in a 360-degree pattern, the overall range of an omni-directional antenna is typically much less than that of a directional antenna. A directional antenna focuses its radiation and absorption of signals in a specific direction. However, these typically have a much shorter range than a parabolic antenna.

RFID/NFC Attacks

RFID uses radio waves to transmit data from small circuit boards, called RFID tags, to special scanners. There are two types of RFID tags: > Active RFID tags have onboard batteries and can send signals over a long distance. Road toll passes and other type passes use active RFID. > Passive RFID is not powered and relies on the energy of the scanner to transmit data. These tags are seen in ID badges, credit cards, and similar devices. RFID systems are vulnerable to various kinds of attacks, including: (See the following 4 terms) To protect against these attacks, RFID chips often operate at different frequencies. This makes it more difficult for an attacker to find and scan them. Near Field Communication (NFC) is a newer technology that is built on RFID. NFC allows two-way communication between two devices. The devices must be within a few centimeters of each other. Although NFC transmission distances are very short, transmissions are susceptible to several malicious attacks, including: > A lost NFC device allows anyone who finds it to access NFC resources. > NFC signals can be jammed by malicious interference. > NFC devices and readers are susceptible to man-in-the-middle exploits, where an attacker captures transmissions from the reader and forwards them on to the device, potentially reading and/or modifying data in transit. > NFC devices and readers are susceptible to relay attacks. An attacker can capture NFC data in transit and use the information to masquerade as the original device.

An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed?

Relay This scenario describes a relay attack. A relay attack occurs when an attacker can capture NFC data in transit and use the information to masquerade as the original device. A disassociation attack occurs when a user is tricked into giving a fake router responsibility for forwarding packets. This is not performed on NFC devices. Bluesnarfing is a Bluetooth attack. Cloning occurs when an attacker creates a copy of an existing RFID tag and uses the fake tag to gain access to a secure system.

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this?

Rogue access point A rogue access point is an unauthorized access point added to a network, or it is an access point that is configured to mimic a valid access point. Examples include: > An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a way to remotely access the network. > An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. > An attacker configures a wireless access point in a public location and then monitors traffic to see who connects to the access point. A man-in-the-middle attack is used to intercept information passing between two communication partners. A rogue access point might be used to initiate a man-in-the-middle attack. But in this case, the rogue access point was connected without malicious intent. Social engineering exploits human nature by convincing someone to reveal information or perform an activity. Phishing uses an email and a spoofed website to gain sensitive information.

Which type of wireless access point is generally used in a residential setting?

SOHO In a small office or residential location, a Small Office Home Office (SOHO) wireless router is often used. These devices are three different devices in one: > A router function connects the internal LAN to the internet. > A switch portion connects the internal wired LAN devices together. > An access point portion allows the internal wireless devices to connect to the network. Lightweight access points (LWAPs) are used in conjunction with a wireless controller. A wireless bridge connects two wireless networks together. A wireless LAN controller (WLC) is used in an enterprise environment to manage multiple access points.

Which of the following is used on a wireless network to identify the network name?

SSID Wireless devices use the service set identifier (SSID) to identify a network name. All devices on a wireless network use the same SSID. The MAC address is a unique physical device address. The IP address is a logical address that includes both the logical network and the logical device address. The subnet mask is used with the IP address to identify the network portion of the IP address.

Jamming attack

Some interference is malicious in nature, designed to disrupt wireless network communications. Malicious interference is sometimes referred to as jamming. In a jamming attack, a transmitter is tuned to the same frequency and the same type of modulation as the wireless network. The jamming signal overrides the legitimate wireless network radio signals at the receiving devices. The following list describes different types of jamming signals that can be used to disrupt a Wi-Fi network. > Spark jamming is the most effective type of Wi-Fi interference attack. It repeatedly blasts receiving equipment with high-intensity, short-duration RF (radio frequency) bursts at a rapid pace. Experienced RF signal technicians can usually identify this type of attack quickly because of the regular nature of the signal. > Random noise jamming produces radio signals using random amplitudes and frequencies. While not as effective as a spark attack, the random noise attack is harder to identify due to the intermittent and random nature of the interference. In fact, this type of signal is frequently mistaken for background radio noise that occurs naturally. > Random pulse jamming uses radio signal pulses of random amplitude and frequency to interfere with a Wi-Fi network.

