9.5.14 Wireless Security
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?
Disable SSID broadcast. Wireless access points are transceivers that transmit and receive information on a wireless network. Each access point has a service set ID (SSID) that identifies the wireless network. By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network. Turn off SSID broadcast to keep a wireless 802.11x network from being automatically discovered. When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network. This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect.
You're replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)
Configure devices to run in infrastructure mode. Install a RADIUS server and use 802.1x authentication.
Which of the following features are supplied by WPA2 on a wireless network?
Encryption Wi-Fi Protected Access (WPA) provides encryption and user authentication for wireless networks.
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do?
Implement a captive portal.
Which of the following do switches and wireless access points use to control access through a device?
MAC address filtering Both switches and wireless access points are Layer 2 devices, meaning they use the MAC address to make forwarding decisions. Both devices typically include some form of security that restricts access based on the MAC address.
Which of the following locations creates the greatest amount of interference for a wireless access point? (Select two.)
Near backup generators Near cordless phones Other wireless transmission devices (such as cordless phones, microwaves, or generators) cause interference for wireless access points.
You want to implement 802.1x authentication on your wireless network. Where would you configure the passwords that will be used for the authentication process?
On a RADIUS server. 802.1x authentication uses usernames and passwords, certificates, or devices (such as smart cards) to authenticate wireless clients. Authentication requests received by the wireless access point are passed to a RADIUS server that validates the logon credentials (such as the username and password).
Your company security policy states that wireless networks are not to be used because of the potential security risk they present. One day you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this?
Rogue access point A rogue access point is an unauthorized access point added to a network or an access point that's configured to mimic a valid access point. Example scenarios include: An attacker or employee with access to the wired network installs a wireless access point on a free port. The access port then provides a method for remotely accessing the network. An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in an on-path attack to connect to the valid wireless access point. An attacker configures a wireless access point in a public location and then monitors the traffic of those who connect to the access point.
Which of the following wireless security methods uses a common shared key that's configured on the wireless access point and all wireless clients?
WEP, WPA Personal, and WPA2 Personal
Which of the following provides security for wireless networks?
WPA Wi-Fi Protected Access (WPA) provides encryption and user authentication for wireless networks. Wired Equivalent Privacy (WEP) also provides security, but WPA is considered more secure than WEP.
