Chapter 7 - Wireless LANs II
2d. What does the Wi-Fi Alliance call 802.11i?
Answer: WPA2
18c. Passive RFID chips have no batteries. How can they transmit when queried?
Answer: They use the power of the near field itself to modulate the near field to send information.
4d. What three operational security threats must PSK users consider?
Answer: (1) Change the pre-shared key when a person leaves a company (2) Create a guest account to provide temporary access to outsiders as appropriate. (3) Create a strong pass-phrase
5a. Contrast the use scenarios for initial authentication in PSK mode and 802.1X mode.
Answer: (1) PSK mode for initial authorization is for homes and for small businesses with a single access point. (2) 802.1X mode is for large firms with many access points
10b. How does centralized management provide for the detection of rogue access points?
Answer: (1) By sending SNMP traps when it detects the signal of a nearby unauthorized access point. (2) By asking an access point for the EUI-48 addresses of nearby access points. It can see one if these is not authorized.
9a. Describe the process by which access point locations are determined.
Answer: (1) Determine how far signals should travel to find the radius of service around each access point. (2) Use architecture drawings to lay out 10 meter circles that cover all points in the building. (3) Make adjustments for thick walls, filing cabinets, or other obstructions,
8c. Distinguish between evil twin access points and rogue access points.
Answer: (1) Evil twin access points are typically laptops with software to impersonate a real access point. (2) A rogue access point is an unauthorized access point set up within a firm which typically has poor or no security
14b. Compare the relative benefits of the two types of Classic Bluetooth.
Answer: (1) Extended Data Rate (EDR) @ 3Mbps provides good performance at modest power (2) High Speed (HS) @ 24Mbps provides brief high-speed transfers at modest power ( good form occasional file transfers )
2c. Distinguish between link security and end-to-end security.
Answer: (1) Link security on the link between the wireless client and the wireless access point. (2) End-to-end security all the way between the wireless client and the server on the wired LAN (or a server on the Internet).
18b. How does near field communication differ from normal radio communication? .
Answer: (1) Radio communication - transmits out by producing electromagnetic waves that propagate away ( and do not come back ) (2) Near Field Communication - pulses waves outward a very short distance, then they are reabsorbed back into the antenna ( Waves Surges Out and then Back - in radio they do not surge back )
17a. What is a typical speed, distance, and power consumption for Bluetooth LE slaves?
Answer: (1) Speed - slow (2) Distance - short distances (3) Transmission Frequency - infrequent (4) Power Consumption - low ( 0.01 W to 0.5W ) (5) Connection Openings - terse ( 3ms)
18d. What is the state of NFC standards?
Answer: NFC standards are still in flux. (1) All NFC protocols use transmission in the 13.56 MHz unlicensed service band created and Its technical standards are largely set. (2) However, for applications such as point-of-sale payments, there are competing application standards
1a. Do public hot spots protect your transmissions?
Answer: No
3c. Does the choice of initial authentication mode change how other phases of 802.11i work?
Answer: No.
13b. Is there a single dominant IoT communication standard?
Answer: No. There are several standards.
7c. Do employees who set up rogue access points have malicious motives?
Answer: Not always. sometimes is not malicious, it is just careless
4c. In what ways is the pairwise session key the user receives after authentication different from the PSK?
Answer: Pair wise session keys are different as follows: (1.) they are unshared (2) they will only be used for a single communication session (3) different session key per client
14a. What is a PAN? (Do not just spell out the abbreviation.)
Answer: Personal area network—small groups of devices in a communication bubble around aperson's body or a single desk
4b. What must a user know to authenticate his or her device to the access point?
Answer: Pre-shared key (PSK)
10a. How might a security administrator use SNMP Get commands to access points?
Answer: SNMP Get commands are used to: (1) Increase / decrease power (2) Switch channels (3) Query for Errors (4) Detect Rogue Points (5) Make Other Changes
8b. What does the evil twin do after initial association when the victim client transmits?
Answer: The evil twin decrypts the received frame from the client and reads the message. It then reencrypts the message and sends it to the legitimate access point ( in other words it eavesdrops).
15a. What does it mean that Bluetooth uses one-to-one operation?
Answer: There is are only two devices (1:1) connected per single bluetooth connection. However a device can have multiple bluetooth connections.
14c. Why would you not want to use high-speed Bluetooth all the time?
Answer: Uses too much battery life
8a. What kind of physical device is an evil twin access point?
Answer: Usually a notebook computer
8d. How are VPNs able to defeat evil twin attacks? Explain in detail.
Answer: When using a VPN: (1) the client and server encrypt all communications within a pre-shared VPN key that is never transmitted ( it is pre-shared). (2) When the client transmits it first encrypts its message with the VPN key. (3) The evil twin intercepts the message, but since it never gets the the pre-shared VPN key, it cannot decrypt the message, so it cannot read it.
15c. Can a Bluetooth master have multiple slaves?
Answer: Yes, a master can have up to seven slaves simultaneously.
15d. Can a Bluetooth slave have two masters?
Answer: Yes, a slave may also have up to seven masters.
15b. Is this still true if a master communicates with four slaves simultaneously?
Answer: Yes, communication is always one-to-one
15e. Can a Bluetooth device be both a master and a slave simultaneously?
Answer: Yes.
8e. How can you tell if your client computer has succumbed to an evil twin attack?
Answer: You can't. The attack is transparent to both the client and the access point.
19. How is the access point used in Wi-Fi Direct?
Answer: You do not need Access Points in Wi-Fi direct ( Wi-Fi Direct allows for device-to-device communication, without a centralized network )
20c.What other ad hoc networking protocol is widely used?