Wireless interface

The interface in a device, such as a laptop or smart phone, that connects to the wireless access point.

Wireless Network Configuration

There are two configuration modes for a wireless network: > Ad hoc, also referred to as peer-to-peer, provides wireless communication without a wireless access point. The wireless interfaces of the communicating devices send and receive radio signals directly with each other. > Infrastructure mode uses a wireless access point that acts similarly to a hub or switch in a wired network. The infrastructure implementation: - Is more scalable than an ad hoc implementation. - Can also connect the wireless device to a wired network. - Can be used to create a guest network so external users can connect to the internet without giving access for the internal network.

Wi-Fi Protected Access 3 (WPA3)

To support the vulnerabilities inherent in the WPA2 handshake and to support newer technologies, WPA3 was implemented. First introduced in 2018, WPA3 implements the Simultaneous Authentication of Equals (SAE) standard instead of using the pre-shared key. SAE uses a 128-bit key and Perfect Forward Secrecy (PFS) to authenticate users. Perfect forward secrecy is a cryptography method that generates a new key for every transmission. This makes the handshake much more secure from hackers. If any portion of the handshake is intercepted, the key is still uncrackable.

Which of the following best describes Bluesnarfing?

Viewing calendar, emails, and messages on a mobile device without authorization Bluesnarfing is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. Bluesnarfing allows access to view the calendar, emails, text messages, and contact lists. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability. Bluejacking is a rather harmless practice that entails an unknown sender sending business cards anonymously to a Bluetooth recipient within a distance of 10-100 meters, depending on the class of the Bluetooth device. The business cards usually include a flirtatious message so the attacker can see a visual reaction from the recipient. Multiple messages are sent to the device if the attacker thinks there is a chance they will be added as a contact. Bluetooth devices are not susceptible to bluejacking if they are set to non-discoverable mode. Bluebugging gives an attacker access to all mobile phone commands that use Bluetooth technology, such as initiating phone calls, sending and receiving messages, eavesdropping, and reading and writing phone book contacts. Only highly skilled individuals can perform bluebugging.

Change default login credentials

WAPs typically come configured with a default administrator username and password. Because the administrator username and password is used to configure WAP settings, it's important to reset the defaults. This prevents outsiders from guessing the default username and password and breaking into the system.

Wi-Fi Protected Access 2 (WPA2)

WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications. It was first introduced in 2004 and is still heavily used in today's networks. There are two version of WPA2 available: > WPA2-Personal is also known as WPA2-PSK (pre-shared key). This version uses a pre-shared key, or passphrase, to protect the network. WPA2-PSK: - Uses Advanced Encryption Standard with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (AES-CCMP)as the encryption algorithm to encrypt all data. AES-CCMP uses a 128-bit key and a 128-bit block size. - Performs a 4-way handshake to authenticate the device when it connects to the access point. The pre-shared key and SSID are used to generate a session key during this process. The handshake does have some vulnerabilities that allow a hacker to intercept data and perform offline password attacks. > WPA2-Enterprise uses a RADIUS server to authenticate users to the network.

Pre-shared key (PSK)

Wireless access method that utilizes a passphrase for users to connect.

Wireless Antenna Types

Wireless antennas are a key component of a Wi-Fi network. Antennas fulfill two key roles: > Absorbing incoming radio signals > Radiating outgoing radio signals Some wireless antennas may be mounted externally to the wireless device. Others may be embedded within the device itself. The range of a wireless antenna depends upon its power gain, a numeric measure in decibels (dBi) of an antenna's maximum radiation power relative to a standard reference antenna. The higher the gain, the more powerful the antenna and the longer the range it can support. Commonly used wireless antennas can be categorized as follows.

Disassociation/deauthentication attack

Wireless devices are vulnerable to deauthentication (deauth) and disassociation attacks because the 802.11 standard allows devices to be authenticated with multiple APs at once. When a device connects to a wireless network, special unencrypted management packets are sent back and forth. Deauthentication and disassociation attacks take advantage of these packets to disconnect devices from a network. Be aware that: > To execute a deauth attack, the attacker pretends to be the wireless router the device is connected to. The attacker disconnects the device from the network. When the user tries to reconnect, the attacker can intercept the user's information. > Disassociation attacks are similar. Instead of disconnecting a user, disassociation tricks the user into giving the fake router responsibility for forwarding packets.

8.1.3 Wireless Networking Facts

Wireless networking is commonplace, both in home and business environments. This lesson covers the following topics: > Wireless network hardware > Wireless network configuration > Wireless antenna types

8.3.2 Wireless Security Facts

Wireless networking uses radio frequencies to transmit data. This means anyone with a wireless receiver can capture data from an improperly secured network. This lesson covers the following topics: > Weak configurations > Cryptographic protocols

8.3.4 Wireless Authentication and Access Methods Facts

Wireless networks encrypt communications using a security protocol, typically WPA2 or WPA3. However, to securely authenticate users and distribute authentication keys, other methods need to be used. This lesson covers the following topics: > Access methods > Authentication protocols

8.1.5 Configure a Wireless Network Lab

You are a network technician for a small corporate network. You just installed a Ruckus zone controller and wireless access points throughout your office buildings using wired connections. You now need to configure basic wireless network settings. *Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: > Create a WLAN using the following settings: - Name: CorpNet Wireless - ESSID: CorpNet - Type: Standard Usage - Authentication: Open - Encryption: WPA2 - Encryption algorithm: AES - Passphrase: @CorpNetWeRSecure! > Connect the Exec-Laptop in the Executive office to the new wireless network. Complete this lab as follows: 1. Access the Ruckus zone controller. a. From the taskbar, open Chrome. b. In the URL field, enter 192.168.0.6 and press Enter. c. Maximize the window for easier viewing. 2. Log into the Wireless Controller console. a. In the Admin field, enter admin (case sensitive). b. In the Password field, enter password as the password. c. Select Login. 3. Create a new WLAN. a. Select the Configure tab. b. From the left menu, select WLANs. c. Under WLANs, select Create New. d. In the New Name field, enter the CorpNet Wireless. e. In the ESSID field, enter the CorpNet. f. Under Type, make sure Standard Usage is selected. g. Under Authentication Options, make sure Open is selected. h. Under Encryption Options, select WPA2. i. Under Algorithm, make sure AES is selected. j. In the Passphrase field, enter @CorpNetWeRSecure!. k. Select OK. 4. Switch to the Exec-Laptop. a. Using the navigation tabs at the top of the screen, select Floor 1. b. Under Executive Office, select Exec-Laptop. 5. Connect to the new CorpNet wireless network. a. In the notification area, select the wireless network icon to view the available networks. b. Select CorpNet. c. Select Connect. d. Enter @CorpNetWeRSecure! for the security key. e. Select Next. f. Select Yes to make the computer discoverable on the network. g. The CorpNet network now shows as being connected and secured.