Answer: Z-Wave
20d. In what radio band or bands does it operate?
Answer: Z-Wave only operates in the 800/900 MHz ISM bands.
14e. What type of battery do very small Bluetooth LE devices require, and why is this important?
Answer: a small coin battery that is expected to last for a long time, even years.
7a. Who creates a rogue access point?
Answer: an employee or department within a company
4f. How long must passphrases be to generate strong pre-shared keys?
Answer: at least 20 characters long
20a. What kind of network is Zigbee used for?
Answer: network of IoT devices
16b. What Bluetooth profile would you use for a game joystick, based on information in the text?
Answer: the Human Interface Device (HID) Profile ( the same one used for mice and keyboards ).
17b. What are Bluetooth LE advertising messages?
Answer: A brief message sent by a Bluetooth slave announcing: (1) their existence (2) and saying what they can do.
6a. What initial authentication mode does 802.11i use?
Answer: Can use either PSK or 802.1X
20b. Compare the roles of Zigbee controllers, Zigbee end devices, and Zigbee routers. In what radio bands does Zigbee operate?
Answer: (1) Zigbee controller coordinates the network ( every network must have one ) (2) Zigbee end devices are IoT devices such as light switches, light bulbs, thermostats, that communicate via the Zigbee protocol. (3) Zigbee routers enable Zigbee networks to span larger distances by passing data on from other devices. Zigbee operates in two unlicensed bands. One is the familiar 2.4 GHz unlicensed band. Another is the 800/900 MHz unlicensed band.
13a. Why is low speed and short distance good in the Internet of Things?
Answer: "Slow and close" communication extends battery life.
1c. How long did it take her to hack the connection, including reading the tutorial?
Answer: 10 minutes and 54 seconds
2e. When offered the choice when you are configuring a wireless access point, which WLAN security standard should you choose?
Answer: 802.11i/WPA2
5b. Which initial authentication mode or modes of 802.11i authentication use(s) a central authentication server?
Answer: 802.1X
5e. In 802.1X, which is the verifier?
Answer: 802.1X authentication server
5d. In 802.1X operation, what device acts as the authenticator in Wi-Fi?
Answer: 802.1X authenticator.
5c. What does the Wi-Fi Alliance call this 802.11i initial authentication mode?
Answer: 802.1X mode ( or Enterprise Mode )
18a. When two devices communicate using NFC, how close must they be?
Answer: A few inches, but touching is best.
9b. When must firms do site surveys to give users good service?
Answer: After each access point is installed
17c. How do Bluetooth LE beacons differ from basic advertisement messages?
Answer: Beacons are advertising messages that include potentially useful information. For example a beacon could offer a coupon when you enter into store ( coupon data = useful information )
14f. Why do small IoT devices only implement Bluetooth LE?
Answer: Because Classic Bluetooth would drain the battery very quckly
16a. Why would it be nice if Wi-Fi offered a basic printing profile?
Answer: Because a Bluetooth device could print to any compliant printer without having to install a printer driver.
4e. Why is this risk probably acceptable for the PSK use scenario?
Answer: Because it applies to a single individual or small group of people, therefore the risk is lower than in larger organizations.
7b. Why can they defeat 802.11i security?
Answer: Because they are typically configured with no security or poor security.
17d. In general, how do Bluetooth LE profiles differ from Classic Bluetooth profiles?
Answer: Bluetooth LE profiles differ from Classic Bluetooth profiles in the Use Cases of the profiles. For example: (1) In medicine, there are Bluetooth LE profiles for reading glucose meters, and profiles for heart rate monitors. (2) In sports, there are Bluetooth LE profiles for fitness tracking.
6b. Which initial authentication mode is used for message-bymessage encryption, authentication, and message integrity?
Answer: Both PSK or 802.1X. They both offer the same ongoing protection with message-by-message confidentiality, integrity, authentication, regardless of how initial authentication is done.
1d. How can a drive-by hacker defeat a site's border firewall?
Answer: By connecting to an unsecure access point within the site.
2a. What cryptographic protections does 802.11i provide?
Answer: Confidentiality, Integrity, and Authentication (acronym = CIA).
3b. For what use scenario was 802.11i's 802.1X mode created?
Answer: Corporations with many access points ( Enterprise Mode )
21b. Describe the state of cryptographic security for new transmission standards.
Answer: Cryptographic security tends to have security vulnerabilities like relying on short transmission distances to foil eavesdroppers. These vulnerabilities will that take time to discover and protect against.
21a. Why is a short transmission range not a protection against eavesdroppers?
Answer: Eavesdroppers with highly directional antennas and amplifiers can intercept signals over much longer distances.
3a. For what use scenario was 802.11i PSK mode created?
Answer: For homes with a single access router and small businesses with a single access point ( Personal Mode )
4a. For what use scenario was 802.11i PSK mode created?
Answer: For homes with a single access router and small businesses with a single access point ( Personal Mode )
2b. How is this protection limited?
Answer: It does not provide end-to-end security all the way to the server
8f. Why is it important to know that an evil twin attack is transparent?
Answer: It is important to know so that VPNs are used to protect from this type of attack.term-69
10c. Comment on the cost of central access point management.
Answer: It's expensive, but it greatly reduces management labor, so there should be considerable net savings from its use.
14d. What is the benefit of Bluetooth Low Energy?
Answer: Low cost for very brief, low-speed, and infrequent communication
1b. What type of attack did Ms. Davies use?
Answer: Man in the Middle Attack
21c. Why is device theft or loss a serious risk?
Answer: Many of these lost devices contain sensitive corporate information, and may even allow attackers to log into sensitive servers on the corporate network. These devices they are often protected only by brief PINs, if they are protected at all.