8.3.6 Harden a Wireless Network Lab

You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. *Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: > Change the admin username and password for the Zone Director controller to the following: - Admin Name: WxAdmin - Password: ZDAdminsOnly!$ (O is the capital letter O) > Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices: - 00:18:DE:01:34:67 - 00:18:DE:22:55:99 - 00:02:2D:23:56:89 - 00:02:2D:44:66:88 > Implement a device access policy called NoGames that blocks gaming consoles from the wireless network. Complete this lab as follows: 1. Access the Ruckus zone controller. a. From the taskbar, select Google Chrome. b. In the URL field, enter 192.168.0.6 and press Enter. c. Maximize the window for easier viewing. 2. Log in to the wireless controller console. a. In the Admin field, enter admin (case sensitive). b. In the Password field, enter password as the password. c. Select Login. 3. Change the admin username and password for the Zone Director controller. a. From the top, select the Administer tab. b. Make sure Authenticate using the admin name and password is selected. c. In the Admin Name field, enter WxAdmin. d. In the Current Password field, enter password. e. In the New Password field, enter ZDAdminsOnly!$. f. In the Confirm New Password field, enter ZDAdminsOnly!$. g. On the right, select Apply. 4. Enable MAC address filtering. a. From the top, select the Configure tab. b. From the left menu, select Access Control. c. Expand L2-L7 Access Control. d. Under L2/MAC address Access Control, select Create New. e. In the Name field, enter Allowed Devices. f. Under Restriction, make sure Only allow all stations listed below is selected. g. Enter a MAC address. h. Select Create New. i. Repeat step 4g-4h for each MAC address you would like to add to the ACL. j. Select OK. 5. Configure access controls. a. Under Access Control, expand Device Access Policy. b. Select Create New. c. In the Name field, enter NoGames. d. Select Create New. e. In the Description field, enter Games. f. Using the OS/Type drop-down list, select Gaming. g. In the Type field, select Deny. h. Under Uplink, make sure Disabled is selected. i. Under Downlink, make sure Disabled is selected. j. Select Save. k. Select OK.

8.2.6 Configure Rogue Host Protection Lab

You are a network technician for a small corporate network. You want to take advantage of the self-healing features provided by the small enterprise wireless solution you've implemented. You're already logged in as WxAdmin on the Wireless Controller console from ITAdmin. In this lab, your task is to: > Configure self-healing on the wireless network. - Automatically adjust AP radio power to optimize coverage when interference is present. - Set 2.4 GHz and 5 GHz radio channels to use the Background Scanning method to adjust for interference. > Configure the background scanning needed for rogue device detection, AP locationing, and self-healing. Background scans should be performed on all radios every 30 seconds. > Configure load balancing for all radios by adjusting the threshold to 40 dB. > Configure band balancing to allow no more than 30% of clients to use the 2.4 GHz radios. > Reduce the power levels to -3 dB for three access points in Building A to reduce RF emanations. Use the wireless survey results in the exhibit to identify the access points. *The amount you reduce TX Power by requires a judgment call based on the wireless survey results. In practice, you would repeat the wireless survey to verify the proper TX Power settings. Complete this lab as follows: 1. Configure self-healing. a. From the top, select the Configure tab. b. From the left menu, select Services. c. Under Self-Healing, select Automatically adjust AP radio power to optimize coverage when interference is present. d. Using the Automatically adjust 2.4GHz channels using drop-down menu, select Background Scanning from the drop-down menu. e. Using the Automatically adjust 5GHz channels using drop-down menu, select Background Scanning from the drop-down menu. f. On the right, select Apply. 2. Configure background scanning. a. Select Run a background scan on 2.4GHz radio. b. Enter 30 seconds. c. Select Run a background scan on 5GHz radio. d. Enter 30 seconds. e. On the right, select Apply. 3. Configure load balancing. a. Select Run load balancing on 2.4GHz radio. b. In the Adjacent radio threshold(dB) field, enter 40. c. Select Run load balancing on 5GHz radio. d. In the Adjacent radio threshold(dB) field, enter 40. e. On the right, select Apply. 4. Configure band balancing. a. Select Percent of clients on 2.4GHz radio. b. Enter the 30. c. On the right, select Apply. 5. Adjust the AP power level. a. From the left menu, select Access Points. b. From the top right, select Exhibit to determine which access points to adjust. c. Select Edit next to the access point to be modified. d. Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected. e. From the TX Power drop-down list, select -3dB (1/2). f. Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected. g. From the TX Power drop-down list, select -3dB (1/2). h. Select OK. i. Repeat steps 5b - 5h for additional access points.

8.3.7 Configure WIPS Lab

You are a network technician for a small corporate network. You would like to enable Wireless Intrusion Prevention on the wireless controller. You are already logged in as WxAdmin. *Access the Wireless Controller console through Chrome on http://192.168.0.6. In this lab, your task is to: > Configure the wireless controller to protect against denial-of-service (DOS) attacks as follows: - Protect against excessive wireless requests. - Block clients with repeated authentication failures for two minutes (120 seconds). > Configure Intrusion Detection and Prevention as follows: - Report all rogue devices regardless of type. - Protect the network from rogue access points. > Enable Rogue DHCP Server Detection. Complete this lab as follows: 1. Access the Ruckus zone controller. a. From the taskbar, open Google Chrome. b. In the URL field, enter 192.168.0.6 and press Enter. c. Maximize the window for easier viewing. 2. Configure Denial of Service protection. a. Select the Configure tab. b. From the left menu, select WIPS. c. Under Denial of Services(DoS), select Protect my wireless network against excessive wireless requests. d. Select Temporarily block wireless clients with repeated authentication failures. e. Enter 120 seconds. f. On the right, select Apply. 3. Configure Intrusion Detection and Prevention: a. Under Intrusion Detection and Prevention, select Enable report rogue devices. b. Select Report all rogue devices. c. Select Protect the network from malicious rogue access points. d. On the right, select Apply. 4. Select Enable rogue DHCP server detection and then select Apply.

8.3.9 Configuring a Captive Portal Lab

You have been hired by a small hotel to configure how their guests access the internet. You have chosen to use pfSense's captive portal feature. Guests must pass through this portal to access the internet. In this lab, your task is to: > Access the pfSense management console: - Username: admin - Password: P@ssw0rd (zero) > Add a captive portal zone named Guest_WiFi - Use the description Zone used for guest Wi-Fi > Using the GuestWi-Fi interface, configure your portal as follows: - Allow a maximum of 100 concurrent connections. - Disconnect user from the internet if their connection is inactive for 30 minutes. - Disconnect user from the internet after two hours regardless of their activity. - Limit user's download and upload to 8000 and 2500 Kbit/s, respectively. - Force to pass through your portal prior to authentication. > Allow the following MAC and IP address to pass through the portal: - MAC: 00:00:1B:12:34:56 - IP: 198.28.1.100/16 - Give the IP address the description Admin's Laptop Complete this lab as follows: 1. Sign into the pfSense management console. a. In the Username field, enter admin. b. In the Password field, enter P@ssw0rd (zero). c. Select SIGN IN or press Enter. 2. Add a captive portal zone. a. From the pfSense menu bar, select Services > Captive Portal. b. Select Add. c. For Zone name, enter Guest_WiFi. d. For Zone description, enter Zone used for the guest Wi-Fi. e. Select Save & Continue. 3. Enable and configure the captive portal. a. Under Captive Portal Configuration, select Enable. b. For Interfaces, select GuestWi-Fi. c. For Maximum concurrent connections, select 100. d. For Idle timeout, enter 30. e. For Hard timeout, enter 120. f. Scroll down and select Per-user bandwidth restriction. g. For Default download (Kbit/s), enter 8000. h. For Default upload (Kbit/s), enter 2500. i. Under Authentication, use the drop-down menu to select None, don't authenticate users. j. Scroll to the bottom and select Save. 4. Allow a MAC address to pass through the portal. a. From the Captive Portal page, select the Edit Zone icon (pencil). b. Under the Services breadcrumb, select MACs. c. Select Add. d. Make sure the Action field is set to Pass. e. For Mac Address, enter 00:00:1B:12:34:56. f. Select Save. 5. Allow an IP address to pass through the portal. a. Under the Services breadcrumb, select Allowed IP Addresses. b. Select Add. c. For IP Address, enter 198.28.1.100. d. Use the IP address drop-down menu to select 16. This sets the subnet mask to 255.255.0.0. e. For the Description field, enter Admin's Laptop. f. Make sure Direction is set to Both. g. Select Save.


Ensembles d'études connexes

MANAGEMENT OF PATIENTS WITH NEUROLOGICAL TRAUMA ML 7

View Set

PrepU Questions: Oxygenation Exam 2

View Set

SS Lesson Game 2 Answers (To Study)

View Set

General Psychology - Chapter 7: Memory

View Set